BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Serpentine#Cloud Uses Cloudflare Tunnels in Sneak Attacks
/in General NewsAn unidentified threat actor is using .lnk Windows shortcut files in a series of sophisticated attacks utilizing in-memory code execution and living-off-the-land cyberattack strategies.
darkreading – Read More
Critical Vulnerability Patched in Citrix NetScaler
/in General NewsCitrix has released patches for critical- and high-severity vulnerabilities in NetScaler and Secure Access Client and Workspace for Windows.
The post Critical Vulnerability Patched in Citrix NetScaler appeared first on SecurityWeek.
SecurityWeek – Read More
WormGPT Makes a Comeback Using Jailbroken Grok and Mixtral Models
/in General NewsCato CTRL uncovers new WormGPT variants on Telegram powered by jailbroken Grok and Mixtral. Learn how cybercriminals jailbreak top LLMs for uncensored, illegal activities in this latest threat research.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
FedRAMP at Startup Speed: Lessons Learned
/in General NewsFor organizations eyeing the federal market, FedRAMP can feel like a gated fortress. With strict compliance requirements and a notoriously long runway, many companies assume the path to authorization is reserved for the well-resourced enterprise. But that’s changing.
In this post, we break down how fast-moving startups can realistically achieve FedRAMP Moderate authorization without derailing
The Hacker News – Read More
Mitigating AI Threats: Bridging the Gap Between AI and Legacy Security
/in General NewsAdopting a layered defense strategy that includes human-centric tools and updating security components.
The post Mitigating AI Threats: Bridging the Gap Between AI and Legacy Security appeared first on SecurityWeek.
SecurityWeek – Read More
OpenAI to Help DoD With Cyber Defense Under New $200 Million Contract
/in General NewsOpenAI has been awarded a $200 million contract for AI capabilities to help the Defense Department address national security challenges.
The post OpenAI to Help DoD With Cyber Defense Under New $200 Million Contract appeared first on SecurityWeek.
SecurityWeek – Read More
Chrome 137 Update Patches High-Severity Vulnerabilities
/in General NewsGoogle has released a Chrome 137 update to resolve two memory bugs in the browser’s V8 and Profiler components.
The post Chrome 137 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Products
/in General NewsVeeam and BeyondTrust have resolved several vulnerabilities that could be exploited for remote code execution.
The post Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Products appeared first on SecurityWeek.
SecurityWeek – Read More
CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed a security flaw impacting the Linux kernel in its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild.
The vulnerability, CVE-2023-0386 (CVSS score: 7.8), is an improper ownership bug in the Linux kernel that could be exploited to escalate privileges on susceptible
The Hacker News – Read More
Data Breach at Healthcare Services Firm Episource Impacts 5.4 Million People
/in General NewsHackers have stolen personal and health information belonging to the customers of healthcare organizations served by Episource.
The post Data Breach at Healthcare Services Firm Episource Impacts 5.4 Million People appeared first on SecurityWeek.
SecurityWeek – Read More