BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
New Cyber Blueprint Aims to Guide Organizations on AI Journey
/in General NewsDeloitte’s new blueprint looks to bridge the gap between the massive push for AI adoption and a lack of preparedness among leaders and employees.
darkreading – Read More
Two new pro-Russian hacktivist groups target Ukraine, recruit insiders
/in General NewsGroups calling themselves IT Army of Russia and TwoNet are newly active on Telegram, coordinating operations and seeking new members, researchers at Intel 471 said.
The Record from Recorded Future News – Read More
Microsoft shuts down 3,000 email accounts created by North Korean IT workers
/in General NewsMicrosoft said it has spent years monitoring North Korea’s campaign to get its citizens hired in IT roles at U.S. companies and recently saw changes in how the campaign operates.
The Record from Recorded Future News – Read More
Interpol identifies West Africa as potential new hotspot for cybercrime compounds
/in General NewsInterpol said it analyzed five years of data about the illicit industry, which relies on human trafficking to staff up centers with people who are forced to conduct investment fraud, romance scams and other schemes.
The Record from Recorded Future News – Read More
Ransomware gang Hunters International says it’s shutting down
/in General NewsThe cybercriminal group, which said it’s releasing its decryption tools to victims, may be transitioning to new infrastructure under a different name.
Security News | TechCrunch – Read More
Dark Web Vendors Shift to Third Parties, Supply Chains
/in General NewsAs attacks on software supply chains and third parties increase, more data on critical software and infrastructure services is being advertised and sold on the Dark Web.
darkreading – Read More
Russia jails man for 16 years over pro-Ukraine cyberattacks on critical infrastructure
/in General NewsRussian authorities said the man used malware to attack Russian information systems in 2022, blocking access to websites of several local companies and damaging critical infrastructure.
The Record from Recorded Future News – Read More
Hunters International ransomware group claims to be shutting down
/in General News“After careful consideration and in light of recent developments, we have decided to close the Hunters International project,” the prolific cybercrime gang wrote on its darknet site.
The Record from Recorded Future News – Read More
Attackers Impersonate Top Brands in Callback Phishing
/in General NewsMicrosoft, PayPal, Docusign, and others are among the trusted brands threat actors use in socially engineered scams that try to get victims to call adversary-controlled phone numbers.
darkreading – Read More
IDE Extensions Pose Hidden Risks to Software Supply Chain
/in General NewsMalicious extensions can be engineered to bypass verification checks for popular integrated development environments, according to research from OX Security.
darkreading – Read More