BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
- [remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [local] Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
- [remote] FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
How to Implement CMMS Software in Your Organization
/in General NewsLet’s face it: Rolling out new software across an entire organization can feel like herding cats. Between data…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Again and again, NSO Group’s customers keep getting their spyware operations caught
/in General NewsDespite the stealthy nature of spyware, security researchers keep detecting Pegasus spyware attacks in part because of sloppy ‘operational security.’
Security News | TechCrunch – Read More
Signal is in the news and for the wrong reasons, yet again
/in General News“The human is the weakest link in the security chain.” Recent events in Washington have demonstrated this principle cliche with painful clarity. This week, we’ve all witnessed yet another high-profile security breach involving Signal, the messaging app. A senior member of President Trump’s national security team added Jeffrey Goldberg, the editor-in-chief of The Atlantic, to a private Signal…
Source
techsplicer – Read More
Hackers target Taiwan with malware delivered via fake messaging apps
/in General NewsHackers have been targeting users in Taiwan with PJobRAT malware delivered through malicious instant messaging apps, according to new research.
The Record from Recorded Future News – Read More
Microsoft’s passwordless future is here for Outlook, Xbox, 365, and more
/in General NewsMicrosoft’s new sign-in screens push you to finally ditch passwords – here’s how.
Latest stories for ZDNET in Security – Read More
9-Year-Old NPM Crypto Package Hijacked for Information Theft
/in General NewsNearly a dozen crypto packages on NPM, including one published 9 years ago, have been hijacked to deliver infostealers.
The post 9-Year-Old NPM Crypto Package Hijacked for Information Theft appeared first on SecurityWeek.
SecurityWeek – Read More
Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware
/in General NewsAnalysis found that 99% of healthcare organizations are vulnerable to publicly available exploits.
The post Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware appeared first on SecurityWeek.
SecurityWeek – Read More
Mozilla patches Firefox bug ‘exploited in the wild’, similar to bug attacking Chrome
/in General NewsThe bug fix comes days after Google fixed a similar vulnerability under attack in its Chrome browser.
Security News | TechCrunch – Read More
In Other News: Hellcat Hackers Unmasked, CrushFTP Bug Controversy, NYU Hacked
/in General NewsNoteworthy stories that might have slipped under the radar: Key members of Hellcat ransomware group identified, controversy around CrushFTP flaw CVE, NYU website hacked and defaced.
The post In Other News: Hellcat Hackers Unmasked, CrushFTP Bug Controversy, NYU Hacked appeared first on SecurityWeek.
SecurityWeek – Read More
Russian Phishing Uses Fake CIA Sites to Target Anti-war, Ukraine Supporters
/in General NewsThe phishing campaign is highly sophisticated!
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More