BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
A Breakthrough Online Privacy Proposal Hits Congress
/in General NewsWhile some states have made data privacy gains, the US has so far been unable implement protections at a federal level. A new bipartisan proposal called APRA could break the impasse.
Security Latest – Read More
US Environmental Protection Agency Allegedly Hacked, 8.5M User Data Leaked
/in General NewsBy Waqas
Another day, another data breach targeting critical infrastrcuture in the United States!
This is a post from HackRead.com Read the original post: US Environmental Protection Agency Allegedly Hacked, 8.5M User Data Leaked
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Enterprise AI Security Firm TrojAI Raises $5.75M in Seed Funding
/in General NewsTrojAI, a provider of enterprise AI security solutions, announced a $5.75 million funding round of additional seed capital and the appointment of Lee Weiner as CEO.
The post Enterprise AI Security Firm TrojAI Raises $5.75M in Seed Funding appeared first on SecurityWeek.
SecurityWeek – Read More
Best Privacy Browsers (2024): Brave, Safari, Ghostery, Firefox, DuckDuckGo
/in General NewsAd trackers are out of control. Use a browser that reins them in.
Security Latest – Read More
House to Take up Bill to Reauthorize Crucial US Spy Program as Expiration Date Looms
/in General NewsSection 702 of the Foreign Intelligence Surveillance Act expires on April 19.
The post House to Take up Bill to Reauthorize Crucial US Spy Program as Expiration Date Looms appeared first on SecurityWeek.
SecurityWeek – Read More
Browsing in Incognito Mode Doesn’t Protect You as Much as You Might Think
/in General NewsIncognito modes generally do not prevent the websites you visit from seeing your location, via your IP address, or stop your internet service provider from logging your activities.
The post Browsing in Incognito Mode Doesn’t Protect You as Much as You Might Think appeared first on SecurityWeek.
SecurityWeek – Read More
Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites
/in General NewsThreat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites.
The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of “improper neutralization of special elements” that could pave the way for arbitrary code execution.
It was addressed by the company as part of
The Hacker News – Read More
Identity Thief Lived as a Different Man for 33 Years
/in General NewsPlus: Microsoft scolded for a “cascade” of security failures, AI-generated lawyers send fake legal threats, a data broker quietly lobbies against US privacy legislation, and more.
Security Latest – Read More
Phishing Attacks Targeting Political Parties, Germany Warns
/in General News“An increase of attacks can currently be assumed, particularly in light of the upcoming European elections. These may include phishing attacks to publish stolen data or documents,” a BSI spokesperson told Information Security Media Group.
Cyware News – Latest Cyber News – Read More
New HTTP/2 DoS Attack can Crash Web Servers with a Single TCP Connection
/in General NewsNewly discovered HTTP/2 protocol vulnerabilities called “CONTINUATION Flood” can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations.
Cyware News – Latest Cyber News – Read More