BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
Chinese Hackers Deliver Malware via ISP-Level DNS Poisoning
/in General NewsChinese group StormBamboo spotted delivering Windows and macOS malware by compromising an ISP and using DNS poisoning.
The post Chinese Hackers Deliver Malware via ISP-Level DNS Poisoning appeared first on SecurityWeek.
SecurityWeek – Read More
How Regional Regulations Shape Global Cybersecurity Culture
/in General NewsUltimately, a more cyber-secure world requires a global governing body to regulate and campaign for cybersecurity, with consistent regulatory requirements in the various regions around the world.
darkreading – Read More
Former NSA Director Paul Nakasone Joins Ballistic Ventures as Strategic Advisor
/in General NewsNakasone will assess the firm’s investments and offer strategic support to portfolio companies in the fight against adversarial advances in the cyber domain.
The post Former NSA Director Paul Nakasone Joins Ballistic Ventures as Strategic Advisor appeared first on SecurityWeek.
SecurityWeek – Read More
Apache OFBiz Users Warned of New and Exploited Vulnerabilities
/in General NewsOrganizations are being warned of a newly discovered Apache OFBiz vulnerability as exploitation of another recent flaw is observed.
The post Apache OFBiz Users Warned of New and Exploited Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
New BlankBot Android Malware Targets Users’ Banking Data
/in General NewsBlankBot, which is still in development, has advanced features like screen recording, keylogging, and remote control, posing a significant threat due to its evasion techniques.
Cyware News – Latest Cyber News – Read More
The Loper Bright Decision: How it Impacts Cybersecurity Law
/in General NewsThe Loper Bright decision has yielded impactful results: the Supreme Court has overturned forty years of administrative law, leading to potential litigation over the interpretation of ambiguous laws previously decided by federal agencies. This article explores key questions for cybersecurity professionals and leaders as we enter a more contentious period of cybersecurity law.
Background
What is
The Hacker News – Read More
New SLUBStick Attack Makes Linux Kernel Vulnerabilities More Dangerous
/in General NewsA new Linux kernel exploitation technique named SLUBStick makes heap vulnerabilities more dangerous.
The post New SLUBStick Attack Makes Linux Kernel Vulnerabilities More Dangerous appeared first on SecurityWeek.
SecurityWeek – Read More
Russia’s ‘Fighting Ursa’ APT Uses Car Ads to Install HeadLace Malware
/in General NewsThe scheme, from the group also known as APT28, involves targeting Eastern European diplomats in need of personal transportation, tempting them with a purported good deal on a Audi Q7 Quattro SUV.
darkreading – Read More
The Top 6 Urban VPN Alternatives for 2024
/in General NewsIf you’re on the hunt for Urban VPN alternatives, check out our in-depth analysis of Proton VPN, TunnelBear and other VPN providers.
Security | TechRepublic – Read More
Enhancing Incident Response Readiness with Wazuh
/in General NewsIncident response is a structured approach to managing and addressing security breaches or cyber-attacks. Security teams must overcome challenges such as timely detection, comprehensive data collection, and coordinated actions to enhance readiness. Improving these areas ensures a swift and effective response, minimizing damage and restoring normal operations quickly.
Challenges in incident
The Hacker News – Read More