BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
US Says North Korean Hackers Exploiting Weak DMARC Settings
/in General NewsThe US government warns of a North Korean threat actor abusing weak email DMARC settings to hide spear-phishing attacks.
The post US Says North Korean Hackers Exploiting Weak DMARC Settings appeared first on SecurityWeek.
SecurityWeek – Read More
reNgine: Open-Source Automated Reconnaissance Framework for Web Applications
/in General NewsDeveloped to address limitations in existing tools, reNgine is beneficial for bug bounty hunters, penetration testers, and corporate security teams by automating and enhancing their information collection processes.
Cyware News – Latest Cyber News – Read More
DeepKeep Secures $10M in Seed Funding to Boost GenAI Protection Endeavors
/in General NewsFounded in 2021 by Rony Ohayon, DeepKeep specializes in AI-Native Trust, Risk, and Security Management (TRiSM). The platform caters to large corporations reliant on AI, GenAI, and LLM technologies for risk management and growth protection.
Cyware News – Latest Cyber News – Read More
Expert-Led Webinar – Uncovering Latest DDoS Tactics and Learn How to Fight Back
/in General NewsIn today’s rapidly evolving digital landscape, the threat of Distributed Denial of Service (DDoS) attacks looms more significant than ever. As these cyber threats grow in sophistication, understanding and countering them becomes crucial for any business seeking to protect its online presence.
To address this urgent need, we are thrilled to announce our upcoming webinar, “Uncovering Contemporary
The Hacker News – Read More
Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications
/in General NewsThreat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection.
This is done to “facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services,” the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.
The Hacker News – Read More
Cybersecurity Consultant Arrested After Allegedly Extorting IT Firm
/in General NewsVincent Cannady, a former cybersecurity consultant, was arrested for allegedly extorting a publicly traded IT company by threatening to disclose confidential data unless they paid him $1.5 million.
Cyware News – Latest Cyber News – Read More
In Other News: Locked Shields 2024, Data Exposure Bugs, NVIDIA Patches
/in General NewsNoteworthy stories that might have slipped under the radar: 4,000 take part in Locked Shields 2024 exercise, Qantas and JP Morgan hit by data exposure bugs, NVIDIA patches critical flaw.
The post In Other News: Locked Shields 2024, Data Exposure Bugs, NVIDIA Patches appeared first on SecurityWeek.
SecurityWeek – Read More
New AI Security Startup Apex Secures AI Models, Apps
/in General NewsThe AI security startup’s platform will allow organizations to define appropriate AI usage and enforce security policies.
darkreading – Read More
Innovation, Not Regulation, Will Protect Corporations From Deepfakes
/in General NewsIf CEOs want to prevent their firm from being the next victim of a high-profile deepfake scam, they need to double cybersecurity funding immediately.
darkreading – Read More
REvil Ransomware Affiliate Sentenced to Over 13 Years in Prison
/in General NewsYaroslav Vasinskyi, a 24-year-old Ukrainian national and affiliate of the notorious REvil ransomware-as-a-service (RaaS) group, has been sentenced to 13 years and 7 months in prison by a US court.
Cyware News – Latest Cyber News – Read More