BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
How Banks Can Adapt to the Rising Threat of Financial Crime
/in General NewsBanking fraud and financial crimes are growing more sophisticated every day. By understanding the threats and building strong collaborations, banks can protect themselves and their clients.
darkreading – Read More
Meta Paid Out Over $2.3 Million in Bug Bounties in 2024
/in General NewsMeta received close to 10,000 vulnerability reports and paid out over $2.3 million in bug bounty rewards in 2024.
The post Meta Paid Out Over $2.3 Million in Bug Bounties in 2024 appeared first on SecurityWeek.
SecurityWeek – Read More
Warning: Tunnel of Love Leads to Scams
/in General NewsRomance-baiting losses were up 40% last year, as more and more pig-butchering efforts crop up in the wild.
darkreading – Read More
Rising Tides: Lesley Carhart on Bridging Enterprise Security and OT—and Improving the Human Condition
/in General NewsIn the latest edition of “Rising Tides” we talk with Lesley Carhart, Technical Director of Incident Response at Dragos.
The post Rising Tides: Lesley Carhart on Bridging Enterprise Security and OT—and Improving the Human Condition appeared first on SecurityWeek.
SecurityWeek – Read More
In Other News: $10,000 YouTube Flaw, Cybereason CEO Sues Investors, New OT Security Tool
/in General NewsNoteworthy stories that might have slipped under the radar: Google pays $10,000 bug bounty for YouTube vulnerability, Cybereason CEO sues two investors, Otorio launches new OT security tool.
The post In Other News: $10,000 YouTube Flaw, Cybereason CEO Sues Investors, New OT Security Tool appeared first on SecurityWeek.
SecurityWeek – Read More
SonicWall Firewall Vulnerability Exploited After PoC Publication
/in General NewsThe exploitation of a recent SonicWall vulnerability has started shortly after proof-of-concept (PoC) code was published.
The post SonicWall Firewall Vulnerability Exploited After PoC Publication appeared first on SecurityWeek.
SecurityWeek – Read More
SGNL Raises $30 Million for Identity Management Solution
/in General NewsIdentity management provider SGNL has raised $30 million in a Series A funding round led by Brightmind Partners.
The post SGNL Raises $30 Million for Identity Management Solution appeared first on SecurityWeek.
SecurityWeek – Read More
Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks
/in General NewsChina-linked APT Salt Typhoon has been exploiting known vulnerabilities in Cisco devices in attacks on telecom providers in the US and abroad.
The post Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks appeared first on SecurityWeek.
SecurityWeek – Read More
New Windows Zero-Day Exploited by Chinese APT: Security Firm
/in General NewsClearSky Cyber Security says it has seen a new Windows zero-day being exploited by a Chinese APT named Mustang Panda.
The post New Windows Zero-Day Exploited by Chinese APT: Security Firm appeared first on SecurityWeek.
SecurityWeek – Read More
Hackers Exploit Palo Alto Firewall Vulnerability Day After Disclosure
/in General NewsAttempts to exploit CVE-2024-0108, an authentication bypass vulnerability in Palo Alto firewalls, started one day after disclosure.
The post Hackers Exploit Palo Alto Firewall Vulnerability Day After Disclosure appeared first on SecurityWeek.
SecurityWeek – Read More