BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] ABB Cylon Aspect Studio 3.08.03 - Binary Planting
- [remote] Windows 2024.15 - Unauthenticated Desktop Screenshot Capture
- [local] Microsoft Windows Server 2016 - Win32k Elevation of Privilege
- [webapps] WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass
- [webapps] Java-springboot-codebase 1.1 - Arbitrary File Read
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow
- [remote] ABB Cylon Aspect 3.08.03 - Guest2Root Privilege Escalation
- [remote] Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
Ways iOS Sideloading Can Be More Secure
/in General NewsSideloading apps is now possible on iOS devices, forcing Apple to add some security features in an attempt to mitigate the dangers of loading unknown apps.
darkreading – Read More
Europol’s Hunt Begins for Emotet Malware Mastermind
/in General NewsInternational law enforcement Operation Endgame shifts its crackdown to focus on individual adversaries.
darkreading – Read More
Portkey Announces Integration of Zero-Knowledge Proofs for Enhanced Identity Management and Security
/in General NewsPost Content
darkreading – Read More
Russia Aims Cyber Operations at Summer Olympics
/in General NewsAs always, Russian APTs are hoping to foment unrest by stoking existing societal divides and fears, this time around the Olympics and EU politics; and, concerns remain around physical disruption.
darkreading – Read More
Ticketmaster Confirms Cloud Breach, Amid Murky Details
/in General NewsTicketmaster parent Live Nation has filed a voluntary SEC data breach notification, while one of its cloud providers, Snowflake, also confirmed targeted cyberactivity against some of its customers.
darkreading – Read More
Kaspersky released a free Linux virus removal tool – but is it necessary?
/in General NewsConcerned about viruses on your Linux computer? I tested Kaspersky’s new Virus Removal Tool for Linux. Here’s what you need to know about it.
Latest stories for ZDNET in Security – Read More
Name That Edge Toon: Zonked Out
/in General NewsFeeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
darkreading – Read More
The best Bluetooth trackers of 2024: Expert tested
/in General NewsWe tested the best Bluetooth trackers (including AirTags and Tile trackers) to keep tabs on your belongings, whether you use iOS or Android.
Latest stories for ZDNET in Security – Read More
Popular WordPress Plugins Leave Millions Open to Backdoor Attacks
/in General NewsFastly researchers discover unauthenticated stored XSS attacks plaguing WordPress Plugins including WP Meta SEO, and the popular WP…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users
/in General NewsCybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that’s designed to drop a remote access trojan (RAT) on compromised systems.
The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a “logger for gulp and gulp plugins.” It has been downloaded 175 times to date.
Software supply chain security
The Hacker News – Read More