BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
North Korea-Linked Group Levels Multistage Cyberattack on South Korea
/in General NewsKimsuky-attributed campaign uses eight steps to compromise systems — from initial execution to downloading additional code from Dropbox, and executing code to establish stealth and persistence.
darkreading – Read More
ML Model Repositories: The Next Big Supply Chain Attack Target
/in General NewsMachine-learning model platforms like Hugging Face are suspectible to the same kind of attacks that threat actors have executed successfully for years via npm, PyPI, and other open source repos.
darkreading – Read More
Fujitsu Scrambles After Malware Attack: Customer Data Potentially Breached
/in General NewsBy Deeba Ahmed
While Fujitsu did not disclose in-depth details, the company confirmed investigating a cyberattack that may have led to a data breach.
This is a post from HackRead.com Read the original post: Fujitsu Scrambles After Malware Attack: Customer Data Potentially Breached
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
New AcidRain Linux Malware Variant “AcidPour” Found Targeting Ukraine
/in General NewsBy Waqas
Another day, another malware threat emerges in a country already at war.
This is a post from HackRead.com Read the original post: New AcidRain Linux Malware Variant “AcidPour” Found Targeting Ukraine
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics
/in General NewsA new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information.
Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it’s likely associated with the North Korean state-sponsored group tracked as Kimsuky.
“The malware payloads used in the DEEP#GOSU represent a
The Hacker News – Read More
Fujitsu Found Malware on IT Systems, Confirms Data Breach
/in General NewsAn announcement published late last week on the firm’s news portal discloses a major cybersecurity incident that has compromised systems and data, including sensitive information of customers.
Cyware News – Latest Cyber News – Read More
UK: NCSC Releases Cloud SCADA Security Guidance
/in General NewsThe NCSC released guidance for operational technology (OT) organizations on migrating their SCADA systems to the cloud. This guidance aims to help organizations assess the benefits and risks of cloud-hosted SCADA to make informed decisions.
Cyware News – Latest Cyber News – Read More
Evasive Azorult Campaign Delivers Malicious Payload Through Google Sites
/in General NewsThis campaign is noteworthy as it uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website.
Cyware News – Latest Cyber News – Read More
New Acoustic Side-Channel Attack Determines Keystrokes From Typing Patterns
/in General NewsResearchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise.
Cyware News – Latest Cyber News – Read More
COTI Announces Upcoming V2 Airdrop Campaign Worth +10M USD
/in General NewsBy Owais Sultan
Web3 infrastructure leader COTI is excited to announce a significant community rewards initiative, with the platform airdropping up…
This is a post from HackRead.com Read the original post: COTI Announces Upcoming V2 Airdrop Campaign Worth +10M USD
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More