BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Apple Confirms ‘Extremely Sophisticated’ Exploit Threatening iOS Security
/in General NewsApple fixes the USB Restricted Mode flaw in iOS 18.3.1 and iPadOS 18.3.1. Vulnerability exploited in targeted attacks.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Drata to Acquire SafeBase in $250 Million Deal
/in General NewsSecurity and compliance automation firm Drata has acquired trust center platform SafeBase in a quarter billion dollar deal.
The post Drata to Acquire SafeBase in $250 Million Deal appeared first on SecurityWeek.
SecurityWeek – Read More
What Is GRC? Understanding Governance, Risk, and Compliance
/in General NewsFind out what GRC stands for, its history, and where it can be used today.
Security | TechRepublic – Read More
GAO Tells Coast Guard to Improve Cybersecurity of Maritime Transportation System
/in General NewsA new GAO report assesses that the Coast Guard needs to improve Maritime Transportation System (MTS) cybersecurity.
The post GAO Tells Coast Guard to Improve Cybersecurity of Maritime Transportation System appeared first on SecurityWeek.
SecurityWeek – Read More
North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack
/in General NewsThe North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them.
“To execute this tactic, the threat actor masquerades as a South Korean government official and over time builds rapport with a target before sending a
The Hacker News – Read More
Cisco Says Ransomware Group’s Leak Related to Old Hack
/in General NewsA fresh post on the Kraken ransomware group’s leak website refers to data stolen in a 2022 cyberattack, Cisco says.
The post Cisco Says Ransomware Group’s Leak Related to Old Hack appeared first on SecurityWeek.
SecurityWeek – Read More
Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities
/in General NewsChipmakers Intel, AMD and Nvidia on Tuesday published new security advisories to inform customers about vulnerabilities found in their products.
The post Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation
/in General NewsMicrosoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild.
Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in its Chromium-based Edge
The Hacker News – Read More
ICS Patch Tuesday: Vulnerabilities Addressed by Schneider Electric, Siemens
/in General NewsIndustrial giants Schneider Electric and Siemens have released February 2025 Patch Tuesday ICS security advisories.
The post ICS Patch Tuesday: Vulnerabilities Addressed by Schneider Electric, Siemens appeared first on SecurityWeek.
SecurityWeek – Read More
Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now
/in General NewsIvanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution.
The list of vulnerabilities is below –
CVE-2024-38657 (CVSS score: 9.1) – External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy
The Hacker News – Read More