BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
- [remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
CISA warns of SimpleHelp ransomware compromises after string of retail attacks
/in General NewsRansomware gangs leveraged a vulnerability to access unpatched versions of SimpleHelp’s remote monitoring and management tool to disrupt services in double extortion compromises.
The Record from Recorded Future News – Read More
Here’s What Marines and the National Guard Can (and Can’t) Do at LA Protests
/in General NewsPentagon rules sharply limit US Marines and National Guard activity in Los Angeles, prohibiting arrests, surveillance, and other customary police work.
Security Latest – Read More
In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost
/in General NewsNoteworthy stories that might have slipped under the radar: Cloudflare outage not caused by cyberattack, Dutch police identified 126 users of Cracked.io, the Victoria’s Secret cyberattack has cost $10 million.
The post In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost appeared first on SecurityWeek.
SecurityWeek – Read More
Why CISOs Must Align Business Objectives & Cybersecurity
/in General NewsThis alignment makes a successful CISO, but creating the same sentiment across business leadership creates a culture of commitment and greatly contributes to achieving goals.
darkreading – Read More
TeamFiltration Abused in Entra ID Account Takeover Campaign
/in General NewsThreat actors have abused the TeamFiltration pentesting framework to target over 80,000 Entra ID user accounts.
The post TeamFiltration Abused in Entra ID Account Takeover Campaign appeared first on SecurityWeek.
SecurityWeek – Read More
Cyberattacks on Humanitarian Orgs Jump Worldwide
/in General NewsThese groups suffered three times the cyberattacks as the year previous, with DDoS attacks dominating and vulnerability scans and SQL injection also more common.
darkreading – Read More
Red team AI now to build safer, smarter models tomorrow
/in General NewsAI models are under attack. Traditional defenses are failing. Discover why red teaming is crucial for thwarting adversarial threats.Read More
Security News | VentureBeat – Read More
Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of an unnamed utility billing software provider.
“This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp
The Hacker News – Read More
Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday
/in General NewsIndustry professionals comment on the Trump administration’s new executive order on cybersecurity.
The post Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday appeared first on SecurityWeek.
SecurityWeek – Read More
SimpleHelp Vulnerability Exploited Against Utility Billing Software Users
/in General NewsCISA warns that vulnerable SimpleHelp RMM instances have been exploited against a utility billing software provider’s customers.
The post SimpleHelp Vulnerability Exploited Against Utility Billing Software Users appeared first on SecurityWeek.
SecurityWeek – Read More