BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
- [remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)
- [remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)
- [local] Sudo chroot 1.9.17 - Local Privilege Escalation
- [local] Sudo 1.9.17 Host Option - Elevation of Privilege
- [local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
- [webapps] Discourse 3.2.x - Anonymous Cache Poisoning
- [remote] Microsoft Outlook - Remote Code Execution (RCE)
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
Quora’s Chatbot Platform Poe Allows Users to Download Paywalled Articles on Demand
/in General NewsWIRED was able to download stories from publishers like The New York Times and The Atlantic using Poe’s Assistant bot. One expert calls it “prima facie copyright infringement,” which Quora disputes.
Wired – Read More
The Real Relationship Hustlers of TikTok
/in General NewsTikTok is host to one of the most influential, fastest-growing online industries: relationship misinformation.
Wired – Read More
CISA’s Flags Memory-Unsafe Code in Major Open Source Projects
/in General NewsDespite more than 50% of all open source code being written in memory-unsafe languages like C++, we are unlikely to see a massive overhaul to code bases anytime soon.
darkreading – Read More
Microsoft Alerts More Customers to Email Theft in Expanding Midnight Blizzard Hack
/in General NewsShockwaves from the Russian government’s hack of Microsoft’s corporate infrastructure continue to spread as the victim pool widens.
The post Microsoft Alerts More Customers to Email Theft in Expanding Midnight Blizzard Hack appeared first on SecurityWeek.
SecurityWeek – Read More
New Unfurling Hemlock Threat Actor Floods Systems with Malware
/in General NewsUnfurling Hemlock is using a new method, referred to as a “malware cluster bomb,” which allows the threat actor to use one malware sample to spread additional malware on compromised machines.
Cyware News – Latest Cyber News – Read More
Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data
/in General NewsThe North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that’s designed to steal sensitive information as part of an ongoing intelligence collection effort.
Zscaler ThreatLabz, which observed the activity in early March 2024, has codenamed the extension TRANSLATEXT, highlighting its ability to gather email addresses, usernames,
The Hacker News – Read More
Hundreds of Thousands Impacted in Children’s Hospital Cyberattack
/in General NewsThough the Chicago-area hospital did not pay a ransom, a host of sensitive medical information is now at risk.
darkreading – Read More
LMSYS launches ‘Multimodal Arena’: GPT-4 tops leaderboard, but AI still can’t out-see humans
/in General NewsLMSYS’s new Multimodal Arena reveals GPT-4 leads in AI vision tasks, but benchmark results show even top models lag behind human visual understanding and reasoning capabilities.Read More
Security News | VentureBeat – Read More
LockBit Attack Targets Evolve Bank, Not Federal Reserve
/in General NewsThe ransomware group claimed it had breached the Federal Reserve, but the target now appears to have been an Arkansas-based bank, Evolve.
darkreading – Read More
Remote Access Giant TeamViewer Says Russian Spies Hacked Its Corporate Network
/in General NewsTeamViewer, a leading provider of remote access tools, has confirmed that its corporate network is currently under a cyberattack. The company has identified the attackers as a government-backed Russian intelligence group known as APT29.
Cyware News – Latest Cyber News – Read More