BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
- [remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
The Hidden Risks of SaaS: Why Built-In Protections Aren’t Enough for Modern Data Resilience
/in General NewsSaaS Adoption is Skyrocketing, Resilience Hasn’t Kept Pace
SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience.
It doesn’t.
These platforms weren’t built with full-scale data
The Hacker News – Read More
British hacker ‘IntelBroker’ charged in US over spree of company breaches
/in General News“IntelBroker” allegedly hacked dozens of companies around the world and caused over $25 million in damages, the Justice Department said Wednesday.
The Record from Recorded Future News – Read More
You should probably delete any sensitive screenshots you have in your phone right now. Here’s why
/in General NewsA new Trojan malware is targeting sensitive information, including crypto wallet seed phrases.
Latest stories for ZDNET in Security – Read More
BreachForums: ShinyHunters Members Arrested, IntelBroker Identified as Kai West
/in General NewsFour alleged ShinyHunters members arrested, IntelBroker exposed as British national Kai West in global crackdown linked to BreachForums and major data breaches.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
CISA Warns AMI BMC Vulnerability Exploited in the Wild
/in General NewsCISA is urging federal agencies to patch a recent AMI BMC vulnerability and a half-a-decade-old bug in FortiOS by July 17.
The post CISA Warns AMI BMC Vulnerability Exploited in the Wild appeared first on SecurityWeek.
SecurityWeek – Read More
British Man Suspected of Being the Hacker IntelBroker Arrested, Charged
/in General News25-year-old Kai West, believed to be the hacker IntelBroker, was arrested in France and charged by the United States.
The post British Man Suspected of Being the Hacker IntelBroker Arrested, Charged appeared first on SecurityWeek.
SecurityWeek – Read More
Critical Cisco ISE Vulnerabilities Allow Remote Code Execution
/in General NewsTwo critical vulnerabilities in Cisco ISE could allow remote attackers to execute arbitrary code with root privileges.
The post Critical Cisco ISE Vulnerabilities Allow Remote Code Execution appeared first on SecurityWeek.
SecurityWeek – Read More
Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa
/in General NewsCybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open-source and publicly available tools to maintain access.
Palo Alto Networks Unit 42 is tracking the activity under the moniker CL-CRI-1014, where “CL” refers to “cluster” and “CRI” stands for “criminal motivation.”
It’s suspected
The Hacker News – Read More
Protecting Business Data From Unauthorized Encryption Threats
/in General NewsYour business operates in an online environment where unauthorized encryption of data isn’t just possible, it’s probable. The…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The list of vulnerabilities is as follows –
CVE-2024-54085 (CVSS score: 10.0) – An authentication bypass by spoofing
The Hacker News – Read More