BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
- Pulsegram - Integrated Keylogger With Telegram
Exploit DB
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
- [local] Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
- [local] unzip-stream 0.3.1 - Arbitrary File Write
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
Joomla XSS Bugs Open Millions of Websites to RCE
/in General NewsImproper content filtering in a core function allows multiple paths to exploitation for CVE-2024-21726.
darkreading – Read More
Early adopters’ fast-tracking gen AI into production, according to new report
/in General NewsHealthcare, manufacturing and education industries see the greatest potential for gen AI and lead all others in their interest to become early adopters.Read More
Security News | VentureBeat – Read More
New Wave of ‘Anatsa’ Banking Trojans Targets Android Users in Europe
/in General NewsUsers have already downloaded droppers for the malware from Google’s official Play store more than 100,000 times since last November.
darkreading – Read More
Authentic or counterfeit? How QED Vault is using tokens to redefine asset ownership
/in General NewsOne man’s quest to authenticate rare sneakers led to the first consumer blockchain-based tokenization platform.
Latest stories for ZDNET in Security – Read More
LockBit Ransomware Gang’s Website Shut Down by FBI and International Law Enforcement
/in General NewsThe enforcement action is a major blow against the ransomware-as-a-service provider, which has been connected to 2,000 victims globally.
Security | TechRepublic – Read More
‘KeyTrap’ DNS Bug Threatens Widespread Internet Outages
/in General NewsThanks to a 24-year-old security vulnerability tracked as CVE-2023-50387, attackers could stall DNS servers with just a single malicious packet, effectively taking out wide swaths of the Internet.
darkreading – Read More
Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private
/in General NewsWe tested the end-to-end encrypted messenger’s new feature aimed at addressing critics’ most persistent complaint. Here’s how it works.
Security Latest – Read More
Wyze Cameras Glitch: 13,000 Users Saw Footage from Others’ Homes
/in General NewsBy Deeba Ahmed
Third-Party Library Blamed for Wyze Camera Security Lapse.
This is a post from HackRead.com Read the original post: Wyze Cameras Glitch: 13,000 Users Saw Footage from Others’ Homes
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
ConnectWise Rushes to Patch Critical Vulns in Remote Access Tool
/in General NewsConnectWise ships patches for extremely critical security defects in its ScreenConnect remote desktop access product and urges emergency patching.
The post ConnectWise Rushes to Patch Critical Vulns in Remote Access Tool appeared first on SecurityWeek.
SecurityWeek – Read More
Hacked Iraqi Voter Information Found For Sale Online
/in General NewsA 21.58 GB database of stolen personal voter data from Iraq’s Independent High Electoral Commission (IHEC) may have been the result of a supply chain attack.
darkreading – Read More