BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
Preparing for the Future of Post-Quantum Cryptography
/in General NewsThe AI boom and increasing popularity of quantum computing necessitates quantum-resilient security.
darkreading – Read More
North Korean Hackers Exploit VPN Update Flaw to Install Malware
/in General NewsNorth Korean hackers exploited a VPN software update flaw to install malware and breach networks, as warned by South Korea’s National Cyber Security Center. The threat groups involved in these activities are Kimsuky (APT43) and Andariel (APT45).
Cyware News – Latest Cyber News – Read More
Fighting Back Against Multi-Staged Ransomware Attacks Crippling Businesses
/in General NewsModern ransomware attacks are multi-staged and highly targeted. First, attackers research the target organization and its employees.
The post Fighting Back Against Multi-Staged Ransomware Attacks Crippling Businesses appeared first on SecurityWeek.
SecurityWeek – Read More
Cyberattacks Still Ravage Schools, Defying White House Efforts Launched Last Year
/in General NewsLast year, the White House launched an initiative to strengthen school cybersecurity, but cyberattacks on schools persist. Private sector resources have been utilized by thousands of school districts to enhance their defenses.
Cyware News – Latest Cyber News – Read More
Rockwell PLC Security Bypass Threatens Manufacturing Processes
/in General NewsA security vulnerability in Rockwell Automation’s ControlLogix 1756 programmable logic controllers, tracked as CVE-2024-6242, could allow tampering with physical processes at plants.
darkreading – Read More
Ransomware Gang Targets IT Workers With New SharpRhino Malware
/in General NewsThe Hunters International ransomware group is using a new C# remote access trojan named SharpRhino to target IT workers and breach corporate networks. It is distributed through a typosquatting site posing as Angry IP Scanner’s website.
Cyware News – Latest Cyber News – Read More
Thousands of Devices Wiped Remotely Following Mobile Guardian Hack
/in General NewsHackers targeted MDM firm Mobile Guardian and remotely wiped thousands of devices, but there is no evidence of data compromise.
The post Thousands of Devices Wiped Remotely Following Mobile Guardian Hack appeared first on SecurityWeek.
SecurityWeek – Read More
Suspicious Minds: Insider Threats in The SaaS World
/in General NewsEveryone loves the double-agent plot twist in a spy movie, but it’s a different story when it comes to securing company data. Whether intentional or unintentional, insider threats are a legitimate concern. According to CSA research, 26% of companies who reported a SaaS security incident were struck by an insider.
The challenge for many is detecting those threats before they lead to full
The Hacker News – Read More
North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry
/in General NewsThe North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript package registry with the aim of infecting Windows systems, underscoring the persistent nature of their campaigns.
The packages in question, harthat-api and harthat-hash, were published on July 7, 2024, according to Datadog Security Labs. Both the libraries did not attract
The Hacker News – Read More
Abnormal Security Raises $250 Million at $5.1 Billion Valuation
/in General NewsEmail security firm Abnormal Security has raised $250 million in a Series D funding round at a $5.1 billion valuation.
The post Abnormal Security Raises $250 Million at $5.1 Billion Valuation appeared first on SecurityWeek.
SecurityWeek – Read More