BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Digital Forensics Firm Cellebrite to Acquire Corellium
/in General NewsCellebrite, a controversial digital forensics firm, is set to acquire virtualization vendor Corellium in a $170 million deal.
darkreading – Read More
Cisco Warns of Credential Vuln on AWS, Azure, Oracle Cloud
/in General NewsThe vulnerability, with a 9.9 CVSS score on a 10-point scale, results in different Cisco ISE deployments all sharing the same credentials as long as the software release and cloud platform remain the same.
darkreading – Read More
Misconfigured HMIs Expose US Water Systems to Anyone with a Browser
/in General NewsCensys researchers follow some clues and find hundreds of control-room dashboards for US water utilities on the public internet.
The post Misconfigured HMIs Expose US Water Systems to Anyone with a Browser appeared first on SecurityWeek.
SecurityWeek – Read More
Ross Ulbricht Got a $31 Million Donation From a Dark Web Dealer, Crypto Tracers Suspect
/in General NewsCrypto-tracing firm Chainalysis says the mysterious 300-bitcoin donation to the pardoned Silk Road creator appears to have come from someone associated with a different defunct black market: AlphaBay.
Security Latest – Read More
Backdoored Malware Reels in Newbie Cybercriminals
/in General NewsSophos researchers found this operation has similarities or connections to many other campaigns targeting GitHub repositories dating back to August 2022.
darkreading – Read More
Unsecured Database Exposes Data of 3.6 Million Passion.io Creators
/in General NewsA massive data leak has put the personal information of over 3.6 million app creators, influencers, and entrepreneurs…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Iran-linked hackers target Kurdish and Iraqi officials in long-running cyberespionage campaign
/in General NewsThe group has been operating since at least 2017, initially breaching systems belonging to the Kurdistan Regional Government and have expanded their reach to the Central Government of Iraq as well as a telecommunications provider in Uzbekistan.
The Record from Recorded Future News – Read More
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials
/in General NewsCybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks.
“Several widely used extensions […] unintentionally transmit sensitive data over simple HTTP,” Yuanjing Guo, a security researcher in the Symantec’s Security Technology and Response
The Hacker News – Read More
Cybercriminals are stealing business Salesforce data with this simple trick – don’t fall for it
/in General NewsThe goal is to steal large amounts of confidential data in an attempt to extort the victims. Here’s how it works.
Latest stories for ZDNET in Security – Read More
Questions Swirl Around ConnectWise Flaw Used in Attacks
/in General NewsConnectWise issued a patch to stave off attacks on ScreenConnect customers, but the company’s disclosures don’t explain what the vulnerability is and when it was first exploited.
darkreading – Read More