BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)
- [local] Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
- [remote] FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs
/in General NewsAn exploit for the vulnerability allows unauthenticated attackers to escape a virtual file system sandbox to download system files and potentially achieve RCE.
darkreading – Read More
Tines Bags $50 Million Funding for Security Workflow Automation
/in General NewsIrish startup Tines raises $50 million in new venture capital funding as investors make big bets on automation and orchestration startups.
The post Tines Bags $50 Million Funding for Security Workflow Automation appeared first on SecurityWeek.
SecurityWeek – Read More
U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks
/in General NewsThe U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from at least 2016 to April 2021.
This includes the front companies Mehrsam Andisheh Saz Nik (MASN) and Dadeh
The Hacker News – Read More
Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike
/in General NewsCybersecurity researchers have discovered an ongoing attack campaign that’s leveraging phishing emails to deliver malware called SSLoad.
The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software.
“SSLoad is designed to stealthily infiltrate systems, gather sensitive
The Hacker News – Read More
5 Best VPN Services (2024): For Routers, PC, iPhone, Android, and More
/in General NewsIt won’t solve all of your privacy problems, but a virtual private network can make you a less tempting target for hackers.
Security Latest – Read More
Major Security Flaws Expose Keystrokes of Over One Billion Chinese Keyboard App Users
/in General NewsThe vulnerabilities could be exploited to “completely reveal the contents of users’ keystrokes in transit,” researchers Jeffrey Knockel, Mona Wang, and Zoë Reichert said.
Cyware News – Latest Cyber News – Read More
Report: Attacker Dwell Time Down, Ransomware up in 2023
/in General NewsAccording to a new report by Mandiant, which is based on Mandiant Consulting investigations during 2023, the global median dwell time for attackers fell to its lowest point since the company began tracking the metric in 2011.
Cyware News – Latest Cyber News – Read More
Amplifier Security Emerges From Stealth With AI Copilot, Human-in-the-Loop Automation
/in General NewsAmplifier Security has raised $3.3 million in funding for a solution that includes human-in-the-loop automation and an AI copilot.
The post Amplifier Security Emerges From Stealth With AI Copilot, Human-in-the-Loop Automation appeared first on SecurityWeek.
SecurityWeek – Read More
Report: Fifth of UK Companies Admit Staff Leaked Data via GenAI
/in General NewsOne in five UK companies has experienced sensitive corporate data exposure due to employees’ use of generative AI (GenAI), according to a report by cybersecurity services provider RiverSafe.
Cyware News – Latest Cyber News – Read More
Dexalot Announces Launch of Its Central Limit Order Book DEX on Arbitrum
/in General NewsBy Owais Sultan
Central limit order book (CLOB) decentralized exchange Dexalot has announced it is launching on Arbitrum. The move marks…
This is a post from HackRead.com Read the original post: Dexalot Announces Launch of Its Central Limit Order Book DEX on Arbitrum
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More