BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms
/in General NewsAn ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date.
“The threat actor has slightly revamped their interface but is still relying on an iframe injection to display a full-screen overlay in the visitor’s browser,” c/side security analyst Himanshu
The Hacker News – Read More
NHS vendor Advanced to pay £3M fine following 2022 ransomware attack
/in General NewsNHS vendor Advanced will pay just over £3 million ($3.8 million) in fines for not implementing basic security measures before it suffered a ransomware attack in 2022, the U.K.’s data protection regulator has confirmed. It’s half the fine that the Information Commissioner’s Office had initially sought in August 2024, when the data watchdog said it […]
Security News | TechCrunch – Read More
CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities are listed below –
CVE-2019-9874 (CVSS score: 9.8) – A deserialization vulnerability in the Sitecore.Security.AntiCSRF
The Hacker News – Read More
NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems
/in General NewsA critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation.
SnapCenter is an enterprise-focused software that’s used to manage data protection across applications, databases, virtual machines, and file systems, offering the ability to backup, restore, and clone data resources.
The vulnerability, tracked as
The Hacker News – Read More
Internet Archive (Archive.org) Goes Down Following “Power Outage”
/in General NewsThe Internet Archive (Archive.org), home to the Wayback Machine, is temporarily offline due to a reported power outage.…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
British company Advanced fined £3m by privacy regulator over ransomware attack
/in General NewsA business that provides IT services to numerous healthcare providers in the United Kingdom has been fined about $4 million by the country’s privacy regulator over a ransomware attack in 2022.
The Record from Recorded Future News – Read More
Security Expert Troy Hunt Lured in by Mailchimp Phish
/in General NewsHunt quickly took to his blog to notify the public of the breach and provide further details on how this could have happened.
darkreading – Read More
Mike Waltz Left His Venmo Friends List Public
/in General NewsA WIRED review shows national security adviser Mike Waltz, White House chief of staff Susie Wiles, and other top officials left sensitive information exposed via Venmo—until WIRED asked about it.
Security Latest – Read More
Cybersecurity Gaps Leave Doors Wide Open
/in General NewsAttackers don’t always need to resort to sophisticated gambits to break and enter; organizations often make it easy for them to walk right in.
darkreading – Read More
Penetration Testing Services: Strengthening Cybersecurity Against Evolving Threats
/in General NewsCybersecurity threats are evolving at an unprecedented pace, leaving organizations vulnerable to large-scale attacks. Security breaches and data…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More