BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Canadian Eyecare Firm Care1 Exposes 2.2TB of Patient Records
/in General NewsAnother day, another healthcare database misconfiguration exposing sensitive patient information.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Test Your Cyber Skills With the SANS Holiday Hack Challenge
/in General NewsOpen to players of all skill levels, the “Snow-mageddon” cybersecurity competition is set in the world of Santa, elves, and Christmas mayhem.
darkreading – Read More
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
/in General NewsA now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials.
The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to “mysterious unattributed threat”) by Datadog Security Labs, that
The Hacker News – Read More
South Carolina credit union says 240,000 impacted by recent cyberattack
/in General NewsThe credit union filed breach notification documents with regulators in Maine and Texas on Friday acknowledging that it recently detected suspicious activity on its network.
The Record from Recorded Future News – Read More
UnitedHealthcare’s Optum left an AI chatbot, used by employees to ask questions about claims, exposed to the internet
/in General NewsOptum’s AI chatbot was found exposed online at a time when the healthcare giant faces scrutiny for its use of AI to allegedly deny patient claims.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
The New Jersey Drone Mystery May Not Actually Be That Mysterious
/in General NewsA flurry of drone sightings across New Jersey and New York has sparked national intrigue and US government responses. But experts are pouring cold water on America’s hottest new conspiracy theory.
Security Latest – Read More
Serhiy Tokarev Explains Why Health Tech Startups Are Worth Investing In
/in General NewsHealth Tech is booming, projected to grow from $312.92B in 2024 to $981.23B by 2032. Serhiy Tokarev highlights…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Three arrested in Kosovo for operating Rydox cybercriminal marketplace
/in General NewsArdit Kutleshi, 26, and Jetmir Kutleshi, 28, were arrested in Kosovo by local law enforcement on Thursday and U.S. officials submitted a request for extradition through an indictment unsealed in the Western District of Pennsylvania. Another operator was also arrested and is expected to be prosecuted in Kosovo.
The Record from Recorded Future News – Read More
Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection
/in General NewsA security flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages.
The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting the
The Hacker News – Read More
Keeper review: An easy-to-use password manager with top-notch security features
/in General NewsWe went hands-on with Keeper’s password manager, and found that it takes security seriously, using leading encryption technology to protect your sensitive data.
Latest stories for ZDNET in Security – Read More