BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Google Ad Impersonates Whales Market to Push Wallet Drainer Malware
/in General NewsA legitimate-looking Google Search advertisement for the crypto trading platform ‘Whales Market’ redirects visitors to a wallet-draining phishing site that steals all of your assets.
Cyware News – Latest Cyber News – Read More
Quishing Attacks Jump Tenfold, Attachment Payloads Halve
/in General NewsThe figures come from the latest Egress report, which also suggests a notable decrease in attachment-based payloads, which halved from 72.7% to 35.7% over the same period.
Cyware News – Latest Cyber News – Read More
Cybercriminals Pose as LastPass Staff to Hack Password Vaults
/in General NewsThe attacker combines multiple social engineering techniques that involve contacting the potential victim (voice phishing) and pretending to be a LastPass employee trying to help with securing the account following unauthorized access.
Cyware News – Latest Cyber News – Read More
92% of Enterprises Unprepared for AI Security Challenges
/in General NewsMost industries continue to run almost two or more months behind in patching software vulnerabilities, endpoints remain vulnerable to threats, and most enterprise PCs must be replaced to support AI-based technologies, according to a new report.
Cyware News – Latest Cyber News – Read More
‘MagicDot’ Windows Weakness Allows Unprivileged Rootkit Activity
/in General NewsMalformed DOS paths in file-naming nomenclature in Windows could be used to conceal malicious content, files, and processes.
darkreading – Read More
OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining
/in General NewsMicrosoft warns that several OpenMetadata vulnerabilities are being exploited to deploy cryptomining malware to Kubernetes environments.
The post OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining appeared first on SecurityWeek.
SecurityWeek – Read More
Novel Android Malware Targets Korean Banking Users
/in General NewsA new banking Trojan is targeting Korean users using obfuscation techniques that target the Android manifest, exploit vulnerabilities and take advantage of weaknesses in how Android apps interpret this file.
Cyware News – Latest Cyber News – Read More
Damn Vulnerable RESTaurant: Open-Source API Service Designed for Learning
/in General NewsDamn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code through an interactive game.
Cyware News – Latest Cyber News – Read More
Hackers Target Middle East Governments with Evasive “CR4T” Backdoor
/in General NewsGovernment entities in the Middle East have been targeted as part of a previously undocumented campaign to deliver a new backdoor dubbed CR4T.
Russian cybersecurity company Kaspersky said it discovered the activity in February 2024, with evidence suggesting that it may have been active since at least a year prior. The campaign has been codenamed
The Hacker News – Read More
‘Crude’ Ransomware Tools Proliferating on the Dark Web for Cheap, Researchers Find
/in General NewsResearchers at the intelligence unit at the cybersecurity firm Sophos found 19 ransomware varieties being offered for sale or advertised as under development on four forums from June 2023 to February 2024.
Cyware News – Latest Cyber News – Read More