BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
Researchers Uncover Lazarus Group Admin Layer for C2 Servers
/in General NewsThe threat actor is using a sophisticated network of VPNs and proxies to centrally manage command and control servers from Pyongyang.
darkreading – Read More
Hackers are hijacking WordPress sites to push Windows and Mac malware
/in General NewsA cybersecurity company says hackers are pushing Mac and Windows malware through sites that are using outdated versions of WordPress.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
DeepSeek Chatbot Beats OpenAI on App Store Leaderboard
/in General NewsThe Chinese firm said training the model cost just $5.6 million. Alibaba Cloud followed with a new generative AI model, while Microsoft alleges DeepSeek ‘distilled’ OpenAI’s work.
Security | TechRepublic – Read More
South Africa’s government-run weather service knocked offline by cyberattack
/in General NewsThe government-run South African Weather Service (SAWS) said its systems went down “following a security breach by criminal elements.”
The Record from Recorded Future News – Read More
FBI Seizes Leading Hacking Forums Cracked.to and Nulled.to
/in General NewsNulled.to and Cracked.to, major hacking forums, appear seized by the FBI as DNS records point to FBI servers.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
OpenAI tailored ChatGPT Gov for government use – here’s what that means
/in General NewsChatGPT will be making its way to federal, state, and local agencies. The new version comes with benefits – and concerns.
Latest stories for ZDNET in Security – Read More
Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers
/in General NewsVulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats.
darkreading – Read More
Observo’s AI-native data pipelines cut noisy telemetry by 70%, strengthening enterprise security
/in General NewsThe reduction in noisy, unstructured telemetry data by Observo can cut enterprise observability costs by up to 50%.Read More
Security News | VentureBeat – Read More
Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks
/in General NewsThe North Korean threat actor known as the Lazarus Group has been observed leveraging a “web-based administrative platform” to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns.
“Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API,” SecurityScorecard’s
The Hacker News – Read More
Mirai Variant ‘Aquabot’ Exploits Mitel Device Flaws
/in General NewsYet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoS-as-a-service model.
darkreading – Read More