BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
Non-Profit Blood Center OneBlood Recovering from Cripping Ransomware Attack
/in General NewsThe non-profit blood donation service suffered a ransomware attack last week and has requested urgent and emergency blood…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Mullvad vs NordVPN (2024): Which VPN Should You Choose?
/in General NewsWhile Mullvad VPN offers strong privacy and transparency features, NordVPN’s feature-packed service and robust server fleet give it an advantage.
Security | TechRepublic – Read More
Around 20K Ubiquiti IoT Cameras & Routers are Sitting Ducks for Hackers
/in General NewsAround 20,000 Ubiquiti IoT cameras and routers are at risk due to a vulnerability that has been known for five years. Researchers have found that despite patches being available, many devices are still vulnerable.
Cyware News – Latest Cyber News – Read More
Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year
/in General NewsMicrosoft paid out $16.6 million to over 340 security researchers through its bug bounty programs over the past year.
The post Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year appeared first on SecurityWeek.
SecurityWeek – Read More
CrowdStrike and Delta Fight Over Who’s to Blame for the Airline Canceling Thousands of Flights
/in General NewsCrowdStrike and Delta are fighting over who is to blame for the airline canceling thousands of flights following the massive outage.
The post CrowdStrike and Delta Fight Over Who’s to Blame for the Airline Canceling Thousands of Flights appeared first on SecurityWeek.
SecurityWeek – Read More
New Android Spyware LianSpy Evades Detection Using Yandex Cloud
/in General NewsUsers in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021.
Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control (C2) communications as a way to avoid having a dedicated infrastructure and evade detection.
“This threat is
The Hacker News – Read More
Mint Stealer: New MaaS Malware Threatens Confidential Data
/in General NewsA new MaaS malware known as Mint Stealer has emerged, threatening confidential data. This malware, identified by experts from Cyfirma, is designed to steal a wide range of information by employing advanced encryption and obfuscation techniques.
Cyware News – Latest Cyber News – Read More
Researchers Warn of a New Critical Apache OFBiz Flaw
/in General NewsThe vulnerability allows unauthenticated users to execute screen rendering code under certain conditions in versions up to 18.12.14, with version 18.12.15 addressing the issue.
Cyware News – Latest Cyber News – Read More
Google Fixes Android Kernel Zero-Day Exploited in Targeted Attacks
/in General NewsGoogle has patched a zero-day vulnerability in the Android kernel that was being exploited in targeted attacks. The vulnerability, tracked as CVE-2024-36971, allows for arbitrary code execution without user interaction on unpatched devices.
Cyware News – Latest Cyber News – Read More
Google Patches Android Zero-Day Exploited in Targeted Attacks
/in General NewsGoogle has patched CVE-2024-36971, a high-severity kernel zero-day vulnerability in Android that has been exploited in targeted attacks.
The post Google Patches Android Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek.
SecurityWeek – Read More