BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)
- [local] Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
- [remote] FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
Oracle Patches 230 Vulnerabilities With April 2024 CPU
/in General NewsOracle releases 441 new security patches to address 230 vulnerabilities as part of its April 2024 Critical Patch Update.
The post Oracle Patches 230 Vulnerabilities With April 2024 CPU appeared first on SecurityWeek.
SecurityWeek – Read More
Exploitation of Palo Alto Firewall Vulnerability Picking Up After PoC Release
/in General NewsPalo Alto Networks firewall vulnerability CVE-2024-3400 increasingly exploited after PoC code has been released.
The post Exploitation of Palo Alto Firewall Vulnerability Picking Up After PoC Release appeared first on SecurityWeek.
SecurityWeek – Read More
Cyberattacks Surge 325% in Philippines Amid South China Sea Standoff
/in General NewsBy Deeba Ahmed
The Philippines finds itself under an online siege as tensions escalate in the South China Sea (SCS) with China, claims cybersecurity firm Resecurity.
This is a post from HackRead.com Read the original post: Cyberattacks Surge 325% in Philippines Amid South China Sea Standoff
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Update: Researchers Released Exploit Code for Actively Exploited Palo Alto Networks PAN-OS Bug
/in General NewsResearchers at watchTowr Labs have released a technical analysis of the vulnerability CVE-2024-3400 in Palo Alto Networks’ PAN-OS and a proof-of-concept exploit that can be used to execute shell commands on vulnerable firewalls.
Cyware News – Latest Cyber News – Read More
Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread
/in General NewsRecently, FortiGuard Labs observed multiple attacks focusing on this year-old vulnerability, spotlighting botnets like Moobot, Miori, the Golang-based agent “AGoent,” and the Gafgyt Variant.
Cyware News – Latest Cyber News – Read More
Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities
/in General NewsCyber Army of Russia Reborn, a group with ties to the Kremlin’s Sandworm unit, is crossing lines even that notorious cyberwarfare unit wouldn’t dare to.
Security Latest – Read More
‘Sandworm’ Group Is Russia’s Primary Cyberattack Unit in Ukraine
/in General NewsBut even with that focus, the sophisticated threat group has continued operations against targets globally, including the US, says Google’s Mandiant.
darkreading – Read More
BreachForums Down, But Not Out: Hackers Claim Attack, Admins Remain Unfazed
/in General NewsThe domain of the notorious BreachForums data leak and hacking forum has been taken down by rival threat actors. The threat actor group, R00TK1T, along with the Cyber Army of Russia, announced a breach of user data following the takedown.
Cyware News – Latest Cyber News – Read More
Misinformation and Hacktivist Campaigns Targeting the Philippines Skyrocket
/in General NewsAmidst rising tensions with China in the South China Sea, Resecurity has observed a significant spike in malicious cyber activity targeting the Philippines in Q1 2024, increasing nearly 325% compared to the same period last year.
Cyware News – Latest Cyber News – Read More
Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services
/in General NewsCisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024.
“These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies,” Cisco Talos said.
Successful attacks could
The Hacker News – Read More