BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Cybersecurity Job Market Stagnates, Dissatisfaction Abounds
/in General NewsThe 2024 ISC2 Cybersecurity Workforce Study found that amid a tightening job market and dynamic cyber-threat environment, ongoing staffing and skills shortages are putting organizations at serious risk. Can AI move the needle in defenders’ favor?
darkreading – Read More
FBI: Iranian cyber group targeted Summer Olympics with attack on French display provider
/in General NewsThe hacking group’s goal was to “display photo montages denouncing the participation of Israeli athletes in the 2024 Olympic and Paralympic Games,” the FBI said.
The Record from Recorded Future News – Read More
Microsoft delays its troubled AI-powered Recall feature yet again
/in General NewsMicrosoft needs ‘additional time to refine’ Recall. Here’s the new target date for rollout and what else we know.
Latest stories for ZDNET in Security – Read More
Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations
/in General NewsRussian hackers, known as Midnight Blizzard, launch targeted spear-phishing on U.S. officials, exploiting RDP files to gain access to data.
Security | TechRepublic – Read More
Canada Grapples With ‘Second-to-None’ PRC-Backed Threat Actors
/in General NewsChinese APTs lurked in Canadian government networks for five years — and that’s just one among a whole host of threats from Chinese bad actors.
darkreading – Read More
New Xiū gǒu Phishing Kit Hits UK, US, Japan, Australia Across Key Sectors
/in General NewsCybersecurity researchers uncovered the “Xiū gǒu” phishing kit targeting users in the UK, US, Spain, Australia, and Japan.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Shopping scam sprawled across thousands of websites, bilked ‘tens of millions of dollars’
/in General NewsThe crooks hacked legitimate shopping websites and redirected people to fake online shops that sold, but never shipped, hard-to-find items.
The Record from Recorded Future News – Read More
How To Create a Complete GitHub Backup
/in General NewsThe issue of GitHub data protection is increasingly discussed among developers on platforms like Reddit, X, and HackerNews.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Sophos Used Custom Implants to Surveil Chinese Hackers Targeting Firewall Zero-Days
/in General NewsBritish EDR vendor Sophos details a years-long “cat-and-mouse” tussle with sophisticated Chinese government-backed hackers.
The post Sophos Used Custom Implants to Surveil Chinese Hackers Targeting Firewall Zero-Days appeared first on SecurityWeek.
SecurityWeek – Read More
The Case Against Abandoning CrowdStrike Post-Outage
/in General NewsKnee-jerk reactions to major vendor outages could do more harm than good.
darkreading – Read More