BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] WebDAV Windows 10 - Remote Code Execution (RCE)
- [local] Microsoft Excel Use After Free - Local Code Execution
- [remote] Windows File Explorer Windows 10 Pro x64 - TAR Extraction
Details Disclosed for Mercedes-Benz Infotainment Vulnerabilities
/in General NewsKaspersky has disclosed the details of over a dozen vulnerabilities discovered in a Mercedes-Benz MBUX infotainment system.
The post Details Disclosed for Mercedes-Benz Infotainment Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
FCC Taking Action in Response to China’s Telecoms Hacking
/in General NewsThe FCC adopts declaratory ruling requiring telecommunications providers to secure their networks against nation-states and other threats.
The post FCC Taking Action in Response to China’s Telecoms Hacking appeared first on SecurityWeek.
SecurityWeek – Read More
Fintech Bill Pay Platform “Willow Pays” Exposes Over 240,000 Records
/in General NewsSecurity researcher discovers a non-password-protected database containing over 240,000 records belonging to US-based FinTech bill payment platform Willow…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
CISA, FBI Update Software Security Recommendations
/in General NewsCISA and the FBI have updated their guidance regarding risky software security bad practices based on feedback received from the public.
The post CISA, FBI Update Software Security Recommendations appeared first on SecurityWeek.
SecurityWeek – Read More
Telegram-Based “Sneaky 2FA” Phishing Kit Targets Microsoft 365 Accounts
/in General NewsSneaky 2FA: New Phishing-as-a-Service targets Microsoft 365, leveraging sophisticated evasion techniques and a Telegram-based platform to steal credentials.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
TikTok Restores Service for US Users Based on Trump’s Promised Executive Order
/in General NewsTikTok restored service to users in the United States on Sunday just hours after the popular video-sharing platform went dark in response to a federal ban.
The post TikTok Restores Service for US Users Based on Trump’s Promised Executive Order appeared first on SecurityWeek.
SecurityWeek – Read More
Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP
/in General NewsCybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index (PyPI) repository that come with capabilities to steal data and even delete sensitive data from infected systems.
The list of identified packages is below –
@async-mutex/mutex, a typosquat of async-mute (npm)
dexscreener, which masquerades as a library for accessing liquidity pool
The Hacker News – Read More
Hackers Claim Breach of Hewlett Packard Enterprise, Lists Data for Sale
/in General NewsHacker IntelBroker claims to have breached Hewlett Packard Enterprise (HPE), exposing sensitive data like source code, certificates, and…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Employees of failed startups are at special risk of stolen personal data through old Google logins
/in General NewsAs if losing your job when the startup you work for collapses isn’t bad enough, now a security researcher has found that employees at failed startups are at particular risk of having their data stolen. This ranges from their private Slack messages to Social Security numbers and, potentially, bank accounts. The researcher who discovered the […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025
/in General NewsPopular video-sharing social network TikTok has officially gone dark in the United States, 2025, as a federal ban on the app comes into effect on January 19, 2025.
“We regret that a U.S. law banning TikTok will take effect on January 19 and force us to make our services temporarily unavailable,” the company said in a pop-up message. “We’re working to restore our service in the U.S. as soon as
The Hacker News – Read More