BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Scope, Scale of Spurious North Korean IT Workers Emerges
/in General NewsMicrosoft warns thousands of North Korean workers have infiltrated tech, manufacturing, and transportation sectors to steal money and data.
darkreading – Read More
We’ve All Been Wrong: Phishing Training Doesn’t Work
/in General NewsTeaching employees to detect malicious emails isn’t really having an impact. What other options do organizations have?
darkreading – Read More
Ransomware Reshaped How Cyber Insurers Perform Security Assessments
/in General NewsCyber insurance companies were forced to adapt once ransomware skyrocketed and highlighted crucial security weaknesses among organizations in all sectors.
darkreading – Read More
Lock down your AT&T account to prevent SIM swapping attacks – here’s how
/in General NewsThe new Wireless Account Lock prevents someone from moving your phone number to a different device.
Latest stories for ZDNET in Security – Read More
DoJ Disrupts North Korean IT Worker Scheme Across Multiple US States
/in General NewsThe US also conducted searches of 29 “laptop farms” across 16 states and seized 29 financial accounts used to launder funds.
darkreading – Read More
Russian bulletproof hosting service Aeza Group sanctioned by US for ransomware work
/in General NewsSupport for ransomware, darknet drug markets and other cybercrime activity landed the Russian company Aeza Group on the U.S. government’s sanctions list, the Treasury Department said.
The Record from Recorded Future News – Read More
Cyberattack on Russian independent media had links to US-sanctioned institute, researchers find
/in General NewsA Russian hosting provider allegedly involved in a recent cyberattack against independent media organizations in the country is reportedly connected to a state-affiliated research center sanctioned by the U.S.
The Record from Recorded Future News – Read More
TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns
/in General NewsCybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader.
Enterprise security firm Proofpoint is tracking the activity associated with TransferLoader to a group dubbed UNK_GreenSec and the RomCom RAT actors under the moniker TA829. The latter is also known by the
The Hacker News – Read More
FBI Warns of Health Insurance Scam Stealing Personal and Medical Data
/in General NewsThe Federal Bureau of Investigation (FBI) has issued a warning about a scam where criminals pretend to be…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Browsers Targeted via Chrome Zero-Day, Malicious Firefox Extensions
/in General NewsSeparate threats to popular browsers highlight the growing security risk for enterprises presented by the original gateway to the Web, which remains an integral tool for corporate users.
darkreading – Read More