BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Russian Ransomware Gangs on the Hunt for Pen Testers
/in General NewsIn further proof of the professionalization of Russian cybercriminal groups, ransomware gangs have been posting job ads for security positions such as pen testers, looking to boost their ransomware deployment operations.
darkreading – Read More
Vulnerable Jupyter Servers Targeted for Sports Piracy
/in General NewsMisconfigured instances of JupyterLab and Jupyter Notebook have been targeted by threat actors for sports stream ripping.
The post Vulnerable Jupyter Servers Targeted for Sports Piracy appeared first on SecurityWeek.
SecurityWeek – Read More
Employee Data Compromised in Hacker Attack on Space Technology Firm Maxar
/in General NewsSatellite maker Maxar Space Systems has disclosed a data breach impacting the personal information of its employees.
The post Employee Data Compromised in Hacker Attack on Space Technology Firm Maxar appeared first on SecurityWeek.
SecurityWeek – Read More
YC-backed Formal brings a clever security reverse-proxy out of stealth
/in General NewsFormal is a security startup coming out of stealth on Tuesday with a nice list of investors and an interesting product positioning. The company has designed a reverse-proxy for data stores and APIs so that security teams can more easily secure access to sensitive data. In more practical terms, Formal is a proxy that you […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Salt Typhoon Hits T-Mobile as Part of Telecom Attack Spree
/in General NewsThe company says no sensitive data was stolen, but federal agencies claim otherwise. CISA and FBI sources said attackers accessed all records of specific customers and the private communications of targeted individuals.
darkreading – Read More
Russian Phobos Ransomware Operator Extradited to US
/in General NewsEvgenii Ptitsyn was extradited from South Korea to the US to face charges for his alleged involvement in administering the Phobos ransomware.
The post Russian Phobos Ransomware Operator Extradited to US appeared first on SecurityWeek.
SecurityWeek – Read More
The 6 Best Free Antivirus Software Providers for Mac in 2024
/in General NewsSecurity-conscious Mac users may need more protection than their built-in tools provide. Learn about the extra features and functionality offered by the best free antivirus software providers for Mac in 2024.
Security | TechRepublic – Read More
The Urgent And Critical Need To Prioritize Mobile Security
/in General NewsOrganizations that get serious about mobile risks will reduce business risk and boost trust and confidence in their employees, customers, business partners and investors.
The post The Urgent And Critical Need To Prioritize Mobile Security appeared first on SecurityWeek.
SecurityWeek – Read More
We Can Do Better Than Free Credit Monitoring After a Breach
/in General NewsIndividual companies and entire industries alike must take responsibility for protecting customer data — and doing the right thing when they fail.
darkreading – Read More
Threat Actor Turns Thousands of IoT Devices Into Residential Proxies
/in General NewsA threat actor tracked as Water Barghest has compromised over 20,000 IoT devices and monetizes them as residential proxies.
The post Threat Actor Turns Thousands of IoT Devices Into Residential Proxies appeared first on SecurityWeek.
SecurityWeek – Read More