BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
Sensitive Illinois Voter Data Exposed by Contractor’s Unsecured Databases
/in General NewsSocial Security numbers, death certificates, voter applications, and other personal information was accessible on the open internet, highlighting the ongoing challenges in election security.
Security Latest – Read More
Disney, Nike, IBM Signatures Anchor 3M Fake Emails a Day
/in General NewsA simple toggle in Proofpoint’s email service allowed for brand impersonation at an industrial scale. It prompts the question: Are secure email gateways (SEGs) secure enough?
darkreading – Read More
In Other News: European Banks Put to Test, Voting DDoS Attacks, Tenable Exploring Sale
/in General NewsNoteworthy stories that might have slipped under the radar: over 100 European banks undergo cyber resilience test, DDoS attacks don’t impact voting, and Tenable exploring a potential sale.
The post In Other News: European Banks Put to Test, Voting DDoS Attacks, Tenable Exploring Sale appeared first on SecurityWeek.
SecurityWeek – Read More
Implementing Identity Continuity With the NIST Cybersecurity Framework
/in General NewsHaving a robust identity continuity plan is not just beneficial but essential for avoiding financially costly and potentially brand-damaging outages.
darkreading – Read More
The European Union’s World-First Artificial Intelligence Rules Are Officially Taking Effect
/in General NewsEU officials say the Artificial Intelligence Act will protect the “fundamental rights” of citizens while also encouraging investment and innovation in the booming AI industry.
The post The European Union’s World-First Artificial Intelligence Rules Are Officially Taking Effect appeared first on SecurityWeek.
SecurityWeek – Read More
Webinar: Discover the All-in-One Cybersecurity Solution for SMBs
/in General NewsIn today’s digital battlefield, small and medium businesses (SMBs) face the same cyber threats as large corporations, but with fewer resources. Managed service providers (MSPs) are struggling to keep up with the demand for protection.
If your current cybersecurity strategy feels like a house of cards – a complex, costly mess of different vendors and tools – it’s time for a change.
Introducing
The Hacker News – Read More
Protect AI Raises $60 Million in Series B Funding
/in General NewsAI and ML security provider Protect AI has raised $60 million in a Series B funding round led by Evolution Equity Partners.
The post Protect AI Raises $60 Million in Series B Funding appeared first on SecurityWeek.
SecurityWeek – Read More
Security Bypass Vulnerability Found in Rockwell Automation Logix Controllers
/in General NewsA high-severity security bypass vulnerability tracked as CVE-2024-6242 has been found and fixed in Rockwell Automation Logix controllers.
The post Security Bypass Vulnerability Found in Rockwell Automation Logix Controllers appeared first on SecurityWeek.
SecurityWeek – Read More
CrowdStrike Investors File Class Action Suit Following Global IT Outage
/in General NewsThe Plymouth County Retirement Association claims the company misrepresented the effectiveness of its software platform and quality control procedures. The lawsuit alleges that CrowdStrike did not adequately test its software.
Cyware News – Latest Cyber News – Read More
StackExchange Abused to Spread Malicious PyPI Packages as Answers
/in General NewsThreat actors used StackExchange to promote malicious PyPi packages, including ‘spl-types,’ ‘raydium,’ ‘sol-structs,’ ‘sol-instruct,’ and ‘raydium-sdk,’ which steal data from browsers, messaging apps, and cryptocurrency wallets.
Cyware News – Latest Cyber News – Read More