BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Popular WordPress Plugins Leave Millions Open to Backdoor Attacks
/in General NewsFastly researchers discover unauthenticated stored XSS attacks plaguing WordPress Plugins including WP Meta SEO, and the popular WP…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users
/in General NewsCybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that’s designed to drop a remote access trojan (RAT) on compromised systems.
The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a “logger for gulp and gulp plugins.” It has been downloaded 175 times to date.
Software supply chain security
The Hacker News – Read More
Authorities Ramp Up Efforts to Capture the Mastermind Behind Emotet
/in General NewsLaw enforcement authorities behind Operation Endgame are seeking information related to an individual who goes by the name Odd and is allegedly the mastermind behind the Emotet malware.
Odd is also said to go by the nicknames Aron, C700, Cbd748, Ivanov Odd, Mors, Morse, Veron over the past few years, according to a video released by the agencies.
“Who is he working with? What is his
The Hacker News – Read More
Identities of Cybercriminals Linked to Malware Loaders Revealed
/in General NewsLaw enforcement reveals the identities of eight cybercriminals linked to recently disrupted malware loaders.
The post Identities of Cybercriminals Linked to Malware Loaders Revealed appeared first on SecurityWeek.
SecurityWeek – Read More
How Do Password Managers Work and Why Do You Need One?
/in General NewsLearn how password managers work, their benefits and why your organization needs one to secure sensitive data and prevent security breaches.
Security | TechRepublic – Read More
CISA’s Secure by Design Initiative at 1: A Report Card
/in General NewsThere is more that needs to be done, but, so far, the initiative is a success.
darkreading – Read More
5 Reasons Why You Should Use a Password Manager
/in General NewsHere are 5 reasons why you should consider using a password manager to protect your data and improve password management.
Security | TechRepublic – Read More
Live Nation Confirms Massive Ticketmaster Data Breach
/in General NewsBy Waqas
In an SEC filing, Live Nation Entertainment confirmed its subsidiary Ticketmaster suffered a data breach, claiming it will…
This is a post from HackRead.com Read the original post: Live Nation Confirms Massive Ticketmaster Data Breach
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
PoC Published for Exploited Check Point VPN Vulnerability
/in General NewsPoC code targeting a recent Check Point VPN zero-day has been released as Censys identifies 14,000 internet-accessible appliances.
The post PoC Published for Exploited Check Point VPN Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
SASE Threat Report: 8 Key Findings for Enterprise Security
/in General NewsThreat actors are evolving, yet Cyber Threat Intelligence (CTI) remains confined to each isolated point solution. Organizations require a holistic analysis across external data, inbound and outbound threats and network activity. This will enable evaluating the true state of cybersecurity in the enterprise.
Cato’s Cyber Threat Research Lab (Cato CTRL, see more details below) has recently released
The Hacker News – Read More