BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Poland to Probe Russia-Linked Cyberattack on State News Agency
/in General NewsPolish prosecutors are investigating a suspected Russian attack on the country’s state news agency, the Polish Press Agency (PAP). The attack, which occurred in May, aimed to spread disinformation and cause disruptions in Poland’s system or economy.
Cyware News – Latest Cyber News – Read More
AuthZed Raises $12 Million to Accelerate Permissions Systems in Series A Funding
/in General NewsThe new funding will accelerate a strategic expansion for small–to mid-market-sized organizations, providing a fully managed and easy-to-deploy permissions system that is simple to maintain for their current and future authorization needs.
Cyware News – Latest Cyber News – Read More
Meta’s ‘Pay or Consent’ Approach Faces E.U. Competition Rules Scrutiny
/in General NewsMeta’s decision to offer an ad-free subscription in the European Union (E.U.) has faced a new setback after regulators accused the social media behemoth of breaching the bloc’s competition rules by forcing users to choose between seeing ads or paying to avoid them.
The European Commission said the company’s “pay or consent” advertising model is in contravention of the Digital Markets Act (DMA).
The Hacker News – Read More
Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware
/in General NewsA China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware.
The vulnerability, tracked as CVE-2024-20399 (CVSS score: 6.0), concerns a case of command injection that allows an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected
The Hacker News – Read More
Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights
/in General NewsAn Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data.
The unnamed 42-year-old “allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from unsuspecting victims who mistakenly connected to them,” the Australian Federal Police (AFP) said in a press
The Hacker News – Read More
Papua New Guinea Sets High Bar in Data Security
/in General NewsThe small island nation’s new data protection and governance policy reflects a forward-thinking cybersecurity strategy.
darkreading – Read More
Deepfakes will cost $40 billion by 2027 as adversarial AI gains momentum
/in General NewsNow one of the fastest-growing forms of adversarial AI, deepfakes-related losses are expected to soar from $12.3 billion in 2023.Read More
Security News | VentureBeat – Read More
CISA Report Finds Most Open-Source Projects Contain Memory-Unsafe Code
/in General NewsAnalysts found that 52% of open-source projects are written in memory-unsafe languages like C and C++.
Security | TechRepublic – Read More
Multi-Malware ‘Cluster Bomb’ Campaign Drops Widespread Cyber Havoc
/in General News“Unfurling Hemlock” has deployed malware on tens of thousands of systems worldwide by nesting multiple malicious files inside other malicious files.
darkreading – Read More
Google Opens $250K Bug Bounty Contest for VM Hypervisor
/in General NewsIf security researchers can execute a guest-to-host attack using a zero-day vulnerability in the KVM open source hypervisor, Google will make it worth their while.
darkreading – Read More