BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)
- [local] Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
- [remote] FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [local] Microsoft Excel Use After Free - Local Code Execution
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
Autodesk Hosting PDF Files Used in Microsoft Phishing Attacks
/in General NewsResearchers discovered a sophisticated phishing campaign that is using compromised email accounts and Autodesk’s file sharing platform to steal Microsoft login credentials from victims.
Cyware News – Latest Cyber News – Read More
Researchers Sinkhole PlugX Malware Server With 2.5 Million Unique IPs
/in General NewsResearchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses.
Cyware News – Latest Cyber News – Read More
Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites
/in General NewsThreat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers.
The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to 3.9.2.0.
“This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as
The Hacker News – Read More
PCI Launches Payment Card Cybersecurity Effort in the Middle East
/in General NewsThe payment card industry pushes for more security in financial transactions to help combat increasing fraud in the region.
darkreading – Read More
How to change your IP address, why you’d want to – and when you shouldn’t
/in General NewsLooking for more privacy? Or easier access to a network device? Here are the steps for every operating system, and how to avoid address conflicts.
Latest stories for ZDNET in Security – Read More
OpenAI’s GPT-4 Can Autonomously Exploit 87% of One-Day Vulnerabilities, Study Finds
/in General NewsResearchers from the University of Illinois Urbana-Champaign found that OpenAI’s GPT-4 is able to exploit 87% of a list of vulnerabilities when provided with their NIST descriptions.
Security | TechRepublic – Read More
Chinese Keyboard Apps Open 1B People to Eavesdropping
/in General NewsEight out of nine apps that people use to input Chinese characters into mobile devices have weakness that allow a passive eavesdropper to collect keystroke data.
darkreading – Read More
FTC Issues $5.6M in Refunds to Customers After Ring Privacy Settlement
/in General NewsThe refunds will be made to individual affected customers through thousands of PayPal payments, available to be redeemed for a limited time.
darkreading – Read More
5 Attack Trends Organizations of All Sizes Should Be Monitoring
/in General NewsRecent trends in breaches and attack methods offer a valuable road map to cybersecurity professionals tasked with detecting and preventing the next big thing.
darkreading – Read More
The Biggest 2024 Elections Threat: Kitchen-Sink Attack Chains
/in General NewsHackers can influence voters with media and breach campaigns, or try tampering with votes. Or they can combine these tactics to even greater effect.
darkreading – Read More