BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws
/in General NewsMultiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893).
The clusters are being tracked by Mandiant under the monikers UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337. Another group linked to the exploitation spree is UNC3886.
The Google Cloud
The Hacker News – Read More
Byakugan – The Malware Behind a Phishing Attack
/in General NewsIn January 2024, FortiGuard Labs collected a PDF file written in Portuguese that distributes a multi-functional malware known as Byakugan. While investigating this campaign, a report about it was published.
Cyware News – Latest Cyber News – Read More
Critical Flaw in LayerSlider WordPress Plugin Impacts One Million Sites
/in General NewsA premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.
Cyware News – Latest Cyber News – Read More
Web3 Security Specialist Hypernative To Provide Proactive Protection To The Flare Ecosystem
/in General NewsBy Owais Sultan
Institutions, dApps and users on Flare will now benefit from Hypernative’s industry-leading ecosystem-wide protection suite.
This is a post from HackRead.com Read the original post: Web3 Security Specialist Hypernative To Provide Proactive Protection To The Flare Ecosystem
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
DataStax acquires Langflow to accelerate enterprise generative AI app development
/in General NewsDataStax acquires Langflow, an open-source platform for building retrieval-augmented generation applications, to accelerate enterprise adoption of generative AI and simplify AI app development.Read More
Security News | VentureBeat – Read More
SEXi Ransomware Desires VMware Hypervisors in Ongoing Campaign
/in General NewsA Babuk variant has been involved in at least four attacks on VMware EXSi servers in the last six weeks, in one case demanding $140 million from a Chilean data center company.
darkreading – Read More
Ivanti Pledges Security Overhaul the Day After 4 More Vulns Disclosed
/in General NewsSo far this year, Ivanti has disclosed a total of 11 flaws — many of them critical — in its remote access products.
darkreading – Read More
Malicious Latrodectus Downloader Picks Up Where QBot Left Off
/in General NewsInitial access brokers are using the new downloader malware, which emerged just after QBot’s 2023 disruption.
darkreading – Read More
Google survey: 63% of IT and security pros believe AI will improve corporate cybersecurity
/in General NewsMeanwhile, 36% were either neutral or disagreed that AI would play an important role in improving their cybersecurity.
Latest stories for ZDNET in Security – Read More
Action1 Unveils ‘School Defense’ Program To Help Small Educational Institutions Thwart Cyberattacks
/in General NewsPost Content
darkreading – Read More