BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
- Pulsegram - Integrated Keylogger With Telegram
Exploit DB
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
- [local] Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
- [local] unzip-stream 0.3.1 - Arbitrary File Write
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
Massive Utility Scam Campaign Spreads via Online Ads
/in General NewsScammers create multiple fraudulent domains and use scare tactics to pressure victims into making hasty decisions, such as disclosing personal details or making immediate payments.
Cyware News – Latest Cyber News – Read More
Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws
/in General NewsThreat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers to target over 80 organizations.
These entities are primarily located in Georgia, Poland, and Ukraine, according to Recorded Future, which attributed the intrusion set to a threat
The Hacker News – Read More
Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor
/in General NewsThe Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new backdoor called BASICSTAR by creating a fake webinar portal.
Charming Kitten, also called APT35, CharmingCypress, Mint Sandstorm, TA453, and Yellow Garuda, has a history of orchestrating a wide range of social engineering campaigns that cast a
The Hacker News – Read More
The Danger Lurking Just Below Ukraine’s Surface
/in General NewsThe widespread use of mines has left Ukrainians scrambling to find ways to clear the explosives. New efforts to develop mine-clearing technology may help them push back Russia’s invading forces.
Security Latest – Read More
Hackers Claim Data Breach at Staffing Giant Robert Half, Sell Sensitive Data
/in General NewsBy Waqas
Deja vu at Robert Half? Notorious hackers claim responsibility as the staffing giant makes headlines for yet another alleged data breach in two years.
This is a post from HackRead.com Read the original post: Hackers Claim Data Breach at Staffing Giant Robert Half, Sell Sensitive Data
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Tech Companies Sign Accord to Combat AI-Generated Election Trickery
/in General NewsExecutives from Adobe, Amazon, Google, IBM, Meta, Microsoft, OpenAI and TikTok gathered at the Munich Security Conference to announce a framework for how they respond to AI-generated deepfakes that deliberately trick voters.
The post Tech Companies Sign Accord to Combat AI-Generated Election Trickery appeared first on SecurityWeek.
SecurityWeek – Read More
FBI’s Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty
/in General NewsA Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021.
Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and extradited to the U.S. last year. He was added to the FBI’s most-wanted list in 2012.
The U.S.
The Hacker News – Read More
How to Not Get Scammed Out of $50,000
/in General NewsPlus: State-backed hackers test out generative AI, the US takes down a major Russian military botnet, and 100 hospitals in Romania go offline amid a major ransomware attack.
Security Latest – Read More
New MonikerLink Flaw Exposes Outlook Users to Data Theft and Malware
/in General NewsBy Waqas
The #MonikerLink security flaw in Microsoft Outlook allows hackers to execute arbitrary code on the targeted device.
This is a post from HackRead.com Read the original post: New MonikerLink Flaw Exposes Outlook Users to Data Theft and Malware
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
How Businesses Can Safeguard Their Communication Channels Against Hackers
/in General NewsEfficient communication is a cornerstone of business success. Internally, making sure your team communicates seamlessly helps you avoid friction losses, misunderstandings, delays, and overlaps. Externally, frustration-free customer communication is directly correlated to a positive customer experience and higher satisfaction.
However, business communication channels are also a major target
The Hacker News – Read More