BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation
/in General NewsA recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog after reports emerged of active exploitation in the wild.
The vulnerability is a case of authentication bypass that could permit an unauthenticated attacker to take over susceptible instances. It has
The Hacker News – Read More
Threat Actors Setting Up Persistent Access to Hosts Hacked in CrushFTP Attacks
/in General NewsHuntress has shared details on the post-exploitation activities of threat actors targeting the recent CrushFTP vulnerability.
The post Threat Actors Setting Up Persistent Access to Hosts Hacked in CrushFTP Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities
/in General NewsGoogle has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild.
The two high-severity vulnerabilities are listed below –
CVE-2024-53150 (CVSS score: 7.8) – An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure
CVE-2024-53197 (CVSS score: 7.8) – A privilege escalation flaw in the USB sub-component of Kernel
The Hacker News – Read More
Neptune RAT Variant Spreads via YouTube to Steal Windows Passwords
/in General NewsA new Neptune RAT variant is being shared via YouTube and Telegram, targeting Windows users to steal passwords and deliver additional malware components.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
$115 million just poured into this startup that makes engineering 1,000x faster — and Bezos, Altman, and Nvidia are all betting on its success
/in General NewsRescale secures $115 million in Series D funding to accelerate AI physics technology that speeds up engineering simulations by 1000x, backed by tech luminaries including Bezos and Altman.Read More
Security News | VentureBeat – Read More
Google’s Sec-Gemini v1 Takes on Hackers & Outperforms Rivals by 11%
/in General NewsSec-Gemini v1 has access to real-time cybersecurity data from trusted sources including Google Threat Intelligence, Mandiant’s attack reports, and the Open Source Vulnerabilities database.
Security | TechRepublic – Read More
ToddyCat APT Targets ESET Bug to Load Silent Malware
/in General NewsResearchers found the threat actor attempting to use the now-patched flaw to load and execute a malicious dynamic link library on infected systems.
darkreading – Read More
NIST to Implement ‘Deferred’ Status to Dated Vulnerabilities
/in General NewsThe changes will go into effect over the next several days to reflect which CVEs are being prioritized in the National Vulnerability Database (NVD).
darkreading – Read More
PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry
/in General NewsAs PCI DSS 4.0.1 comes into force, it shows the power of industry collaboration in cybersecurity.
The post PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry appeared first on SecurityWeek.
SecurityWeek – Read More
Australian regulator pulls licenses of 95 companies in effort to crack down on investment scams
/in General NewsA federal judge approved the immediate deregistration of 93 of the companies in an order on March 21. Two others will be wound up over time because they have “meaningful” assets.
The Record from Recorded Future News – Read More