BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
‘Sticky Werewolf’ APT Stalks Aviation Sector
/in General NewsThe pro-Ukranian group has upgraded its infection chain, with credentials, strategic info on commercial pilots, or billion-dollar designs as the possible prizes.
darkreading – Read More
Get 2 Lifetime Password Manager Subscriptions for Only $50
/in General NewsSave your business time and money with Sticky Password Premium and get this two-account bundle for $49.99 (reg. $399) at TechRepublic Academy.
Security | TechRepublic – Read More
In Other News: TikTok Zero-Day, DMM Bitcoin Hack, Free VPN App Analysis
/in General NewsNoteworthy stories that might have slipped under the radar: TikTok patches account hijacking zero-day, $300 million DMM Bitcoin hack, free Android VPN apps analyzed.
The post In Other News: TikTok Zero-Day, DMM Bitcoin Hack, Free VPN App Analysis appeared first on SecurityWeek.
SecurityWeek – Read More
Developing a Plan to Respond to Critical CVEs in Open Source Software
/in General NewsEstablishing a clear process for developers to respond to critical CVEs is essential for having a rapid and coordinated response.
darkreading – Read More
Mozilla Launches 0Din Gen-AI Bug Bounty Program
/in General NewsMozilla has announced a 0Day Investigative Network (0Din) bug bounty program for LLMs and other deep learning tech.
The post Mozilla Launches 0Din Gen-AI Bug Bounty Program appeared first on SecurityWeek.
SecurityWeek – Read More
Hotel Kiosks Vulnerability Exposed Guest Data, Room Access
/in General NewsA security vulnerability in Ariane Allegro Hotel Check-In Kiosks exposed guest data and potentially compromised room access. However,…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
AirMDR Raises $5 Million for AI-Powered Managed Detection and Response
/in General NewsAI-powered MDR startup AirMDR has raised $5 million in seed funding from Foundation Capital and Storm Ventures.
The post AirMDR Raises $5 Million for AI-Powered Managed Detection and Response appeared first on SecurityWeek.
SecurityWeek – Read More
Cyber Landscape is Evolving – So Should Your SCA
/in General NewsTraditional SCAs Are Broken: Did You Know You Are Missing Critical Pieces?
Application Security professionals face enormous challenges securing their software supply chains, racing against time to beat the attacker to the mark.
Software Composition Analysis (SCA) tools have become a basic instrument in the application security arsenal in the last 7 years. Although essential, many platforms
The Hacker News – Read More
The AI Debate: Google’s Guidelines, Meta’s GDPR Dispute, Microsoft’s Recall Backlash
/in General NewsGoogle is urging third-party Android app developers to incorporate generative artificial intelligence (GenAI) features in a responsible manner.
The new guidance from the search and advertising giant is an effort to combat problematic content, including sexual content and hate speech, created through such tools.
To that end, apps that generate content using AI must ensure they don’t create
The Hacker News – Read More
FCC Proposes BGP Security Reporting for Broadband Providers
/in General NewsThe FCC proposes that broadband providers plan for BGP security and provide quarterly reports on implemented risk mitigations.
The post FCC Proposes BGP Security Reporting for Broadband Providers appeared first on SecurityWeek.
SecurityWeek – Read More