BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] ABB Cylon Aspect Studio 3.08.03 - Binary Planting
- [remote] Windows 2024.15 - Unauthenticated Desktop Screenshot Capture
- [local] Microsoft Windows Server 2016 - Win32k Elevation of Privilege
- [webapps] WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass
- [webapps] Java-springboot-codebase 1.1 - Arbitrary File Read
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow
- [remote] ABB Cylon Aspect 3.08.03 - Guest2Root Privilege Escalation
- [remote] Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability
/in General NewsCitrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions.
The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0
It has been described as a case of improper privilege management that could
The Hacker News – Read More
Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability
/in General NewsMicrosoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild.
The vulnerabilities are listed below –
CVE-2025-21355 (CVSS score: 8.6) – Microsoft Bing Remote Code Execution Vulnerability
CVE-2025-24989 (CVSS score: 8.2) – Microsoft Power Pages Elevation of Privilege Vulnerability
”
The Hacker News – Read More
DOGE Now Has Access to the Top US Cybersecurity Agency
/in General NewsDOGE technologists Edward Coristine—the 19-year-old known online as “Big Balls”—and Kyle Schutt are now listed as staff at the Cybersecurity and Infrastructure Security Agency.
Security Latest – Read More
Australian Critical Infrastructure Faces ‘Acute’ Foreign Threats
/in General NewsThe continent faces “relentless” military espionage, and increased cyber sabotage at the hands of authoritarian regimes, according to a high-ranking intelligence director.
darkreading – Read More
Russian Groups Target Signal Messenger in Spy Campaign
/in General NewsThese sorts of attacks reveal growing adversary interest in secure messaging apps used by high-value targets for communication, Google says.
darkreading – Read More
Insight Partners, VC Giant, Falls to Social Engineering
/in General NewsThe startup incubator and PR firm with holdings in more than 70 cybersecurity firms has announced a data breach with as-yet-unknown effects.
darkreading – Read More
Recent Ghost/Cring ransomware activity prompts alert from FBI, CISA
/in General NewsA ransomware group known as Ghost has been exploiting vulnerabilities in software and firmware as recently as January, according to an alert issued Wednesday by the FBI and Cybersecurity and Infrastructure Security Agency (CISA).
The Record from Recorded Future News – Read More
The head of US AI safety has stepped down. What now?
/in General NewsLarge-scale shifts at US government agencies that monitor AI development are underway. Where does that leave AI regulation?
Latest stories for ZDNET in Security – Read More
Spanish spyware startup Mollitiam Industries shuts down
/in General NewsThe little-known surveillance vendor filed for bankruptcy in January, after years of peddling spyware to countries like Colombia.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
US AI Safety Institute will be ‘gutted,’ Axios reports
/in General NewsSources at NIST are preparing for mass firings that would severely undermine the AI regulator. Here’s what that means.
Latest stories for ZDNET in Security – Read More