BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] WebDAV Windows 10 - Remote Code Execution (RCE)
- [local] Microsoft Excel Use After Free - Local Code Execution
- [remote] Windows File Explorer Windows 10 Pro x64 - TAR Extraction
CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits
/in General NewsThe Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests.
The AnyDesk requests claim to be for conducting an audit to assess the “level of security,” CERT-UA added, cautioning organizations to be on the lookout for such social engineering attempts that seek to
The Hacker News – Read More
Ukraine restores state registers after suspected Russian cyberattack
/in General NewsUkraine has restored the infrastructure of its state registers, which were disrupted last month by a major cyberattack believed to have been carried out by Russian military intelligence hackers.
The Record from Recorded Future News – Read More
Belsen Group Leaks 15,000+ FortiGate Firewall Configurations
/in General NewsFortiGate firewall leak exposes 15,000+ configurations, impacting organizations globally. The actor behind the leak is Belsen Group. Learn…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Name That Toon: Incentives
/in General NewsFeeling creative? Have something to say about cybersecurity? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
darkreading – Read More
Washington Man Admits to Role in Multiple Cybercrime, Fraud Schemes
/in General NewsMarco Raquan Honesty has pleaded guilty to his roles in several fraud schemes, including smishing, identity theft, and bank account takeover.
The post Washington Man Admits to Role in Multiple Cybercrime, Fraud Schemes appeared first on SecurityWeek.
SecurityWeek – Read More
Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
/in General NewsNew research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks.
“Internet hosts that accept tunneling packets without verifying the sender’s identity can be hijacked to perform anonymous attacks and provide access to their networks,” Top10VPN said in a study, as part of a collaboration with KU Leuven professor
The Hacker News – Read More
DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection
/in General NewsThe Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks.
The artifacts in question, named Tanzeem (meaning “organization” in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate identical functions, barring minor modifications to the
The Hacker News – Read More
Philippines arrests Chinese national suspected of spying on critical infrastructure
/in General NewsPhilippine authorities have arrested a Chinese national and two Filipino citizens suspected of conducting surveillance on critical infrastructure, including military facilities, the country’s National Bureau of Investigation (NBI) said on Monday.
The Record from Recorded Future News – Read More
US Ban on Automotive Components Could Curb Supply Chain
/in General NewsThe US Department of Commerce will prohibit the import of components for connected vehicles from China or Russia, as the US continues to ban technology it sees as potential national security threats.
darkreading – Read More
Social Media Security Firm Spikerz Raises $7 Million
/in General NewsSocial media security startup Spikerz has raised $7 million in a seed funding round led by Disruptive AI.
The post Social Media Security Firm Spikerz Raises $7 Million appeared first on SecurityWeek.
SecurityWeek – Read More