BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
Cisco SSM On-Prem Bug Lets Hackers Change Any User’s Password
/in General NewsTracked as CVE-2024-20419, the flaw enables remote attackers to set new passwords without authentication. Admins are advised to upgrade to the fixed release to protect vulnerable servers, as there are no workarounds available.
Cyware News – Latest Cyber News – Read More
Rising Tides: Alyssa Miller on ‘Do Better, be Better’ and ‘See Past the Technology’ to Advance Cybersecurity
/in General NewsMiller has been in cybersecurity for roughly 20 years and is now the CISO of Epiq Global.
The post Rising Tides: Alyssa Miller on ‘Do Better, be Better’ and ‘See Past the Technology’ to Advance Cybersecurity appeared first on SecurityWeek.
SecurityWeek – Read More
Cisco Patches Critical Vulnerabilities in Secure Email Gateway, SSM
/in General NewsCisco has released patches for critical vulnerabilities in Secure Email Gateway and Smart Software Manager On-Prem.
The post Cisco Patches Critical Vulnerabilities in Secure Email Gateway, SSM appeared first on SecurityWeek.
SecurityWeek – Read More
IPVanish vs ExpressVPN (2024): Which VPN Is Better?
/in General NewsWhich VPN is better, IPVanish or ExpressVPN? Use our guide to compare pricing, features and more.
Security | TechRepublic – Read More
Weak Credentials Behind Nearly Half of All Cloud-Based Attacks, Research Finds
/in General NewsCredential mismanagement was the leading cause of cloud-based attacks in the first half of 2024, according to a Google Cloud report. Weak credentials and misconfigurations were responsible for 75% of network intrusions during this period.
Cyware News – Latest Cyber News – Read More
Proton promises that its Scribe AI writing assistant won’t mishandle your data
/in General NewsIf you want to boost your productivity with AI but are concerned about privacy, Proton’s new writing assistant is here to help.
Latest news – Read More
Russia-linked FIN7 Hackers Sell Their Security Evasion Tool to Other Groups on Darknet
/in General NewsRussia-linked cybercriminal group FIN7 sells its security evasion tool, AvNeutralizer, to other criminal gangs on darknet forums. The tool helps hackers bypass threat detection systems on victims’ devices.
Cyware News – Latest Cyber News – Read More
Report: Half of SMEs Unprepared for Cyber-Threats
/in General NewsAccording to a new report by JumpCloud, About 49% of SME IT teams feel they lack resources to defend against cyber-threats, with layoffs affecting nearly half of them. 71% believe budget cuts would increase risk.
Cyware News – Latest Cyber News – Read More
Most GitHub Actions Workflows are Insecure in Some Way
/in General NewsA report by Legit Security highlights concerns around the security posture of the GitHub Actions marketplace, with most custom Actions lacking verification and being maintained by one developer.
Cyware News – Latest Cyber News – Read More
Chinese APT Targets Italian Government Agencies and Companies Using 9002 RAT
/in General NewsThe 9002 RAT malware, used in Operation Aurora in 2009, is a versatile trojan that can monitor network traffic, capture screenshots, and execute commands from a remote server. The malware is constantly updated with new variants to avoid detection.
Cyware News – Latest Cyber News – Read More