BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
Microsoft 365 Direct Send Abused for Phishing
/in General NewsHackers are abusing the Microsoft 365 Direct Send feature to deliver phishing emails that bypass email security controls.
The post Microsoft 365 Direct Send Abused for Phishing appeared first on SecurityWeek.
SecurityWeek – Read More
‘Cyber Fattah’ Hacktivist Group Leaks Saudi Games Data
/in General NewsAs tensions in the Middle East rise, hacktivist groups are coming out of the woodwork with their own agendas, leading to notable shifts in the hacktivist threat landscape.
darkreading – Read More
How an Email, Crypto Wallet and YouTube Activity Led the FBI to IntelBroker
/in General NewsFBI tracked IntelBroker as UK’s Kai West using an email address, crypto trails, YouTube activity and forum posts after dozens of high-profile data breaches and darknet activity.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
‘IntelBroker’ Suspect Arrested, Charged in High-Profile Breaches
/in General NewsA British national arrested earlier this year in France was charged by the US Department of Justice in connection with a string of major cyberattacks.
darkreading – Read More
Scam compounds labeled a ‘living nightmare’ as Cambodian government accused of turning a blind eye
/in General NewsAmnesty International said it identified dozens of scam compounds in Cambodia, calling the government’s response to the nexus of cybercrime and human trafficking “grossly inadequate.”
The Record from Recorded Future News – Read More
Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks
/in General NewsCybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry (“open-vsx[.]org”) that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk.
“This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full control
The Hacker News – Read More
Homeland Security warns of Iran-backed cyberattacks targeting US networks
/in General NewsDHS said low-level cyberattacks targeting U.S. networks are “likely” in the wake of military conflict between the US and Israel, and Iran.
Security News | TechCrunch – Read More
Bipartisan Bill Aims to Block Chinese AI From Federal Agencies
/in General NewsThe proposal seeks to ban all use of the technology in the U.S. government, with exceptions for use in research and counterterrorism efforts.
The post Bipartisan Bill Aims to Block Chinese AI From Federal Agencies appeared first on SecurityWeek.
SecurityWeek – Read More
US, French authorities confirm arrest of BreachForums hackers
/in General NewsKai West was arrested in France, along with four other hackers, all suspected of being part of the well-known hacking forum, BreachForums.
Security News | TechCrunch – Read More
Microsoft rolls out Windows security changes to prevent another CrowdStrike meltdown
/in General NewsIt’s been almost a year since CrowdStrike crashed Windows PCs and disrupted businesses worldwide. New changes to the Windows security architecture will make those outages less likely and easier to recover from.
Latest stories for ZDNET in Security – Read More