BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
The Prevalence of DarkComet in Dynamic DNS
/in General NewsA recent analysis using HYAS Insight threat intelligence revealed a trend in dynamic DNS registrations originating from Turkey in 2024, with DarkComet malware representing over 50% of the malicious domains identified.
Cyware News – Latest Cyber News – Read More
CrowdStrike Reveals Root Cause of Global System Outages
/in General NewsCybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that crippled millions of Windows devices globally.
The “Channel File 291” incident, as originally highlighted in its Preliminary Post Incident Review (PIR), has been traced back to a content validation issue that arose after it introduced a new Template Type to enable
The Hacker News – Read More
Replacement for Action Fraud, UK’s Cybercrime Reporting Service, Delayed Again Until 2025
/in General NewsThe new service, known as the Fraud and Cyber Crime Reporting and Analysis System (FCCRAS), will enhance the reporting process by allowing users to upload additional information like metadata, screenshots, and images.
Cyware News – Latest Cyber News – Read More
Florida Firm Sued Over Theft of 2.9B Personal Records
/in General NewsA class-action lawsuit is brewing over the cyber-heist of 2.9 billion personal records that were stolen from a Florida data broker, Jerico Pictures, doing business as National Public Data, and sold on the dark web.
Cyware News – Latest Cyber News – Read More
CISA Adds Microsoft COM for Windows Bug to its Known Exploited Vulnerabilities Catalog
/in General NewsThe vulnerability, tracked as CVE-2018-0824, arises from the deserialization of untrusted data. Microsoft warns that this flaw could lead to remote code execution if exploited by a specially crafted file or script.
Cyware News – Latest Cyber News – Read More
Police Recover Over $40m Headed to BEC Scammers
/in General NewsA Singaporean commodity firm has had a narrow escape after police managed to intervene to recover nearly all of the $42.3m lost to fraudsters in a business email compromise (BEC) scam.
Cyware News – Latest Cyber News – Read More
Ransomware Attack Cost LoanDepot $27 Million
/in General NewsLoanDepot reported expenses totaling nearly $27 million related to the ransomware attack that came to light in January 2024.
The post Ransomware Attack Cost LoanDepot $27 Million appeared first on SecurityWeek.
SecurityWeek – Read More
Chrome, Firefox Updates Patch Serious Vulnerabilities
/in General NewsA Chrome 127 update patches five vulnerabilities, and Firefox 129 addresses over a dozen security holes.
The post Chrome, Firefox Updates Patch Serious Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Chameleon Android Banking Trojan Targets Users Through Fake CRM App
/in General NewsCybersecurity researchers have lifted the lid on a new technique adopted by threat actors behind the Chameleon Android banking trojan targeting users in Canada by masquerading as a Customer Relationship Management (CRM) app.
“Chameleon was seen masquerading as a CRM app, targeting a Canadian restaurant chain operating internationally,” Dutch security outfit ThreatFabric said in a technical
The Hacker News – Read More
Apple’s New macOS Sequoia Tightens Gatekeeper Controls to Block Unauthorized Software
/in General NewsApple on Tuesday announced an update to its next-generation macOS version that makes it a little more difficult for users to override Gatekeeper protections.
Gatekeeper is a crucial line of defense built into macOS designed to ensure that only trusted apps run on the operating system. When an app is downloaded from outside of the App Store and opened for the first time, it verifies that the
The Hacker News – Read More