BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
SaaS Apps Present an Abbreviated Kill Chain for Attackers
/in General NewsBlack Hat presentation reveals adversaries don’t need to complete all seven stages of a traditional kill chain to achieve their objectives.
darkreading – Read More
US Offering $10 Million Reward for Iranian ICS Hackers
/in General NewsThe US is offering up to $10 million for Iranian individuals accused of hacking water utility industrial control systems last year.
The post US Offering $10 Million Reward for Iranian ICS Hackers appeared first on SecurityWeek.
SecurityWeek – Read More
Ronin Network Hacked, $12 Million Returned by “White Hat” Hackers
/in General NewsRonin Network was hacked, resulting in the withdrawal of $12 million by “white hat” hackers who returned the stolen funds. The hackers exploited an undocumented vulnerability on the Ronin bridge, withdrawing 4,000 ETH and 2 million USDC.
Cyware News – Latest Cyber News – Read More
Automated Security Validation: One (Very Important) Part of a Complete CTEM Framework
/in General NewsThe last few years have seen more than a few new categories of security solutions arise in hopes of stemming a never-ending tidal wave of risks. One of these categories is Automated Security Validation (ASV), which provides the attacker’s perspective of exposures and equips security teams to continuously validate exposures, security measures, and remediation at scale. ASV is an important element
The Hacker News – Read More
Critical AWS Vulnerabilities Allow S3 Attack Bonanza
/in General NewsResearchers at Aqua Security discovered the “Shadow Resource” attack vector and the “Bucket Monopoly” problem, where threat actors can guess the name of S3 buckets based on their public account IDs.
darkreading – Read More
Vulnerabilities Exposed Widely Used Solar Power Systems to Hacking, Disruption
/in General NewsVulnerabilities found in solar power systems could have been exploited by hackers to cause disruption and possibly blackouts.
The post Vulnerabilities Exposed Widely Used Solar Power Systems to Hacking, Disruption appeared first on SecurityWeek.
SecurityWeek – Read More
SEC Ends Probe Into MOVEit Attacks Impacting 95 Million People
/in General NewsThe SEC has closed its investigation into Progress Software’s handling of a zero-day flaw in MOVEit Transfer. Progress Software announced in a recent SEC filing that no enforcement action will be recommended by the Division of Enforcement.
Cyware News – Latest Cyber News – Read More
Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities
/in General NewsMicrosoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the Windows files with older versions.
The vulnerabilities are listed below –
CVE-2024-38202 (CVSS score: 7.3) – Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-21302 (CVSS
The Hacker News – Read More
New Phishing Scam Uses Google Drawings and WhatsApp Shortened Links
/in General NewsCybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information.
“The attackers chose a group of the best-known websites in computing to craft the threat, including Google and WhatsApp to host the attack elements,
The Hacker News – Read More
Researcher Discovers Downgrade Attack Abusing Windows Update Process
/in General NewsA security researcher at SafeBreach demonstrated at the Black Hat 2024 conference that two zero-day vulnerabilities can be exploited in downgrade attacks to revert fully updated Windows systems back to older versions, reintroducing vulnerabilities.
Cyware News – Latest Cyber News – Read More