BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
AI – Implementing the Right Technology for the Right Use Case
/in General NewsJust like other technologies that have gone before, such as cloud and cybersecurity automation, right now AI lacks maturity.
The post AI – Implementing the Right Technology for the Right Use Case appeared first on SecurityWeek.
SecurityWeek – Read More
China’s Surveillance State Is Selling Citizen Data as a Side Hustle
/in General NewsChinese black market operators are openly recruiting government agency insiders, paying them for access to surveillance data and then reselling it online—no questions asked.
Security Latest – Read More
Exploitation Attempts Target Citrix Session Recording Vulnerabilities
/in General NewsExploitation attempts seen for two recently patched Citrix Session Recording vulnerabilities tracked as CVE-2024-8068 and CVE-2024-8069.
The post Exploitation Attempts Target Citrix Session Recording Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme
/in General NewsFive alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars.
All of the accused parties have been
The Hacker News – Read More
Google’s AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects
/in General NewsGoogle has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library.
“These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets,”
The Hacker News – Read More
NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data
/in General NewsThreat hunters are warning about an updated version of the Python-based NodeStealer that’s now equipped to extract more information from victims’ Facebook Ads Manager accounts and harvest credit card data stored in web browsers.
“They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement,” Netskope Threat Labs researcher
The Hacker News – Read More
US Gathers Allies to Talk AI Safety as Trump’s Vow to Undo Biden’s AI Policy Overshadows Their Work
/in General NewsTrump promised in his presidential campaign platform to “repeal Joe Biden’s dangerous Executive Order that hinders AI Innovation, and imposes Radical Leftwing ideas on the development of this technology.”
The post US Gathers Allies to Talk AI Safety as Trump’s Vow to Undo Biden’s AI Policy Overshadows Their Work appeared first on SecurityWeek.
SecurityWeek – Read More
FBI says BianLian based in Russia, moving from ransomware attacks to extortion
/in General NewsThe ransomware group has drawn scrutiny for attacks on charities like Save The Children as well as healthcare firms like Boston Children’s Health Physicians. On Tuesday, it took credit for an attack on a Canadian healthcare company.
The Record from Recorded Future News – Read More
Phobos ransomware indictment sheds light on long-running, quietly successful scheme
/in General NewsThe document sheds light on a durable cybercrime operation that has drawn serious attention from security researchers and law enforcement agencies, even though it has kept a lower profile than other ransomware gangs.
The Record from Recorded Future News – Read More
It’s Near-Unanimous: AI, ML Make the SOC Better
/in General NewsEfficiency is the name of the game for the security operations center — and 91% of cybersecurity pros say AI and ML are winning that game.
darkreading – Read More