BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
FlyingYeti APT Serves Up Cookbox Malware Using WinRAR
/in General NewsThe Russia-aligned FlyingYeti’s phishing campaign exploited Ukrainian citizens’ financial stress to spread Cookbox malware.
darkreading – Read More
The NSA advises you to turn your phone off and back on once a week – here’s why
/in General NewsPowering off your phone regularly, disabling Bluetooth when it’s not needed, and using only trusted accessories are just some of the NSA’s security recommendations.
Latest stories for ZDNET in Security – Read More
Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices
/in General NewsMicrosoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023.
“These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and prevent critical systems from becoming easy targets,” the Microsoft Threat Intelligence team said.
The Hacker News – Read More
Data Privacy in the Age of GenAI
/in General NewsConsumer data is still a prime target for threat actors, and organizational consumption of data must be aligned to protecting it. The new rights act seeks to do some of this, but it still needs tweaking.
darkreading – Read More
In Other News: Apple WPS Surveillance, Canadian Gov Wants Backdoors, NIST AI Program
/in General NewsNoteworthy stories that might have slipped under the radar: Apple WPS can be abused for surveillance, Canadian government wants backdoors, NIST launches AI program.
The post In Other News: Apple WPS Surveillance, Canadian Gov Wants Backdoors, NIST AI Program appeared first on SecurityWeek.
SecurityWeek – Read More
Data Leak Exposes Business Leaders and Top Celebrity Data
/in General NewsBy Waqas
A data leak incident involving Clarity.fm left the personal data of business leaders and celebrities exposed to public…
This is a post from HackRead.com Read the original post: Data Leak Exposes Business Leaders and Top Celebrity Data
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Beyond Threat Detection – A Race to Digital Security
/in General NewsDigital content is a double-edged sword, providing vast benefits while simultaneously posing significant threats to organizations across the globe. The sharing of digital content has increased significantly in recent years, mainly via email, digital documents, and chat. In turn, this has created an expansive attack surface and has made ‘digital content’ the preferred carrier for cybercriminals
The Hacker News – Read More
OpenAI’s Altman Sidesteps Questions About Governance, Johansson at UN AI Summit
/in General NewsAltman spent part of his virtual appearance fending off thorny questions about governance, an AI voice controversy and criticism from ousted board members.
The post OpenAI’s Altman Sidesteps Questions About Governance, Johansson at UN AI Summit appeared first on SecurityWeek.
SecurityWeek – Read More
Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting
/in General NewsThe Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across Europe with the HeadLace malware and credential-harvesting web pages.
APT28, also known by the names BlueDelta, Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy, and TA422, is an advanced persistent threat (APT) group affiliated with
The Hacker News – Read More
Information of Hundreds of European Politicians Found on Dark Web
/in General NewsThe email addresses and other information of hundreds of British, French and EU politicians have been found on the dark web.
The post Information of Hundreds of European Politicians Found on Dark Web appeared first on SecurityWeek.
SecurityWeek – Read More