BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Thai Court Dismisses Activist’s Suit Against Israeli Spyware Producer Over Lack of Evidence
/in General NewsA Thai court dismissed a lawsuit brought by Jatupat Boonpattararaksa which alleged spyware made by NSO Group was used to hack his phone.
The post Thai Court Dismisses Activist’s Suit Against Israeli Spyware Producer Over Lack of Evidence appeared first on SecurityWeek.
SecurityWeek – Read More
Trustero Secures $10 Million in Funding to Grow AI-Powered Security and Compliance Platform
/in General NewsThe company emerged from stealth mode in March 2022 and has been on a mission to help companies reduce compliance cost and handle time-consuming GRC tasks.
The post Trustero Secures $10 Million in Funding to Grow AI-Powered Security and Compliance Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Cross-Site Scripting Is 2024’s Most Dangerous Software Weakness
/in General NewsMITRE and CISA’s 2024 list of the 25 most dangerous software weaknesses exposes the need for organizations to continue to invest in secure code.
darkreading – Read More
Hackers break into Andrew Tate’s online ‘university,’ steal user data and flood chats with emojis
/in General NewsHackers have breached an online course founded by ostensible influencer and self-described misogynist Andrew Tate, leaking data on close to 800,000 users, including thousands of email addresses and private user chat logs. The Daily Dot, which broke the news Thursday, reported that the hackers accessed the user data, then flooded the online course’s chatroom with […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Endace Establishes Middle East Regional Headquarters in Saudi Arabia
/in General NewsPost Content
darkreading – Read More
Norton Introduces Small Business Premium for Business-Grade Security
/in General NewsPost Content
darkreading – Read More
Study Finds 76% of Cybersecurity Professionals Believe AI Should Be Heavily Regulated
/in General NewsPost Content
darkreading – Read More
Cloud Security Startup Wiz to Acquire Dazz in Risk Management Play
/in General NewsDazz’s remediation engine will boost risk management in Wiz’s cloud security portfolio.
darkreading – Read More
Gambling and lottery giant disrupted by cyberattack, working to bring systems back online
/in General NewsInternational Game Technology (IGT) notified the U.S. Securities and Exchange Commission on Tuesday that it became aware of the cyberattack when it “experienced disruptions in portions of its internal information technology systems and applications” on Sunday.
The Record from Recorded Future News – Read More
Microsoft seizes 240 websites used by Egyptian phishing-as-a-service operation ‘ONNX’
/in General NewsMicrosoft and LF Projects sued Abanoub Nady and four unidentified people for running ONNX, a key player in the phishing-as-a-service industry.
The Record from Recorded Future News – Read More