BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] WebDAV Windows 10 - Remote Code Execution (RCE)
- [local] Microsoft Excel Use After Free - Local Code Execution
- [remote] Windows File Explorer Windows 10 Pro x64 - TAR Extraction
Government offices in North Carolina, Georgia disrupted by cyberattacks
/in General NewsThe city government of Thomasville, North Carolina, and a court district in eastern Georgia are responding to recent intrusions into their networks.
The Record from Recorded Future News – Read More
CBP’s Predator Drone Flights Over LA Are a Dangerous Escalation
/in General NewsCustom and Border Protection flying powerful Predator B drones over Los Angeles further breaks the seal on federal involvement in civilian matters typically handled by state or local authorities.
Security Latest – Read More
Threat Actor Abuses TeamFiltration for Entra ID Account Takeovers
/in General NewsProofpoint researchers discovered a large-scale campaign using the open source penetration-testing framework that has targeted more than 80,000 Microsoft accounts.
darkreading – Read More
Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
/in General NewsCybersecurity researchers are calling attention to a “large-scale campaign” that has been observed compromising legitimate websites with malicious JavaScript injections.
According to Palo Alto Networks Unit 42, these malicious injects are obfuscated using JSFuck, which refers to an “esoteric and educational programming style” that uses only a limited set of characters to write and execute code.
The Hacker News – Read More
CISA warns of SimpleHelp ransomware compromises after string of retail attacks
/in General NewsRansomware gangs leveraged a vulnerability to access unpatched versions of SimpleHelp’s remote monitoring and management tool to disrupt services in double extortion compromises.
The Record from Recorded Future News – Read More
Here’s What Marines and the National Guard Can (and Can’t) Do at LA Protests
/in General NewsPentagon rules sharply limit US Marines and National Guard activity in Los Angeles, prohibiting arrests, surveillance, and other customary police work.
Security Latest – Read More
In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost
/in General NewsNoteworthy stories that might have slipped under the radar: Cloudflare outage not caused by cyberattack, Dutch police identified 126 users of Cracked.io, the Victoria’s Secret cyberattack has cost $10 million.
The post In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost appeared first on SecurityWeek.
SecurityWeek – Read More
Why CISOs Must Align Business Objectives & Cybersecurity
/in General NewsThis alignment makes a successful CISO, but creating the same sentiment across business leadership creates a culture of commitment and greatly contributes to achieving goals.
darkreading – Read More
TeamFiltration Abused in Entra ID Account Takeover Campaign
/in General NewsThreat actors have abused the TeamFiltration pentesting framework to target over 80,000 Entra ID user accounts.
The post TeamFiltration Abused in Entra ID Account Takeover Campaign appeared first on SecurityWeek.
SecurityWeek – Read More
Cyberattacks on Humanitarian Orgs Jump Worldwide
/in General NewsThese groups suffered three times the cyberattacks as the year previous, with DDoS attacks dominating and vulnerability scans and SQL injection also more common.
darkreading – Read More