BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Update: LoanDepot Says About 17M Customers Had Personal Data and SSNs Stolen During Cyberattack
/in General NewsThe cyberattack left LoanDepot’s customers unable to make payments or access their online accounts, and the company expects the incident to impact its fiscal first quarter earnings by $12 to $17 million.
Cyware News – Latest Cyber News – Read More
Zyxel Issues Security Advisory for Multiple Vulnerabilities in Firewalls and APs
/in General NewsZyxel has identified and patched four critical vulnerabilities in its firewall and access point products, including flaws that could lead to remote code execution and denial-of-service attacks.
Cyware News – Latest Cyber News – Read More
Black Basta, Bl00dy Ransomware Exploiting Recent ScreenConnect Flaws
/in General NewsThe Black Basta and Bl00dy ransomware gangs have started exploiting two vulnerabilities in ConnectWise ScreenConnect.
The post Black Basta, Bl00dy Ransomware Exploiting Recent ScreenConnect Flaws appeared first on SecurityWeek.
SecurityWeek – Read More
What Companies & CISOs Should Know About Rising Legal Threats
/in General NewsLitigation and regulatory enforcement are increasing risks for companies and cybersecurity leaders. Something must be done to protect the profession.
darkreading – Read More
Cyber Insights 2024: Quantum and the Cryptopocalypse
/in General NewsQuantum computers are coming, and will defeat current PKE encryption. But this cryptopocalypse is not dependent upon quantum computers — it could happen through other means, at any time.
The post Cyber Insights 2024: Quantum and the Cryptopocalypse appeared first on SecurityWeek.
SecurityWeek – Read More
ResurrecAds Attack Hijacks Brand Names, Spreads Spam Via ‘SubdoMailing’
/in General NewsBy Deeba Ahmed
Brand Hijacking Alert: Guardio Reveals Malicious Actors Using Trusted Brands for Phishing.
This is a post from HackRead.com Read the original post: ResurrecAds Attack Hijacks Brand Names, Spreads Spam Via ‘SubdoMailing’
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
67,000 U-Haul Customers Impacted by Data Breach
/in General NewsU-Haul says customer information was compromised in a data breach involving a reservation tracking system.
The post 67,000 U-Haul Customers Impacted by Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
Over 13,000 Hijacked Major-Brand Subdomains Found Bombarding Users With Millions of Malicious Emails
/in General NewsThe threat actors hijack abandoned subdomains and domains of well-known companies, allowing the emails to bypass spam filters and appear legitimate. Brands like MSN, VMware, and eBay have been unwittingly involved.
Cyware News – Latest Cyber News – Read More
White House Urges Tech Industry to Switch to Memory-Safe Programming Languages
/in General NewsA new report by the Office of the National Cyber Director (ONCD) highlighted that up to 70% of security vulnerabilities are due to memory safety issues in certain programming languages.
Cyware News – Latest Cyber News – Read More
New IDAT Loader Version Uses Steganography to Push Remcos RAT
/in General NewsThe attackers employed sophisticated techniques such as code injection, execution modules, and dynamic loading of Windows API functions to evade detection by automated security products.
Cyware News – Latest Cyber News – Read More