BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TightVNC 2.8.83 - Control Pipe Manipulation
- [remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
- [webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
- [local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
Unlock the Future of Cybersecurity: Exclusive, Next Era AI Insights and Cutting-Edge Training at SANS Network Security 2024
/in General NewsThe Immersive Experience Happening This September in Las Vegas!In an era of relentless cybersecurity threats and rapid technological advancement, staying ahead of the curve is not just a necessity, but critical. SANS Institute, the premier global authority in cybersecurity training, is thrilled to announce Network Security 2024, a landmark event designed to empower cybersecurity professionals
The Hacker News – Read More
FBI and CISA Warn of BlackSuit Ransomware That Demands Up to $500 Million
/in General NewsThe ransomware strain known as BlackSuit has demanded as much as $500 million in ransoms to date, with one individual ransom demand hitting $60 million.
That’s according to an updated advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI).
“BlackSuit actors have exhibited a willingness to negotiate payment amounts,” the
The Hacker News – Read More
Critical Security Flaw in WhatsUp Gold Under Active Attack – Patch Now
/in General NewsA critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest.
The vulnerability in question is CVE-2024-4885 (CVSS score: 9.8), an unauthenticated remote code execution bug impacting versions of the network monitoring application released before 2023.1.3.
“The
The Hacker News – Read More
Inside the Dark World of Doxing for Profit
/in General NewsFrom tricking companies into handing over victims’ personal data to offering violence as a service, the online doxing ecosystem is not just still a problem—it’s getting more extreme.
Security Latest – Read More
Hazy Issue in Entra ID Allows Privileged Users to Become Global Admins
/in General NewsInvisible authentication mechanisms in Microsoft allow any attacker to escalate from privileged to super-duper privileged in cloud environments, paving the way for complete takeover.
darkreading – Read More
Monitoring Changes in KEV List Can Guide Security Teams
/in General NewsThe number of additions to the Known Exploited Vulnerabilities catalog is growing quickly, but even silent changes to already-documented flaws can help security teams prioritize.
darkreading – Read More
Nexera DeFi Protocol Hacked: $1.8M Stolen in Major Smart Contract Exploit
/in General NewsLearn how a smart contract vulnerability led to the theft of $1.8 million from Nexera, a DeFi protocol.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Atari Asteroids Hack Sparks Debate on Blockchain Gaming Transparency
/in General NewsAtari’s Asteroids game was exposed as a fake “on-chain” experience. Stackr Labs reveals how the game’s leaderboard was…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
CrowdStrike Will Give Customers Control Over Falcon Sensor Updates
/in General NewsThe security vendor has also implemented several changes to protect against the kind of snafu that crashed 8.5 million Windows computers worldwide last month.
darkreading – Read More
Knostic Wins 2024 Black Hat Startup Spotlight Competition
/in General NewsDuring a “Shark Tank”-like final, each startup’s representative spent five minutes detailing their company and product, with an additional five minutes to take questions from eight judges from Omdia, investment firms, and top companies in cyber.
darkreading – Read More