BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft
/in General NewsMicrosoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks.
The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials from multiple Microsoft customers.
“Active since at least 2021, Storm-0940 obtains initial access
The Hacker News – Read More
Passkeys are more popular than ever. This research explains why
/in General NewsSome 57% of people surveyed this year for a FIDO Alliance report are aware of passkeys, up from 39% just two years ago.
Latest stories for ZDNET in Security – Read More
Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack
/in General NewsA vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.
Security Latest – Read More
Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets
/in General NewsLottieFiles has confirmed that Lottie-Player has been compromised in a supply chain attack whose goal is cryptocurrency theft.
The post Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns
/in General NewsMicrosoft is further delaying the release of its controversial Recall feature for Windows Copilot+ PCs, stating it’s taking the time to improve the experience.
The development was first reported by The Verge. The artificial intelligence-powered tool was initially slated for a preview release starting in October.
“We are committed to delivering a secure and trusted experience with Recall,” the
The Hacker News – Read More
Bug Bounty Platform Bugcrowd Secures $50 Million in Growth Capital
/in General NewsBugcrowd has secured $50 million in growth capital facility from Silicon Valley Bank for expansion and innovation.
The post Bug Bounty Platform Bugcrowd Secures $50 Million in Growth Capital appeared first on SecurityWeek.
SecurityWeek – Read More
Major Security Update: Chrome Patches Critical Out-of-Bounds Vulnerability
/in General NewsNot too long ago, we discovered a critical security flaw in Firefox. This week, Chrome is addressing fixes for yet more critical vulnerabilities. Google recently patched vulnerabilities in its Chrome browser, one of which was marked as critical, tracked as CVE-2024-10487. The vulnerability allowed remote attackers to perform out-of-bounds memory access via a crafted HTML page.
Source
TechSplicer – Read More
A Step-by-Step Guide to How Threat Hunting Works
/in General NewsStay ahead of cybercrime with proactive threat hunting. Learn how threat hunters identify hidden threats, protect critical systems,…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Facebook Businesses Targeted in Infostealer Phishing Campaign
/in General NewsThe threat actors deceive their victims by impersonating the legal teams of companies, well-known Web stores, and manufacturers.
darkreading – Read More
Cybersecurity Job Market Stagnates, Dissatisfaction Abounds
/in General NewsThe 2024 ISC2 Cybersecurity Workforce Study found that amid a tightening job market and dynamic cyber-threat environment, ongoing staffing and skills shortages are putting organizations at serious risk. Can AI move the needle in defenders’ favor?
darkreading – Read More