BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
- [remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
China-Linked Cyber-Espionage Teams Target Asian Telecoms
/in General NewsIn the latest breaches, threat groups compromised telecommunications firms in at least two Asian nations, installing backdoors and possibly eavesdropping or pre-positioning for a future attack.
darkreading – Read More
WikiLeaks Founder Julian Assange Will Plead Guilty in Deal With US and Return to Australia
/in General NewsAssange will plead guilty to an Espionage Act charge of conspiring to unlawfully obtain and disseminate classified national defense information, the Justice Department said.
The post WikiLeaks Founder Julian Assange Will Plead Guilty in Deal With US and Return to Australia appeared first on SecurityWeek.
SecurityWeek – Read More
CDK Attack: Why Contingency Planning Is Critical for SaaS Customers
/in General NewsDaily operations at some 15,000 automotive dealers remain impacted as CDK works to restore its dealer management system, following what appears to be a ransomware attack last week.
darkreading – Read More
What Building Application Security Into Shadow IT Looks Like
/in General NewsAppSec is hard for traditional software development, let alone citizen developers. So how did two people resolve 70,000 vulnerabilities in three months?
darkreading – Read More
Hacker Claims TEG Ticket Vendor Breach: 30M User Records for Sale
/in General NewsHacker “Sp1d3r” claims breaching TEG, an Australian ticketing giant, exposing 30 million users’ data for sale on Breach Forums for USD 30,000.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Chinese Hackers Have Stepped Up Attacks on Taiwanese Organizations, Cybersecurity Firm Says
/in General NewsA suspected Chinese state-sponsored hacking group has stepped up its targeting of Taiwanese organizations, particularly those in sectors such as government, education, technology and diplomacy.
The post Chinese Hackers Have Stepped Up Attacks on Taiwanese Organizations, Cybersecurity Firm Says appeared first on SecurityWeek.
SecurityWeek – Read More
Tech Leaders Gather This Week for AI Risk Summit + CISO Forum at the Ritz-Carlton, Half Moon Bay
/in General NewsSecurityWeek’s AI Risk Summit + CISO Forum brings together business and government stakeholders to provide meaningful guidance on risk management and cybersecurity in the age of artificial intelligence.
The post Tech Leaders Gather This Week for AI Risk Summit + CISO Forum at the Ritz-Carlton, Half Moon Bay appeared first on SecurityWeek.
SecurityWeek – Read More
30M Potentially Affected in Tickettek Australia Cloud Breach
/in General NewsIn an incident with direct parallels to the recent Ticketmaster compromise, an Aussie live events giant says it was breached via a third-party cloud provider, as ShinyHunters takes credit.
darkreading – Read More
Google Introduces Project Naptime for AI-Powered Vulnerability Research
/in General NewsGoogle has developed a new framework called Project Naptime that it says enables a large language model (LLM) to carry out vulnerability research with an aim to improve automated discovery approaches.
“The Naptime architecture is centered around the interaction between an AI agent and a target codebase,” Google Project Zero researchers Sergei Glazunov and Mark Brand said. “The agent is provided
The Hacker News – Read More
New SnailLoad Attack Relies on Network Latency Variations to Infer User Activity
/in General NewsNew attack named SnailLoad allows a remote attacker to infer websites and videos viewed by a user without direct access to network traffic.
The post New SnailLoad Attack Relies on Network Latency Variations to Infer User Activity appeared first on SecurityWeek.
SecurityWeek – Read More