BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] WebDAV Windows 10 - Remote Code Execution (RCE)
- [local] Microsoft Excel Use After Free - Local Code Execution
- [remote] Windows File Explorer Windows 10 Pro x64 - TAR Extraction
South Africa’s government-run weather service knocked offline by cyberattack
/in General NewsThe government-run South African Weather Service (SAWS) said its systems went down “following a security breach by criminal elements.”
The Record from Recorded Future News – Read More
FBI Seizes Leading Hacking Forums Cracked.to and Nulled.to
/in General NewsNulled.to and Cracked.to, major hacking forums, appear seized by the FBI as DNS records point to FBI servers.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
OpenAI tailored ChatGPT Gov for government use – here’s what that means
/in General NewsChatGPT will be making its way to federal, state, and local agencies. The new version comes with benefits – and concerns.
Latest stories for ZDNET in Security – Read More
Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers
/in General NewsVulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats.
darkreading – Read More
Observo’s AI-native data pipelines cut noisy telemetry by 70%, strengthening enterprise security
/in General NewsThe reduction in noisy, unstructured telemetry data by Observo can cut enterprise observability costs by up to 50%.Read More
Security News | VentureBeat – Read More
Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks
/in General NewsThe North Korean threat actor known as the Lazarus Group has been observed leveraging a “web-based administrative platform” to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns.
“Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API,” SecurityScorecard’s
The Hacker News – Read More
Mirai Variant ‘Aquabot’ Exploits Mitel Device Flaws
/in General NewsYet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoS-as-a-service model.
darkreading – Read More
New Zyxel Zero-Day Under Attack, No Patch Available
/in General NewsGreyNoise reports active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices. There are no patches available.
The post New Zyxel Zero-Day Under Attack, No Patch Available appeared first on SecurityWeek.
SecurityWeek – Read More
MGM Resorts settles lawsuits after millions of customer records stolen in data breaches
/in General NewsA court filing says 37 million MGM customers had personal data stolen in the cyberattacks.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Oligo Raises $50M to Tackle Application Detection and Response
/in General NewsOligo Security has raised $50 million in Series B funding for its application detection and response (ADR) platform.
The post Oligo Raises $50M to Tackle Application Detection and Response appeared first on SecurityWeek.
SecurityWeek – Read More