BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Postman Workspaces Leak 30000 API Keys and Sensitive Tokens
/in General NewsThousands of Postman workspaces leaked sensitive data like API keys and tokens. Learn best practices to secure your API development environment and protect your organization
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data
/in General NewsFortinet discovers two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, designed to steal data, capture keystrokes, and gain system control. Learn about their malicious behavior and how to protect yourself
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Clop ransomware gang takes credit for latest mass hack that breached dozens of companies
/in General NewsThe prolific ransomware gang says it hacked at least 66 companies by exploiting a bug in tools made by Cleo Software.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
FBI Blames North Korea for $308M Cryptocurrency Hack as Losses Surge in 2024
/in General NewsThe FBI said the target was tricked into downloading a malicious Python script under the guise of a pre-employment test hosted on GitHub.
The post FBI Blames North Korea for $308M Cryptocurrency Hack as Losses Surge in 2024 appeared first on SecurityWeek.
SecurityWeek – Read More
Too Much ‘Trust,’ Not Enough ‘Verify’
/in General News“Zero trust” doesn’t mean “zero testing.”
darkreading – Read More
DNSSEC Denial-of-Service Attacks Show Technology’s Fragility
/in General NewsThe security extensions for the Domain Name System aimed to make the Internet more reliable, but instead the technology has exchanged one set of problems for another.
darkreading – Read More
These are the cybersecurity stories we were jealous of in 2024
/in General NewsThe very best work from our friends at competing publications.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Trump 2.0 Portends Big Shift in Cybersecurity Policies
/in General NewsChanges at CISA and promises of more public-private partnerships and deregulation are just a few ways the incoming administration could upend the feds’ role in cybersecurity.
darkreading – Read More
2025 NDAA Provides $3 Billion Funding for FCC’s Rip-and-Replace Program
/in General NewsThe 2025 National Defense Authorization Act (NDAA) has been signed into law and it authorizes several cyber-related initiatives.
The post 2025 NDAA Provides $3 Billion Funding for FCC’s Rip-and-Replace Program appeared first on SecurityWeek.
SecurityWeek – Read More
American Addiction Centers Data Breach Impacts 422,000 People
/in General NewsAmerican Addiction Centers says the personal information of more than 422,000 people was stolen in a data breach.
The post American Addiction Centers Data Breach Impacts 422,000 People appeared first on SecurityWeek.
SecurityWeek – Read More