BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
Some Companies Pay Ransomware Attackers Multiple Times, Survey Finds
/in General NewsSome companies are paying ransomware attackers multiple times, with more than a third not receiving the decryption keys or getting corrupted keys after paying, according to a survey by Semperis.
Cyware News – Latest Cyber News – Read More
Homebrew Security Audit Finds 25 Vulnerabilities
/in General NewsVulnerabilities in Homebrew could have allowed attackers to load executable code and modify binary builds, security audit finds.
The post Homebrew Security Audit Finds 25 Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
The Top 7 NordVPN Alternatives for 2024
/in General NewsIf you’re looking for the best NordVPN alternatives today, Surfshark VPN, Proton VPN and ExpressVPN are among a handful of quality VPNs you should check out.
Security | TechRepublic – Read More
Telegram-Controlled TgRat Trojan Now Targets Linux Servers
/in General NewsTgRat Trojan, previously targeting Windows, now focuses on Linux, using Telegram to control infected machines. Discovered by Dr. Web, this RAT allows cybercriminals to exfiltrate data and execute commands.
Cyware News – Latest Cyber News – Read More
New “Sitting Ducks” DNS Attack Lets Hackers Easy Domain Takeover
/in General NewsDon’t Be a Sitting Duck to this attack!
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
BingoMod Android RAT Wipes Devices After Stealing Money
/in General NewsThe BingoMod Android trojan steals user information and communication and allows attackers to steal money via account takeover.
The post BingoMod Android RAT Wipes Devices After Stealing Money appeared first on SecurityWeek.
SecurityWeek – Read More
BEC Attacks Surge 20% Annually Thanks to AI Tooling
/in General NewsA report by Vipre Security Group, based on data from processing 1.8 billion emails, revealed that 49% of blocked spam emails were BEC attacks, with CEOs, HR, and IT being common targets. The study also found that 40% of BEC attacks were AI-generated.
Cyware News – Latest Cyber News – Read More
A $500 Open-Source Tool Lets Anyone Hack Computer Chips With Lasers
/in General NewsThe RayV Lite will make it hundreds of times cheaper for anyone to carry out physics-bending feats of hardware hacking.
Security Latest – Read More
Security Flaws at UK Elections Agency Left Door Open for Chinese Hackers, Privacy Watchdog Finds
/in General NewsThe UK’s Electoral Commission was criticized by the Information Commissioner’s Office (ICO) for failing to protect the personal data of 40 million people from Chinese hackers in a cyberattack three years ago.
Cyware News – Latest Cyber News – Read More
Microsoft Confirms Azure, 365 Outage Linked to DDoS Attack
/in General NewsMicrosoft confirmed that an eight-hour outage on Tuesday affecting its Azure portal, Microsoft 365, and Microsoft Purview services was caused by a DDoS attack. The company mentioned that its response to the outage may have worsened the impact.
Cyware News – Latest Cyber News – Read More