🚨 ALERT! 🚨 Over 260,000 #Joomla sites at risk due to TWO newly discovered #zeroday vulnerabilities! 😱 Learn how our team uncovered these critical flaws in a popular Joomla extension and how you can protect yourself. Read the full story: https://blog.blacklanternsecurity.com/p/doomla-zero-days #cybersecurity #websecurity #CVE

How do you eat an entire elephant? One bite at a time especially when it's the internet.

In our recent blog, the BLS team breaks down how they scanned the web for vulnerable tech stacks using BBOT & its modules.
BLS blog has all the details: https://blog.blacklanternsecurity.com/p/how-to-eat-an-entire-elephant?r=rbmdk&utm_campaign=post&utm_medium=web&showWelcomeOnShare=false

New Vulnerability Alert! Reflected XSS discovered in Aperio Eslide Manager (v12.3.2.5030). An authenticated user can inject malicious JavaScript payload via memo fields, potentially leading to code execution. Learn more on the BLS blog: https://blog.blacklanternsecurity.com/p/cve-2025-1888reflected-xss-in-aperio?r=rbmdk&utm_campaign=post&utm_medium=web&showWelcomeOnShare=false

#CVE #XSS

BIG NEWS! Introducing Webcap! A powerful web screenshot tool for pentesters & bug bounty hunters. Head to the BLS blog for details & access to the repo. #Pentesting #BugBounties #CyberSecurity

https://blog.blacklanternsecurity.com/p/tool-release-webcap?r=rbmdk&utm_campaign=post&utm_medium=web&showWelcomeOnShare=false

🚀 BBOT v2.3.0 is here! 🚀
Big updates: SQL output (Postgres, MySQL, SQLite), Nmap XML support, 4 new target types (Organization, Username, Filesystem, Mobile Apps), compressed file extraction, --fast mode, & --exclude-cdns. Plus tons of fixes & optimizations! 🔧💻
#OSINT #InfoSec #BBOT

https://github.com/blacklanternsecurity/bbot/pull/1986

Attack to Defend.
Our new website https://blacklanternsecurity.com is live! Discover how our comprehensive services can help you manage your attack surface, conduct thorough penetration testing & cybersecurity assessments, & access expert vulnerability research & analysis.
#WebsiteLaunch #Cybersecurity

Announcing BBOT 2.0! We are so proud to release this because there has been so much community involvement in support of this release. Take a look at the BLS Blog for all the juicy details of this release.

https://open.substack.com/pub/blacklanternsecurity/p/bbot-20-release-announcement?r=rbmdk&utm_campaign=post&utm_medium=web&showWelcomeOnShare=true

Head to the BLS Blog for a walkthrough with our Senior Blue Team Analyst as he explores the Windows logging mechanisms available for defenders to detect and prevent process injection, as well as the evasion techniques used by advanced threat actors to circumvent detection.

https://blog.blacklanternsecurity.com/p/detecting-process-injection?r=rbmdk&utm_campaign=post&utm_medium=web

@campuscodi thanks for the BadDNS shoutout this week!

We've also got a new release of BBOT. Look for bugfixes, improvements, & 9 new modules!

https://github.com/blacklanternsecurity/bbot

1) Trufflehog - Detect exposed secrets in code repos, workflow logs, etc.

2) Docker Hub - Detect and enumerate Docker repositories

3) GitLab by - Detect and enumerate GitLab servers

4) DotNetNuke - Detect vulnerable DNN instances

5) BadDNS - Detect hijackable subdomains, zone transfers, and other DNS misconfigurations

6) Git Clone - Download git repositories

7) Docker Pull - Download Docker images for offline analysis

8) GitHub Workflow Logs - Download GitHub workflow logs for analysis

9) Code Repository - Detect and extract code repositories from HTTP responses, etc.

Our newest #BBOT module, BadDNS is now featured on the BLS blog. BadDNS is a Python DNS auditing tool and it is powerful!

Blog post: https://blog.blacklanternsecurity.com/p/introducing-baddns?r=rbmdk&utm_campaign=post&utm_medium=web

BBOT: https://github.com/blacklanternsecurity/bbot

BBOT 1.1.5 Released!

7 new major modules including: Shodan, Postman, and AWS buckets (oh my!)
3x Performance Boost!

Released on Pypi and DockerHub!

https://github.com/blacklanternsecurity/bbot
#bbot #cybersecurity

New #CVE this week on our blog. Shipping lines, trucking companies, and other terminals around the globe... oh, my! Find us on Discord to get your questions answered.

https://blog.blacklanternsecurity.com/p/xss-and-sqli-in-forecast-by-tideworks?r=rbmdk&utm_campaign=post&utm_medium=web

Annnnnnnnnd.... just in time for
DEFCON, new developments to #BBOT! BLS will be at the conference this year, presenting BBOT and its new developments at the Demo Labs. Come find us!

https://blog.blacklanternsecurity.com/p/bbot-def-con-tool-release

#BBOT #DEFCON2023 #tools #OSINT

Time for another face-off between subdomain enumerations tools. Where does BBOT land?

https://blog.blacklanternsecurity.com/p/subdomain-enumeration-tool-face-off-4e5

#blog #cybersecurity #osint #BBOT

Big update to our internal #osint tool, BBOT. New modules and new features.
https://github.com/blacklanternsecurity/bbot

#cybersecurity #update #BBOT

Check out the new podcast posted today, where some of the BLS crew talks about diving in, headfirst, into cybersecurity. Definitely can feel like drinking out of a firehose!

https://anchor.fm/black-lantern/episodes/Youve-Made-It----Now-What-e1ri4qf/a-a8v8ns0

Hello, Internet.