BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
New Zyxel Zero-Day Under Attack, No Patch Available
/in General NewsGreyNoise reports active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices. There are no patches available.
The post New Zyxel Zero-Day Under Attack, No Patch Available appeared first on SecurityWeek.
SecurityWeek – Read More
MGM Resorts settles lawsuits after millions of customer records stolen in data breaches
/in General NewsA court filing says 37 million MGM customers had personal data stolen in the cyberattacks.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Oligo Raises $50M to Tackle Application Detection and Response
/in General NewsOligo Security has raised $50 million in Series B funding for its application detection and response (ADR) platform.
The post Oligo Raises $50M to Tackle Application Detection and Response appeared first on SecurityWeek.
SecurityWeek – Read More
Maryland healthcare network forced to shut down IT systems after ransomware attack
/in General NewsFrederick Health Medical Group, which operates a hospital and other healthcare facilities northwest of Baltimore and Washington, D.C., took systems offline in response to a ransomware attack.
The Record from Recorded Future News – Read More
Clutch grabs $20M to build out its non-human security ID platform
/in General NewsWhen it comes to the world of cybersecurity, identity is often thought of as a “perimeter” around an organization. So many breaches begin through techniques like password theft, phishing, and credential stuffing; ergo, securing the identities of not only users, but also applications and machines, is the key to securing the whole system. Easier said […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
The Old Ways of Vendor Risk Management Are No Longer Good Enough
/in General NewsManaging third-party risk in the SaaS era demands a proactive, data-driven approach beyond checkbox compliance.
darkreading – Read More
Top 8 Penetration Testing Tools to Enhance Your Security
/in General NewsPenetration testing is vital in keeping an organization’s digital assets secure. Here are the top picks among the latest pen testing tools and software.
Security | TechRepublic – Read More
Engineering giant Smiths Group says hackers accessed its systems during cyberattack
/in General NewsU.K.-based engineering giant Smiths Group has confirmed a cybersecurity incident involving “unauthorized access” to its systems. The London-listed company, which operates across multiple sectors including energy, security, aerospace and defense, said Tuesday that it is currently “managing” the incident. The company said it isolated affected systems and activated its business continuity plans, implying a disruptive […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Aquabot Botnet Targeting Vulnerable Mitel Phones
/in General NewsThe Mirai-based Aquabot botnet has been targeting a vulnerability in Mitel SIP phones for which a proof-of-concept (PoC) exploit exists.
The post Aquabot Botnet Targeting Vulnerable Mitel Phones appeared first on SecurityWeek.
SecurityWeek – Read More
New SLAP and FLOP CPU Attacks Expose Data From Apple Computers, Phones
/in General NewsNew CPU side-channel attacks named SLAP and FLOP can be exploited to remotely steal data from Apple mobile and desktop devices.
The post New SLAP and FLOP CPU Attacks Expose Data From Apple Computers, Phones appeared first on SecurityWeek.
SecurityWeek – Read More