BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] WebDAV Windows 10 - Remote Code Execution (RCE)
- [local] Microsoft Excel Use After Free - Local Code Execution
- [remote] Windows File Explorer Windows 10 Pro x64 - TAR Extraction
Scammers Exploit California Wildfires, Posing as Fire Relief Services
/in General NewsCybercriminals are exploiting the California wildfires by launching phishing scams. Learn how hackers are targeting victims with fake domains and deceptive tactics, and how to protect yourself from these cyber threats.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
7 ways to get more out of your Bitwarden password manager
/in General NewsBitwarden is one of the best password managers on the market, but are you using it effectively? Here are a few tips to ensure you are.
Latest stories for ZDNET in Security – Read More
Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws
/in General NewsCybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network.
According to GuidePoint Security, initial access is said to have been facilitated by means of a JavaScript malware downloaded named
The Hacker News – Read More
Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager
/in General NewsIvanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure.
All the four critical security flaws, rated 9.8 out of 10.0 on the CVSS scale, are rooted in EPM, and concern absolute path traversal flaws that allow a remote unauthenticated
The Hacker News – Read More
Head of US Cybersecurity Agency Says She Hopes It Keeps up Election Work Under Trump
/in General NewsJen Easterly hopes CISA is allowed to continue its election-related work under new leadership despite “contentiousness” around that part of its mission.
The post Head of US Cybersecurity Agency Says She Hopes It Keeps up Election Work Under Trump appeared first on SecurityWeek.
SecurityWeek – Read More
Building resilience with AI threat modeling: Lessons from the Rate Companies
/in General NewsDiscover how AI threat modeling is helping CISOs redefine zero trust in 2025 by combating identity-based attacks.Read More
Security News | VentureBeat – Read More
Attackers Hijack Google Advertiser Accounts to Spread Malware
/in General NewsIt’s an especially brazen form of malvertising, researchers say, striking at the heart of Google’s business; the tech giant says it’s aware of the issue and is working quickly to address the problem.
darkreading – Read More
Governments call for spyware regulations in UN Security Council meeting
/in General NewsSeveral governments participated in a meeting on the proliferation of commercial spyware at the United Nations Security Council.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
OneBlood reports data breach to state regulators after ransomware attack
/in General NewsThe blood donation organization notified regulators that sensitive data was stolen, nearly five months after a ransomware attack hampered its operations.
The Record from Recorded Future News – Read More
FBI Uses Malware’s Own ‘Self-Delete’ Trick to Erase Chinese PlugX From US Computers
/in General NewsLaw enforcement turns the PlugX malware’s own self-delete mechanism against it, nuking the China-linked trojan from thousands of US machines.
The post FBI Uses Malware’s Own ‘Self-Delete’ Trick to Erase Chinese PlugX From US Computers appeared first on SecurityWeek.
SecurityWeek – Read More