BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Campcodes Online Hospital Management System 1.0 - SQL Injection
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
- [remote] Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow
- [webapps] WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass
- [local] Microsoft Windows Server 2016 - Win32k Elevation of Privilege
- [remote] Windows 2024.15 - Unauthenticated Desktop Screenshot Capture
Sanctioned entities fueled $16 billion in cryptocurrency activity last year, report says
/in General NewsThere were billions of dollars’ worth of cryptocurrency transactions in 2024 by entities sanctioned by the United States, say researchers from Chainalysis in a new report.
The Record from Recorded Future News – Read More
Free Diagram Tool Aids Management of Complex ICS/OT Cybersecurity Decisions
/in General NewsAdmeritia has launched Cyber Decision Diagrams, a free tool designed to help organizations manage complex decisions related to ICS/OT cybersecurity.
The post Free Diagram Tool Aids Management of Complex ICS/OT Cybersecurity Decisions appeared first on SecurityWeek.
SecurityWeek – Read More
Lee Enterprises Newspaper Disruptions Caused by Ransomware
/in General NewsLee Enterprises has shared more details on the recent cyberattack, saying the attackers encrypted and stole files.
The post Lee Enterprises Newspaper Disruptions Caused by Ransomware appeared first on SecurityWeek.
SecurityWeek – Read More
Xerox Versalink Printers Vulnerabilities Could Let Hackers Steal Credentials
/in General NewsXerox Versalink printers are vulnerable to pass-back attacks. Rapid7 discovers LDAP & SMB flaws (CVE-2024-12510 & CVE-2024-12511). Update…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying
/in General NewsMandiant warns that multiple Russian APTs are abusing a nifty Signal Messenger feature to surreptitiously spy on encrypted conversations.
The post How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying appeared first on SecurityWeek.
SecurityWeek – Read More
Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack
/in General NewsUsers who are on the lookout for popular games were lured into downloading trojanized installers that led to the deployment of a cryptocurrency miner on compromised Windows hosts.
The large-scale activity has been codenamed StaryDobry by Russian cybersecurity company Kaspersky, which first detected it on December 31, 2024. It lasted for a month.
Targets of the campaign include individuals and
The Hacker News – Read More
A Signal Update Fends Off a Phishing Technique Used in Russian Espionage
/in General NewsGoogle warns that hackers tied to Russia are tricking Ukrainian soldiers with fake QR codes for Signal group invites that let spies steal their messages. Signal has pushed out new safeguards.
Security Latest – Read More
CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The flaws are listed below –
CVE-2025-0108 (CVSS score: 7.8) – An authentication bypass vulnerability in the Palo Alto Networks PAN-OS
The Hacker News – Read More
North Korea’s Kimsuky Taps Trusted Platforms to Attack South Korea
/in General NewsThe campaign heavily uses Dropbox folders and PowerShell scripts to evade detection and quickly scrapped infrastructure components after researchers began poking around.
darkreading – Read More
Xerox Printer Vulnerabilities Enable Credential Capture
/in General NewsAttackers are using patched bugs to potentially gain unfettered access to an organization’s Windows environment under certain conditions.
darkreading – Read More