BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TightVNC 2.8.83 - Control Pipe Manipulation
- [remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
- [webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
- [local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
Over 380k Hosts Still Referencing Malicious Polyfill Domain: Censys
/in General NewsCensys has discovered more than 380,000 hosts, including major platforms, still referencing the malicious polyfill.io domain.
The post Over 380k Hosts Still Referencing Malicious Polyfill Domain: Censys appeared first on SecurityWeek.
SecurityWeek – Read More
Brazil Data Regulator Bans Meta From Mining Data to Train AI Models
/in General NewsBrazil’s national data protection authority has determined that Meta cannot use data originating in the country to train its artificial intelligence.
The post Brazil Data Regulator Bans Meta From Mining Data to Train AI Models appeared first on SecurityWeek.
SecurityWeek – Read More
300k Affected by Year-Old Data Breach at Florida Community Health Centers
/in General NewsFlorida Community Health Centers says the information of 300,000 individuals was stolen in a June 2023 ransomware attack.
The post 300k Affected by Year-Old Data Breach at Florida Community Health Centers appeared first on SecurityWeek.
SecurityWeek – Read More
Dozens of Arrests Disrupt $2.7m Vishing Gang
/in General NewsThe criminal gang targeted elderly Spanish citizens by posing as bank employees through voice phishing and then showing up unannounced at their homes to collect cards, bank details, and PINs.
Cyware News – Latest Cyber News – Read More
Industry Groups Ask HHS for Guidance on Massive Change Breach Reports
/in General NewsIndustry groups are seeking further clarification on delegation processes and want a clear statement that covered entities without a business associate relationship with Change Healthcare are not obliged to notify patients.
Cyware News – Latest Cyber News – Read More
Cybersecurity M&A Roundup: 29 Deals Announced in June 2024
/in General NewsRoundup of the more than two dozen cybersecurity-related merger and acquisition (M&A) deals announced in June 2024.
The post Cybersecurity M&A Roundup: 29 Deals Announced in June 2024 appeared first on SecurityWeek.
SecurityWeek – Read More
Patelco Credit Union Scrambling to Restore Systems Following Ransomware Attack
/in General NewsPatelco Credit Union shuts down banking systems and suspends electronic operations in response to a ransomware attack.
The post Patelco Credit Union Scrambling to Restore Systems Following Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
PTC Releases Patch for Critical Flaw in Creo Elements/Direct License Server
/in General NewsThe vulnerability, tracked as CVE-2024-6071, affects version 20.7.0.0 and earlier, and allows unauthenticated remote attackers to execute arbitrary OS commands on the server through a web interface.
Cyware News – Latest Cyber News – Read More
APP Fraud Singled Out as Biggest Financial Crime Threat
/in General NewsNearly two-thirds of payments professionals in the UK believe that fraud is the most urgent financial crime threat, with authorized push payment (APP) scams being the top concern, according to a survey by The Payments Association.
Cyware News – Latest Cyber News – Read More
Bitwarden vs KeePass (2024): Battle of the Best – Who Wins?
/in General NewsBitwarden vs KeePass: Who comes out on top? Dive into our 2024 analysis and make the best decision for your security needs!
Security | TechRepublic – Read More