BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
Realm: Open-Source Adversary Emulation Framework
/in General NewsRealm is an open-source adversary emulation framework focused on scalability, reliability, and automation. It features a custom interpreter in Rust, enabling the creation of complex TTPs as code.
Cyware News – Latest Cyber News – Read More
Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer
/in General NewsAn advanced persistent threat (APT) group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida.
Cybersecurity firm Trend Micro, which observed the activity in mid-May 2024, the vulnerability – tracked as CVE-2024-38112 – was used as part of a multi-stage attack
The Hacker News – Read More
Three reasons why gamers should be paying close attention to Apple
/in General NewsThe new Game Mode feature turns iPhones and iPads into veritable gaming handhelds, and many new titles look to be coming soon.
Latest news – Read More
Cloudflare reports almost 7% of internet traffic is malicious
/in General NewsFortunately, there are things you can do to help protect yourself and your websites.
Latest news – Read More
Kaspersky Leaving US Following Government Ban
/in General NewsKaspersky is shutting down operations in the US and laying off employees following the recent Commerce Department ban.
The post Kaspersky Leaving US Following Government Ban appeared first on SecurityWeek.
SecurityWeek – Read More
Risk Related to Non-Human Identities: Believe the Hype, Reject the FUD
/in General NewsThe hype surrounding non-human identities (NHIs) has recently increased due to the risk they pose, with breaches causing fear, uncertainty, and doubt. With NHIs outnumbering human identities, the associated risks need to be addressed.
Cyware News – Latest Cyber News – Read More
Report: Hackers Use PoC Exploits in Attacks 22 Minutes After Release
/in General NewsThreat actors rapidly weaponize proof-of-concept exploits in real attacks, often within 22 minutes of their public release, as per Cloudflare’s 2024 Application Security report covering May 2023 to March 2024.
Cyware News – Latest Cyber News – Read More
4 Linux commands for managing time (and why that’s important)
/in General NewsThe correct time is crucial to computer systems and subsystems. The wrong time might make it impossible to install new software. Here are four Linux commands to help you manage time.
Latest news – Read More
New BugSleep Backdoor Deployed in Recent MuddyWater Campaigns
/in General NewsThe deployment of BugSleep is a significant development in MuddyWater’s tactics, targeting various sectors with phishing emails leading to the distribution of Remote Management Tools and the BugSleep malware.
Cyware News – Latest Cyber News – Read More
CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
GeoServer is an open-source software server written in Java that allows users to share and edit geospatial data. It is the reference implementation of the Open
The Hacker News – Read More