BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
UK Arrests Suspected Scattered Spider Hacker Linked to MGM Attack
/in General NewsA 17-year-old boy from Walsall has been arrested by UK police for his involvement in the 2023 MGM Resorts ransomware attack, connected to the Scattered Spider hacking group. The arrest was made with assistance from the NCA and the FBI.
Cyware News – Latest Cyber News – Read More
Analyzing Container Escape Techniques in Cloud Environments
/in General NewsWhile containers offer efficiency, they are vulnerable to attacks exploiting misconfigurations. Attackers can execute code or escalate privileges, endangering organizational security.
Cyware News – Latest Cyber News – Read More
US Sanctions Two Members of Russian ‘Cyber Army’ Hacktivist Group
/in General NewsThe U.S. sanctioned two members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR) for carrying out cyber operations against critical U.S. infrastructure. CARR has launched low-impact DDoS attacks in Ukraine and its allies since 2022.
Cyware News – Latest Cyber News – Read More
CrowdStrike Incident Leveraged for Malware Delivery, Phishing, Scams
/in General NewsThe major IT outage caused by CrowdStrike is being leveraged by threat actors for phishing, scams, and malware delivery.
The post CrowdStrike Incident Leveraged for Malware Delivery, Phishing, Scams appeared first on SecurityWeek.
SecurityWeek – Read More
Attackers Abuse Swap File to Steal Credit Cards
/in General NewsAttackers recently abused the swap file in a Magento e-commerce site to steal credit card information. Despite multiple cleanup attempts, the malware persisted until analysts discovered it.
Cyware News – Latest Cyber News – Read More
SocGholish Malware Exploits BOINC Project for Covert Cyberattacks
/in General NewsThe JavaScript downloader malware known as SocGholish (aka FakeUpdates) is being used to deliver a remote access trojan called AsyncRAT as well as a legitimate open-source project called BOINC.
BOINC, short for Berkeley Open Infrastructure Network Computing Client, is an open-source “volunteer computing” platform maintained by the University of California with an aim to carry out “large-scale
The Hacker News – Read More
Fake CrowdStrike Fixes Target Companies With Malware, Data Wipers
/in General NewsMalicious campaigns have emerged, including one targeting BBVA bank customers with a fake CrowdStrike Hotfix that installs remote access tools. Another attack involves a data wiper distributed under the guise of a CrowdStrike update.
Cyware News – Latest Cyber News – Read More
China Claims Volt Typhoon was a False Flag Inside Job Conspiracy
/in General NewsBeijing has claimed that the Volt Typhoon attack gang, accused by Five Eyes nations of being a Beijing-backed threat to critical infrastructure, was actually fabricated by the US intelligence community.
Cyware News – Latest Cyber News – Read More
CISA Says Malicious Hackers are ‘Taking Advantage’ of CrowdStrike Outage
/in General NewsThe U.S. cybersecurity agency CISA warned against clicking on suspicious links to prevent email compromise. Cybercriminals are already impersonating CrowdStrike in phishing emails, asking for payment to “fix the CrowdStrike apocalypse.”
Cyware News – Latest Cyber News – Read More
Under-Resourced Maintainers Pose Risk to Africa’s Open Source Push
/in General NewsMany nations see open source software as a great equalizer, giving the Global South the tools necessary for sustainable development. But recent supply chain attacks highlight the need for security.
darkreading – Read More