BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Pwn2Own 2024 Awards $700k as Hackers Pwn Tesla, Browsers, and More
/in General NewsBy Deeba Ahmed
Pwn2Own is back!
This is a post from HackRead.com Read the original post: Pwn2Own 2024 Awards $700k as Hackers Pwn Tesla, Browsers, and More
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Microsoft Warns of New Tax Returns Phishing Scams Targeting You
/in General NewsThese attachments, as per Microsoft Threat Intelligence’s blog post, contain malware that steals your login credentials, or they might redirect you to a fake website that looks like a legitimate tax platform designed to capture your information.
Cyware News – Latest Cyber News – Read More
Tarsal Raises $6 Million for Security Data Movement Platform
/in General NewsTarsal raises $6 million in a seed funding round led by Harpoon Ventures and Mango Capital and appoints new CTO.
The post Tarsal Raises $6 Million for Security Data Movement Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Vulnerability Allowed One-Click Takeover of AWS Service Accounts
/in General NewsAWS patches vulnerability that could have been used to hijack Managed Workflows Apache Airflow (MWAA) sessions via FlowFixation attack.
The post Vulnerability Allowed One-Click Takeover of AWS Service Accounts appeared first on SecurityWeek.
SecurityWeek – Read More
Hackers Claim to Have Breached Israeli Nuclear Facility’s Computer Network
/in General NewsAn Iran-linked hacking group claims to have breached the computer network of a sensitive Israeli nuclear installation in an incident declared by the ‘Anonymous’ hackers as a protest against the war in Gaza.
Cyware News – Latest Cyber News – Read More
Regulatory Measures Boost Cybersecurity Industry
/in General NewsIn the UAE and Saudi Arabia, specifically, technology adoption has increased across the finance, healthcare, and manufacturing sectors, further boosting the need for cybersecurity and robust regulatory frameworks.
Cyware News – Latest Cyber News – Read More
Androxgh0st Exploits SMTP Services to Extract Critical Data
/in General NewsAndroxGh0st is a malware that specifically targets Laravel applications. The malware scans and extracts login credentials linked to AWS and Twilio from environment files.
Cyware News – Latest Cyber News – Read More
Hackers Posing as Law Firms Phish Global Organizations
/in General NewsEarlier this month, cybercriminals from the “Narwhal Spider” (aka TA544, Storm-0302) group masquerading as law firms tricked multiple companies into downloading initial access malware that may precede greater attacks down the line.
Cyware News – Latest Cyber News – Read More
Tracker Backtrack? Feds Revise HIPAA Guidance on Web Tools
/in General NewsThe updated guidance replaces prior guidance that HHS OCR issued in December 2022 which warned that the use of online trackers that collect and transmit certain individually identifiable health information, constituted potential HIPAA violations.
Cyware News – Latest Cyber News – Read More
Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug
/in General NewsAtlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction.
Tracked as CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum severity.
Described as an SQL injection flaw, it’s rooted in a dependency called org.postgresql:
The Hacker News – Read More