BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Malware Bypasses Microsoft Defender and 2FA to Steal $24K in Crypto
/in General NewsMalware bypasses Microsoft Defender and 2FA, stealing $24K in cryptocurrency via a fake NFT game app. Learn how…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
400,000 Systems Potentially Exposed to 2023’s Most Exploited Flaws
/in General NewsVulnCheck finds hundreds of thousands of internet-accessible hosts potentially vulnerable to 2023’s top frequently exploited flaws.
The post 400,000 Systems Potentially Exposed to 2023’s Most Exploited Flaws appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft Disrupts ONNX Phishing Service, Names Its Operator
/in General NewsMicrosoft has seized 240 phishing-related websites and has disrupted the ONNX service, which the company says is run by an Egyptian man.
The post Microsoft Disrupts ONNX Phishing Service, Names Its Operator appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft, Meta, and DOJ Disrupt Global Cybercrime and Fraudulent Networks
/in General NewsMeta Platforms, Microsoft, and the U.S. Department of Justice (DoJ) have announced independent actions to tackle cybercrime and disrupt services that enable scams, fraud, and phishing attacks.
To that end, Microsoft’s Digital Crimes Unit (DCU) said it seized 240 fraudulent websites associated with an Egypt-based cybercrime facilitator named Abanoub Nady (aka MRxC0DER and mrxc0derii), who
The Hacker News – Read More
Backup Strategies for Home & Self-Hosted Solutions
/in General NewsAfter setting up your self-hosted environment, establishing a solid backup strategy is important. This guide applies to home backup solutions as well. While the traditional backup rule suggests having three copies on two different media types with one copy offsite, modern storage needs often require a more comprehensive approach. And the number we can debate is not that important.
Source
TechSplicer – Read More
Prompt Security Raises $18 Million for Gen-AI Security Platform
/in General NewsGen-AI security startup Prompt Security has raised $18 million in a Series A funding round led by Jump Capital.
The post Prompt Security Raises $18 Million for Gen-AI Security Platform appeared first on SecurityWeek.
SecurityWeek – Read More
PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries
/in General NewsCybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer.
The packages, named gptplus and claudeai-eng, were uploaded by a user named “Xeroline” in November 2023, attracting
The Hacker News – Read More
Thai Court Dismisses Activist’s Suit Against Israeli Spyware Producer Over Lack of Evidence
/in General NewsA Thai court dismissed a lawsuit brought by Jatupat Boonpattararaksa which alleged spyware made by NSO Group was used to hack his phone.
The post Thai Court Dismisses Activist’s Suit Against Israeli Spyware Producer Over Lack of Evidence appeared first on SecurityWeek.
SecurityWeek – Read More
Trustero Secures $10 Million in Funding to Grow AI-Powered Security and Compliance Platform
/in General NewsThe company emerged from stealth mode in March 2022 and has been on a mission to help companies reduce compliance cost and handle time-consuming GRC tasks.
The post Trustero Secures $10 Million in Funding to Grow AI-Powered Security and Compliance Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Cross-Site Scripting Is 2024’s Most Dangerous Software Weakness
/in General NewsMITRE and CISA’s 2024 list of the 25 most dangerous software weaknesses exposes the need for organizations to continue to invest in secure code.
darkreading – Read More