BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
Black Basta Pivots to Cactus Ransomware Group
/in General NewsThe future of the formerly fearsome cybercriminal group remains uncertain as key members have moved to a new affiliation, in fresh attacks that use novel persistence malware BackConnect.
darkreading – Read More
North Korean Fake IT Workers Pose as Blockchain Developers on GitHub
/in General NewsNorth Korean fake IT workers are creating personas on GitHub to land blockchain developer jobs at US and Japanese firms.
The post North Korean Fake IT Workers Pose as Blockchain Developers on GitHub appeared first on SecurityWeek.
SecurityWeek – Read More
Two Venezuelans Arrested in US for ATM Jackpotting
/in General NewsSeveral Venezuelans have been arrested and charged in the US in recent months for their role in ATM jackpotting schemes.
The post Two Venezuelans Arrested in US for ATM Jackpotting appeared first on SecurityWeek.
SecurityWeek – Read More
Salesforce launches Agentforce 2dx, letting AI run autonomously across enterprise systems
/in General NewsSalesforce’s new Agentforce 2dx enables AI agents to work autonomously across enterprise systems without human prompting, promising significant cost savings and productivity gains for businesses.Read More
Security News | VentureBeat – Read More
Ransomware Group Claims Attack on Tata Technologies
/in General NewsNotorious ransomware group Hunters International threatens to leak 1.4 TB of data allegedly stolen from Tata Technologies.
The post Ransomware Group Claims Attack on Tata Technologies appeared first on SecurityWeek.
SecurityWeek – Read More
Knostic Secures $11 Million to Rein in Enterprise AI Data Leakage, Oversharing
/in General NewsKnostic provides a “need-to-know” filter on the answers generated by enterprise large language models (LLM) tools.
The post Knostic Secures $11 Million to Rein in Enterprise AI Data Leakage, Oversharing appeared first on SecurityWeek.
SecurityWeek – Read More
1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers
/in General NewsNew research shows at least a million inexpensive Android devices—from TV streaming boxes to car infotainment systems—are compromised to allow bad actors to commit ad fraud and other cybercrime.
Security Latest – Read More
Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities
/in General NewsChrome 134 and Firefox 136 are rolling out across desktop and mobile with patches for multiple high-severity vulnerabilities.
The post Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
LinkedIn Phishing Scam: Fake InMail Messages Spreading ConnectWise Trojan
/in General NewsCofense uncovers new LinkedIn phishing scam delivering ConnectWise RAT. Learn how attackers bypass security with fake InMail emails…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
US Sanctions Iranian Administrator of Nemesis Darknet Marketplace
/in General NewsIranian national Behrouz Parsarad sanctioned for running Nemesis, a marketplace used for narcotics trafficking and cybercrime.
The post US Sanctions Iranian Administrator of Nemesis Darknet Marketplace appeared first on SecurityWeek.
SecurityWeek – Read More