BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
New Wi-Fi Authentication Bypass Flaws Expose Home, Enterprise Networks
/in General NewsA couple of Wi-Fi authentication bypass vulnerabilities found in open source software can expose enterprise and home networks to attacks.
The post New Wi-Fi Authentication Bypass Flaws Expose Home, Enterprise Networks appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft Warns of Exploited Exchange Server Zero-Day
/in General NewsMicrosoft says a newly patched Exchange Server vulnerability (CVE-2024-21410) has been exploited in attacks.
The post Microsoft Warns of Exploited Exchange Server Zero-Day appeared first on SecurityWeek.
SecurityWeek – Read More
New Critical Microsoft Exchange Bug Exploited as Zero-Day
/in General NewsDiscovered internally and tracked as CVE-2024-21410, this security flaw can let remote unauthenticated threat actors escalate privileges in NTLM relay attacks targeting vulnerable Microsoft Exchange Server versions.
Cyware News – Latest Cyber News – Read More
France Uncovers Russian Disinformation Campaign
/in General NewsThe network of disinformation websites, dubbed “Portal Kombat,” reproduces content from pro-Russian social media accounts and news agencies, using automation and machine translation to disseminate the content.
Cyware News – Latest Cyber News – Read More
Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation
/in General NewsMicrosoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates.
Tracked as CVE-2024-21410 (CVSS score: 9.8), the issue has been described as a case of privilege escalation impacting the Exchange Server.
“An attacker
The Hacker News – Read More
Cisco Announces It is Laying Off Thousands of Workers
/in General NewsAbout 5 percent of Cisco’s global workforce will be affected by layoffs, the Silicon Valley-based company said.
The post Cisco Announces It is Laying Off Thousands of Workers appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft, OpenAI: Nation-States Are Weaponizing AI in Cyberattacks
/in General NewsIt’s not theoretical anymore: the world’s major powers are working with large language models to enhance their offensive cyber operations.
darkreading – Read More
Prudential Files Voluntary Breach Notice With SEC
/in General NewsThe finance services giant says it was hacked — and reported the incident proactively before SEC requirements mandated it. It could be an anti-extortion move, or merely a brand protection effort.
darkreading – Read More
Menlo Security report: Cybersecurity risks surge with AI adoption
/in General NewsMenlo Security’s latest report reveals urgent cybersecurity challenges and strategies for businesses integrating generative AI like ChatGPT into their daily operations.Read More
Security News | VentureBeat – Read More
IBM, ISC2 Offer Cybersecurity Certificate
/in General NewsThe entry-level IBM and ISC2 Cybersecurity Specialist Professional Certificate takes four months to complete.
Security | TechRepublic – Read More