BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] WebDAV Windows 10 - Remote Code Execution (RCE)
- [local] Microsoft Excel Use After Free - Local Code Execution
- [remote] Windows File Explorer Windows 10 Pro x64 - TAR Extraction
Cisco Warns of Password-Spraying Attacks Targeting Secure Firewall Devices
/in General NewsThe company published a document containing recommendations against password spray attacks aimed at Remote Access VPN (RAVPN) services. The IT giant pointed out that the attacks are also targeting third-party VPN concentrators.
Cyware News – Latest Cyber News – Read More
Update: Harvard Pilgrim Health Network Updates Data Breach Total to Nearly 2.9 Million
/in General NewsHarvard Pilgrim said the files involved may contain personal data and protected health information on current and former subscribers and dependents, as well as current contracted providers.
Cyware News – Latest Cyber News – Read More
Attackers Increasingly Exploit Enterprise Tech Zero-Days
/in General NewsThe discovery and exploitation of zero-day vulnerabilities in enterprise-specific software and appliances appears to be outpacing the leveraging of zero-day bugs overall, judging by Google’s latest research.
Cyware News – Latest Cyber News – Read More
Iran’s Evolving Cyber-Enabled Influence Operations to Support Hamas
/in General NewsUnderstanding Iran’s techniques, coupled with comprehensive threat intel, can give organizations an edge in identifying and defending against these attacks.
darkreading – Read More
Retail Chain Hot Topic Hit by New Credential Stuffing Attacks
/in General NewsBreach notification letters sent to potentially impacted customers this week reveal that attackers targeted Hot Topic Rewards accounts in automated attacks using login information obtained from an unknown source.
Cyware News – Latest Cyber News – Read More
Massachusetts Health Insurer Data Breach Impacts 2.8 Million
/in General NewsHarvard Pilgrim Health Care says the personal information of over 2.8 million individuals was stolen in a year-old ransomware attack.
The post Massachusetts Health Insurer Data Breach Impacts 2.8 Million appeared first on SecurityWeek.
SecurityWeek – Read More
Cisco Addressed High-Severity Flaws in IOS and IOS XE Software
/in General NewsCisco this week released patches to address multiple IOS and IOS XE software vulnerabilities. An unauthenticated attacker can exploit several issues fixed by the IT giant to cause a denial-of-service (DoS) condition.
Cyware News – Latest Cyber News – Read More
Exposing a New BOLA Vulnerability in Grafana
/in General NewsThis vulnerability, assigned as CVE-2024-1313 with a CVSS score of 6.5, allows low-privileged Grafana users to delete dashboard snapshots belonging to other organizations using the snapshot’s keys, impacting the integrity of the system.
Cyware News – Latest Cyber News – Read More
SydeLabs raises $2.5M seed to develop an intent-based firewall guard for AI
/in General NewsSydeLabs launched its red teaming solution, SydeBox, on March 1, 2024, and has since seen adoption from 15+ enterprises that have detected over 10,000 vulnerabilities across 50+ applications/models.Read More
Security News | VentureBeat – Read More
PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers
/in General NewsThe maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign.
It said “new project creation and new user registration” was temporarily halted to mitigate what it said was a “malware upload campaign.” The incident was resolved 10 hours later, on March 28, 2024, at
The Hacker News – Read More