BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Ransomware Double-Dip: Re-Victimization in Cyber Extortion
/in General NewsBetween crossovers – Do threat actors play dirty or desperate?
In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether or not this is an actual second attack, an affiliate crossover (meaning an affiliate has gone to
The Hacker News – Read More
Researchers Find Dozens of Fake E-Zpass Toll Websites After FBI Warning
/in General NewsResearchers from cybersecurity firm DomainTools told Recorded Future News that they have found nearly 30 newly created domains related to tolls, 15 of which have a “high chance of being weaponized for phishing, malware, or spam.”
Cyware News – Latest Cyber News – Read More
Report: 51% of Enterprises Experienced a Breach Despite Large Security Stacks
/in General NewsThreat actors are continuing to successfully breach across the entire attack surface. Around 93% of enterprises who admitted a breach reported unplanned downtime, data exposure, or financial loss as a result, according to a survey by Pentera.
Cyware News – Latest Cyber News – Read More
Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers
/in General NewsNew research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes.
“When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted to an NT path,” SafeBreach security researcher Or Yair said&
The Hacker News – Read More
Critical Flaw in the Forminator Plugin Impacts Hundreds of Thousands of WordPress Sites
/in General NewsJapan’s CERT warned that the WordPress plugin Forminator, developed by WPMU DEV, is affected by multiple vulnerabilities, including a flaw that allows unrestricted file uploads to the server.
Cyware News – Latest Cyber News – Read More
MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days
/in General NewsMITRE R&D network hacked in early January by a state-sponsored threat group that exploited an Ivanti zero-day vulnerability.
The post MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days appeared first on SecurityWeek.
SecurityWeek – Read More
Rising Ransomware Issue: English-Speaking Western Affiliates
/in General NewsSecurity experts say Western teenagers comprise a number of active affiliate groups, many with ties to the cybercrime community that calls itself “The Community,” aka the Com or Comm.
Cyware News – Latest Cyber News – Read More
JavaScript Malware Switches to Server-Side Redirects and Uses DNS TXT Records as TDS
/in General NewsA malware campaign was found injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains, specifically using dynamic DNS TXT records of the tracker-cloud[.]com domain to obtain redirect URLs.
Cyware News – Latest Cyber News – Read More
NATO to Launch New Cyber Center to Contest Cyberspace ‘At All Times’
/in General NewsThe new facility, details about which have not previously been reported, marks the fruition of a significant doctrinal shift in how the alliance approaches operations in cyberspace.
Cyware News – Latest Cyber News – Read More
Jury Dishes Out Guilty Verdict in Mango Markets Fraud Case
/in General NewsA New York federal jury found a hacker guilty of all charges that he masterminded and carried out a scheme to fraudulently obtain $110 million from cryptocurrency exchange Mango Markets and investors.
Cyware News – Latest Cyber News – Read More