BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Campcodes Online Hospital Management System 1.0 - SQL Injection
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
- [remote] Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow
- [webapps] WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass
- [local] Microsoft Windows Server 2016 - Win32k Elevation of Privilege
- [remote] Windows 2024.15 - Unauthenticated Desktop Screenshot Capture
US Sanctions Philippine Company for Supporting Crypto Scams
/in General NewsThe US Treasury Department US has slapped sanctions on Funnull Technology for providing support to cryptocurrency investment scams.
The post US Sanctions Philippine Company for Supporting Crypto Scams appeared first on SecurityWeek.
SecurityWeek – Read More
Firebase, Google Apps Script Abused in Fresh Phishing Campaigns
/in General NewsSecurity researchers flag two phishing campaigns abusing Firebase and Google Apps Script to host malware and fake login pages.
The post Firebase, Google Apps Script Abused in Fresh Phishing Campaigns appeared first on SecurityWeek.
SecurityWeek – Read More
CISO Stature Rises, but Security Budgets Remain Tight
/in General NewsThe rate of compensation gains has slowed from the COVID years, and budgets remain largely static due to economic fears, but CISOs are increasingly gaining executive status and responsibilities.
darkreading – Read More
Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin
/in General NewsThe elusive boss of the Trickbot and Conti cybercriminal groups has been known only as “Stern.” Now, German law enforcement has published his alleged identity—and it’s a familiar face.
Security Latest – Read More
Tenable to Acquire AI Security Startup Apex
/in General NewsApex will enhance Tenable’s AI Aware tool by mitigating the threats of AI applications and tools not governed by organizations, while enforcing existing security policies.
darkreading – Read More
China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil
/in General NewsThe China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023.
“The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations,” Trend
The Hacker News – Read More
Australian ransomware victims now must tell the government if they pay up
/in General NewsAustralia is now the first country to require ransomware victims to report if they make any extortion payments to their attackers.
The Record from Recorded Future News – Read More
Victoria’s Secret US Website Restored After Security Incident
/in General NewsVictoria’s Secret website was down due to a ‘security incident’ impacting online and some in-store services. Get the…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
ConnectWise Discloses Suspected State-Sponsored Hack
/in General NewsThe IT software provider says ScreenConnect users were impacted by the attack, which exploited a high-severity ASP.NET vulnerability.
The post ConnectWise Discloses Suspected State-Sponsored Hack appeared first on SecurityWeek.
SecurityWeek – Read More
Chinese Phishing Service Haozi Resurfaces, Fueling Criminal Profits
/in General NewsA Chinese-language PhaaS platform Haozi is making cybercrime easy with no tech skills needed. Discover how this plug-and-play service facilitated over $280,000 in illicit transactions.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More