BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
France Seeks to Protect National Interests With Bid for Atos Cybersec
/in General NewsBy offering to buy Atos’s big data and cybersecurity operations. Paris is trying to make sure key technologies do not fall under foreign control.
darkreading – Read More
Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw
/in General NewsCrypto exchange Kraken revealed that an unnamed security researcher exploited an “extremely critical” zero-day flaw in its platform to steal $3 million in digital assets and refused to return them.
Details of the incident were shared by Kraken’s Chief Security Officer, Nick Percoco, on X (formerly Twitter), stating it received a Bug Bounty program alert about a bug that “allowed them to
The Hacker News – Read More
Price Drop: Block Ads for a Special Price of Just $25
/in General NewsBlock ads with a dual 3-year subscription plan of AdGuard VPN and AdGuard Ad Blocker, now available for just $24.97 through June 26.
Security | TechRepublic – Read More
Sophon and Aethir Partner to Bring Decentralized Compute to The ZK Community
/in General NewsSophon and Aethir have announced the beginning of a strategic collaboration between the two networks, connecting the 800,000…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Chinese Cyber Espionage Group Exploits Fortinet, Ivanti and VMware Zero-Days
/in General NewsThe China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has been observed utilizing multiple persistence mechanisms in order to maintain unfettered access to compromised environments.
“Persistence mechanisms encompassed network devices, hypervisors, and virtual machines, ensuring alternative channels remain available
The Hacker News – Read More
Broadcom Advises Urgent Patch for Severe VMware vCenter Server Vulnerabilities
/in General NewsCritical security vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081) found in VMware vCenter Server! Patch immediately to safeguard virtual environments from remote code execution & privilege escalation attacks.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Cybersecurity M&A Roundup for First Half of June 2024
/in General NewsRoundup of the cybersecurity-related merger and acquisition (M&A) deals announced in the first half of June 2024.
The post Cybersecurity M&A Roundup for First Half of June 2024 appeared first on SecurityWeek.
SecurityWeek – Read More
US, Allies Publish Guidance on Securing Network Access
/in General NewsGovernment agencies in the US, New Zealand, and Canada have published new guidance on improving network security.
The post US, Allies Publish Guidance on Securing Network Access appeared first on SecurityWeek.
SecurityWeek – Read More
Amtrak Says Guest Rewards Accounts Hacked in Credential Stuffing Attacks
/in General NewsNational passenger railroad company Amtrak is notifying customers that hackers have breached their Guest Rewards Accounts.
The post Amtrak Says Guest Rewards Accounts Hacked in Credential Stuffing Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Perplexity Is a Bullshit Machine
/in General NewsA WIRED investigation shows that the AI search startup Perplexity is surreptitiously downloading your data.
Security Latest – Read More