BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
What Is ShrinkLocker? New Ransomware Targets Microsoft BitLocker Encryption Feature
/in General NewsThe malware exploits Windows BitLocker to encrypt corporate files.
Security | TechRepublic – Read More
Is Microsoft Recall a ‘privacy nightmare’? 7 reasons you can stop worrying about it
/in General NewsIt’s one of the signature features of the next-generation Microsoft Copilot+ PCs, and at first glance it acts like the worst kind of spyware. But it’s getting a bad rap.
Latest stories for ZDNET in Security – Read More
Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors
/in General NewsMalicious campaign exploits high-severity XSS flaws in three WordPress plugins to backdoor websites.
The post Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors appeared first on SecurityWeek.
SecurityWeek – Read More
RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability
/in General NewsThe threat actors behind the RedTail cryptocurrency mining malware have added a recently disclosed security flaw impacting Palo Alto Networks firewalls to its exploit arsenal.
The addition of the PAN-OS vulnerability to its toolkit has been complemented by updates to the malware, which now incorporates new anti-analysis techniques, according to findings from web infrastructure and security
The Hacker News – Read More
An Argument for Coordinated Disclosure of New Exploits
/in General NewsBy adopting a stance of coordinated disclosure for exploits, security researchers can give organizations time to patch vulnerabilities before they are exploited in the wild.
darkreading – Read More
TrickBot and Other Malware Droppers Disrupted by Law Enforcement
/in General NewsThe TrickBot botnet and other malware droppers have been targeted by international law enforcement in Operation Endgame.
The post TrickBot and Other Malware Droppers Disrupted by Law Enforcement appeared first on SecurityWeek.
SecurityWeek – Read More
Pop Culture Passwords Most Likely to Get You Hacked, New Study
/in General NewsBy Deeba Ahmed
Is your password “Superman” or “Blink-182”? Millions are using these pop-culture favorites, making them easy targets for hackers.…
This is a post from HackRead.com Read the original post: Pop Culture Passwords Most Likely to Get You Hacked, New Study
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
How to Build Your Autonomous SOC Strategy
/in General NewsSecurity leaders are in a tricky position trying to discern how much new AI-driven cybersecurity tools could actually benefit a security operations center (SOC). The hype about generative AI is still everywhere, but security teams have to live in reality. They face constantly incoming alerts from endpoint security platforms, SIEM tools, and phishing emails reported by internal users. Security
The Hacker News – Read More
Shady ‘Merry-Go-Round’ Ad Fraud Network Leaves Orgs Hemorrhaging Cash
/in General NewsStealthy ad fraud rings turn legitimate marketing into spam at a large scale, creating 200M+ bid requests daily.
darkreading – Read More
4 Security Questions to Ask Your Enterprise Generative AI Provider
/in General NewsSecurity teams should understand their providers’ approach to data privacy, transparency, user guidance, and secure design and development.
darkreading – Read More