BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Cybersecurity Funding Reached $9.5 Billion in 2024: Report
/in General NewsCybersecurity firms raised $9.5 billion in over 300 funding rounds in 2024, with Wiz scoring the largest investment at $1 billion.
The post Cybersecurity Funding Reached $9.5 Billion in 2024: Report appeared first on SecurityWeek.
SecurityWeek – Read More
UN aviation agency ICAO confirms its recruitment database was hacked
/in General NewsICAO said that a previously reported data breach involved “approximately 42,000 recruitment application data records from April 2016 to July 2024.”
The Record from Recorded Future News – Read More
Insider Threat: Tackling the Complex Challenges of the Enemy Within
/in General NewsThe insider threat problem will worsen, and the solutions will widen, in the age of generative-AI.
The post Insider Threat: Tackling the Complex Challenges of the Enemy Within appeared first on SecurityWeek.
SecurityWeek – Read More
Scammers Impersonate Authorities to Swipe OTPs with Remote Access Apps
/in General NewsSUMMARY Cybersecurity researchers at Group-IB have discovered a sophisticated refund scam where scammers are using remote access tools…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks
/in General NewsA Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks.
The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States.
The Hacker News – Read More
Chrome 131, Firefox 134 Updates Patch High-Severity Vulnerabilities
/in General NewsChrome and Firefox updates released this week resolve high-severity vulnerabilities in the two popular browsers.
The post Chrome 131, Firefox 134 Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
First Android Update of 2025 Patches Critical Code Execution Vulnerabilities
/in General NewsThis year’s first batch of monthly security updates for Android resolves 36 vulnerabilities, including critical remote code execution flaws.
The post First Android Update of 2025 Patches Critical Code Execution Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
FCC Launches ‘Cyber Trust Mark’ for IoT Devices to Certify Security Compliance
/in General NewsThe U.S. government on Tuesday announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer devices.
“IoT products can be susceptible to a range of security vulnerabilities,” the U.S. Federal Communications Commission (FCC) said. “Under this program, qualifying consumer smart products that meet robust cybersecurity standards will bear
The Hacker News – Read More
Millions of Email Servers Exposed Due to Missing TLS Encryption
/in General NewsMillions of email servers worldwide remain alarmingly vulnerable to cyberattacks due to a critical security oversight: the absence of Transport Layer Security (TLS) encryption.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Critical Vulnerabilities in Moxa Routers Allow Root Privilege Escalation
/in General NewsCritical security vulnerabilities have been found in Moxa cellular routers and network security appliances. Learn about CVE-2024-9138 &…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More