BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TightVNC 2.8.83 - Control Pipe Manipulation
- [remote] ProSSHD 1.2 20090726 - Denial of Service (DoS)
- [webapps] Laravel Pulse 1.3.1 - Arbitrary Code Injection
- [local] Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
Operation First Light Seizes $257m in Global Scam Bust
/in General NewsPolice forces from 61 countries have collaborated in Operation First Light 2024, led by Interpol, resulting in the arrest of 3,950 suspects and the identification of 14,643 more.
Cyware News – Latest Cyber News – Read More
Critical GitLab Bug Lets Attackers Run Pipelines as Any User
/in General NewsA critical vulnerability has been discovered in certain versions of GitLab Community and Enterprise Edition products. This vulnerability allows an attacker to run pipelines as any user.
Cyware News – Latest Cyber News – Read More
Examining Water Sigbin’s Infection Routine Leading to an XMRig Cryptominer
/in General NewsA sophisticated multi-stage malware campaign by the threat actor “Water Sigbin” (also known as the 8220 Gang) exploits Oracle WebLogic vulnerabilities to deliver a cryptocurrency miner called XMRig.
Cyware News – Latest Cyber News – Read More
MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems
/in General NewsMerkSpy is designed to covertly monitor user activities, capture sensitive information like keystrokes and Chrome login credentials, and exfiltrate the data to the attacker’s server.
Cyware News – Latest Cyber News – Read More
Cybersecurity Veteran Kevin Mandia Named General Partner of Ballistic Ventures
/in General NewsPost Content
darkreading – Read More
Landmark Admin, LLC Provides Notice of Data Privacy Incident
/in General NewsPost Content
darkreading – Read More
The Mount Kisco Surgery Center LLC d/b/a The Ambulatory Surgery Center of Westchester – Notice of Data Security Incident
/in General NewsPost Content
darkreading – Read More
TeamViewer Credits Network Segmentation for Rebuffing APT29 Attack
/in General NewsDespite warnings from Health-ISAC and the NCC Group, the remote access software maker says defense-in-depth kept customers’ data safe from Midnight Blizzard.
darkreading – Read More
CISO Corner: The NYSE & the SEC; Ransomware Negotiation Tips
/in General NewsOur collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps.
darkreading – Read More
Critical GitLab Bug Threatens Software Development Pipelines
/in General NewsThe company is urging users running vulnerable versions to patch CVE-2024-5655 immediately, to avoid CI/CD malfeasance.
darkreading – Read More