BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Tycoon 2FA Phishing Kit Exploits Amazon SES to Steal User Credentials
/in General NewsThe attack begins with emails from an Amazon SES client containing empty PDF attachments and a message from Docusign. Despite some checks failing, the emails can still appear legitimate due to the compromised source.
Cyware News – Latest Cyber News – Read More
Cosmic Bomber is like Bomberman multiplayer meets Web3
/in General NewsGame studio nWay has launched the beta for Cosmic Bomber, a casual multiplayer action game that is akin to Bomberman meets Web3.Read More
Security News | VentureBeat – Read More
Australian Companies Will Soon Need to Report Ransom Payments
/in General NewsSignificant upcoming legislation promises to tighten the screws on cyber incident response in Australia, mirroring CIRCIA in the US.
darkreading – Read More
North Koreans Target Devs Worldwide With Spyware, Job Offers
/in General NewsDEV#POPPER is back, looking to deliver a comprehensive, updated infostealer to coding job seekers by way of a savvy social engineering gambit.
darkreading – Read More
AI-Driven Executive Impersonations Emerge As Significant Threat to Business Payment Processes
/in General NewsPost Content
darkreading – Read More
ESET Reveals Latest Cloud-Native Authentication Solution
/in General NewsPost Content
darkreading – Read More
Protect AI Acquires SydeLabs to Red Team Large Language Models
/in General NewsPost Content
darkreading – Read More
Microsoft: Azure DDoS Attack Amplified by Cyber-Defense Error
/in General NewsThe sustained cyberattack, likely made worse by a mitigation snafu, disrupted several Azure cloud services for nearly eight hours on July 30.
darkreading – Read More
What is CrowdStrike? Everything You Need to Know
/in General NewsIn this video, we delve into what CrowdStrike is, how its Falcon software works, and the recent update incident that impacted millions of Windows machines.
Security | TechRepublic – Read More
Siri Bug Enables Data Theft on Locked Apple Devices
/in General NewsMalicious actors could potentially exploit this vulnerability if they gain physical access to a user’s device.
darkreading – Read More