BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
- [remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [local] Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
- [remote] FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
Hackers Could Remotely Control Kia Cars by Exploiting License Plates
/in General NewsA critical vulnerability in Kia vehicles allowed hackers to control cars remotely using only license plates. The flaw…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems From Multiple Vendors
/in General NewsSecurity researchers at Bitsight discovered critical vulnerabilities in Automated Tank Gauge (ATG) systems, including Maglink LX, Maglink LX4, OPW SiteSentinel, Proteus OEL8000, Alisonic Sibylla, and Franklin TS-550.
Cyware News – Latest Cyber News – Read More
Could Security Misconfigurations Become No. 1 in OWASP Top 10?
/in General NewsAs Superman has kryptonite, software has weaknesses — with misconfigurations leading the pack.
darkreading – Read More
Visa to Acquire Fraud Protection Firm Featurespace
/in General NewsIncubated at Cambridge University’s engineering department, Featurespace’s algorithmic-based solutions analyze transaction data to detect fraud cases.
The post Visa to Acquire Fraud Protection Firm Featurespace appeared first on SecurityWeek.
SecurityWeek – Read More
Five Eyes Agencies Release Guidance on Detecting Active Directory Intrusions
/in General NewsFive Eyes cybersecurity agencies have released joint guidance on identifying Active Directory compromises.
The post Five Eyes Agencies Release Guidance on Detecting Active Directory Intrusions appeared first on SecurityWeek.
SecurityWeek – Read More
In Other News: Salt Typhoon Hacks US ISPs, China Doxes Hackers, New Tool for AI Attacks
/in General NewsNoteworthy stories that might have slipped under the radar: China’s Salt Typhoon has hacked US ISPs, China has doxed Taiwanese hackers, and Bishop Fox has a new tool for AI attacks.
The post In Other News: Salt Typhoon Hacks US ISPs, China Doxes Hackers, New Tool for AI Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
US Announces Charges, Sanctions Against Russian Administrator of Carding Website
/in General NewsUS offers up to $10 million for information on Timur Shakhmametov, charging him with running the carding website Joker’s Stash.
The post US Announces Charges, Sanctions Against Russian Administrator of Carding Website appeared first on SecurityWeek.
SecurityWeek RSS Feed – Read More
CISA Warns of Hackers Targeting Industrial Systems Using “Unsophisticated Methods”
/in General NewsThe CISA has issued a warning about hackers using basic techniques to target industrial systems, particularly OT and ICS devices in critical infrastructure, water, and wastewater systems.
Cyware News – Latest Cyber News – Read More
Phishing-as-a-Service Platform Sniper Dz Used to Create 140,000 Phishing Sites in One Year
/in General NewsCybersecurity researchers at Palo Alto Networks’ Unit 42 have discovered a prolific Phishing-as-a-Service platform called Sniper Dz, responsible for creating over 140,000 phishing websites in just one year.
Cyware News – Latest Cyber News – Read More
Sophistication of AI-Backed Operation Targeting Senator Points to Future of Deepfake Schemes
/in General NewsExperts believe schemes like this will become more common now that the technical barriers that once existed around generative artificial intelligence have decreased.
The post Sophistication of AI-Backed Operation Targeting Senator Points to Future of Deepfake Schemes appeared first on SecurityWeek.
SecurityWeek RSS Feed – Read More