BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
Convinced Russian Cybercriminals Included in Prisoner Swap
/in General NewsTwo Russians serving time for insider trading, computer hacking and credit card theft were released in a prisoner swap deal with Moscow.
The post Convinced Russian Cybercriminals Included in Prisoner Swap appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft Confirms Global Azure Outage Caused by DDoS Attack
/in General NewsRedmond has confirmed the eight-hour Azure outage on July 30 was triggered by a distributed denial-of-service attack, but an “error in the implementation of [their] defenses” exacerbated it.
Security | TechRepublic – Read More
New BingoMod Android Malware Posing as Security Apps, Wipes Data
/in General NewsBeware of BingoMod! This dangerous Android malware steals your money, wipes your phone, and takes control of your…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Inaugural Pentagon Cyber Policy Chief Nominee Sails Through Senate Armed Services Committee
/in General NewsThe Senate Armed Services Committee has approved Michael Sulmeyer, the Army’s top digital adviser, as the inaugural assistant secretary of defense for cyber policy, paving the way for his nomination to the Senate floor for a vote.
Cyware News – Latest Cyber News – Read More
Top 6 Cloud Computing Certifications Worth Taking
/in General NewsCheck out the top cloud computing certifications, which include offerings that focus on AWS and Microsoft Azure.
Security | TechRepublic – Read More
Cyber A.I. Group Announces LOI to Acquire Prominent North American Cybersecurity Firm
/in General NewsMiami, United States, 1st August 2024, CyberNewsWire
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Alex Stamos Named CISO at SentinelOne
/in General NewsLongtime security executive Alex Stamos tapped by SentinelOne to manage its security engineering and operations teams.
The post Alex Stamos Named CISO at SentinelOne appeared first on SecurityWeek.
SecurityWeek – Read More
Innovative Approach Promises Faster Bug Fixes
/in General NewsBirgit Hofer and Thomas Hirsch from TU Graz have developed a new approach to speed up software bug fixes. By identifying bottlenecks in fault localization, they created a scalable solution using NLP and metrics to analyze code for faults.
Cyware News – Latest Cyber News – Read More
DigiCert Mass-Revoking TLS Certificates Due to Domain Validation Bug
/in General NewsDigiCert discovered a bug in how domain ownership was verified, leading to the mass revocation of SSL/TLS certificates. Approximately 0.4% of domain validations conducted between August 2019 and June 2024 are affected.
Cyware News – Latest Cyber News – Read More
Over 1 Million Domains at Risk of ‘Sitting Ducks’ Domain Hijacking Technique
/in General NewsOver a million domains are susceptible to takeover by malicious actors by means of what has been called a Sitting Ducks attack.
The powerful attack vector, which exploits weaknesses in the domain name system (DNS), is being exploited by over a dozen Russian-nexus cybercriminal actors to stealthily hijack domains, a joint analysis published by Infoblox and Eclypsium has revealed.
“In a Sitting
The Hacker News – Read More