BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
Ransomware Swells Despite Collective Push to Curb Attacks
/in General NewsRapid7 researchers noted over 2,570 attacks in the first half of 2024, equating to around 14 attacks daily. The number of ransomware groups posting on data leak sites surged 67% compared to the previous year.
Cyware News – Latest Cyber News – Read More
Threat Actors Announced Doubleface Ransomware, Claims Fully Undetectable
/in General NewsThreat actors have introduced Doubleface ransomware, claiming it to be fully undetectable by major antivirus software. The ransomware utilizes a unique algorithm with AES-128 and RSA-4096 encryption, making decryption difficult without the right key.
Cyware News – Latest Cyber News – Read More
Abnormal Security Raises $250M on $5.1B Valuation to Enhance AI-Driven Cyber Protection
/in General NewsAbnormal Security, an AI-driven cybersecurity company, has raised $250 million in funding, valuing the company at $5.1 billion. The funding will support their mission of using AI to protect against cybercrime by understanding human behavior.
Cyware News – Latest Cyber News – Read More
Ransomware in 2024: More Attacks, More Leaks, and Increased Sophistication
/in General NewsThe ransomware scourge is still growing and still successful for attackers, Rapid7’s Ransomware Radar Report 2024 shows.
The post Ransomware in 2024: More Attacks, More Leaks, and Increased Sophistication appeared first on SecurityWeek.
SecurityWeek – Read More
Chameleon Malware Now Targeting Employees Masquerading as a CRM app
/in General NewsResearchers have revealed a new tactic used by threat actors behind the Chameleon Android banking trojan, targeting Canadian users with a disguised Customer Relationship Management (CRM) app.
Cyware News – Latest Cyber News – Read More
Secure by Default: What It Means for the Modern Enterprise
/in General NewsWhat does “secure by default” mean for the average company as you implement security systems and protocols?
The post Secure by Default: What It Means for the Modern Enterprise appeared first on SecurityWeek.
SecurityWeek – Read More
North Korean Hackers Leverage Malicious NPM Packages for Initial Access
/in General NewsNorth Korean hackers, identified as Moonstone Sleet, have been distributing malicious JavaScript packages on the npm registry to infect Windows systems. The two packages, harthat-api and harthat-hash, were uploaded on July 7, 2024.
Cyware News – Latest Cyber News – Read More
The Role of AI in Cybersecurity Operations
/in General NewsAI can analyze data quickly, detect patterns of malicious behavior, and automate routine tasks like alert triaging and log analysis. However, human oversight is still necessary to ensure the accuracy and relevance of AI-generated insights.
Cyware News – Latest Cyber News – Read More
New Go-based Backdoor GoGra Targets South Asian Media Organization
/in General NewsAn unnamed media organization in South Asia was targeted in November 20233 using a previously undocumented Go-based backdoor called GoGra.
“GoGra is written in Go and uses the Microsoft Graph API to interact with a command-and-control (C&C) server hosted on Microsoft mail services,” Symantec, part of Broadcom, said in a report shared with The Hacker News.
It’s currently not clear how it’s
The Hacker News – Read More
Dark Reading News Desk Live From Black Hat USA 2024
/in General NewsThe Dark Reading team once again welcomes the world’s top cybersecurity experts to the Dark Reading News Desk live from Black Hat USA 2024. Tune into the livestream.
darkreading – Read More