BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Kali Linux gets a UI refresh, new tools, and an updated car hacking toolset
/in General NewsThe ever-popular penetration testing Linux distribution is now better refined for ethical hacking, penetration testing, audits, and network research.
Latest stories for ZDNET in Security – Read More
Groq just made Hugging Face way faster — and it’s coming for AWS and Google
/in General NewsGroq challenges AWS and Google with lightning-fast AI inference, exclusive 131k context windows, and new Hugging Face partnership to reach millions of developers.Read More
Security News | VentureBeat – Read More
Malicious Chimera Turns Larcenous on Python Package Index
/in General NewsUnlike typical data-stealing malware, this attack tool targets data specific to corporate and cloud infrastructures in order to execute supply chain attacks.
darkreading – Read More
Anubis Ransomware-as-a-Service Kit Adds Data Wiper
/in General NewsThe threat of wiping files and servers clean gives Anubis affiliates yet another way to leverage ransomware victims who may be hesitant to pay to get their data back, Trend Micro said.
darkreading – Read More
1Password and AWS join forces to secure AI, cloud environments for the enterprise
/in General News1Password signs strategic AWS partnership, quadrupling contract sizes as enterprises demand AI-era security tools to protect unmanaged devices and applications.Read More
Security News | VentureBeat – Read More
US offering $10 million for info on Iranian hackers behind IOControl malware
/in General NewsThe U.S. State Department said it is looking for information on hackers linked to Iran’s Islamic Revolutionary Guard Corps.
The Record from Recorded Future News – Read More
Washington Post Staffer Emails Targeted in Cyber Breach
/in General NewsJournalists’ Microsoft accounts were breached, which would have given attackers access to emails of staff reporters covering national security, economic policy, and China.
darkreading – Read More
U.S. Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network
/in General NewsThe U.S. Department of Justice (DoJ) said it has filed a civil forfeiture complaint in federal court that targets over $7.74 million in cryptocurrency, non-fungible tokens (NFTs), and other digital assets allegedly linked to a global IT worker scheme orchestrated by North Korea.
“For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems to evade U.S.
The Hacker News – Read More
Report Links Los Pollos and RichAds to Malware Traffic Operations
/in General NewsNew research by Infoblox Threat Intel exposes a hidden alliance between major cybercrime groups like VexTrio and seemingly…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
‘Water Curse’ Targets Infosec Pros Via Poisoned GitHub Repositories
/in General NewsThe emerging threat group attacks the supply chain via weaponized repositories posing as legitimate pen-testing suites and other tools that are poisoned with malware.
darkreading – Read More