BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Apache Tomcat 10.1.39 - Denial of Service (DoS)
- [remote] Grandstream GSD3710 1.0.11.13 - Stack Overflow
- [webapps] CloudClassroom PHP Project 1.0 - SQL Injection
- [remote] Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
- [remote] ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
- [local] macOS LaunchDaemon iOS 17.2 - Privilege Escalation
- [remote] Automic Agent 24.3.0 HF4 - Privilege Escalation
- [remote] Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
- [webapps] WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
- [remote] SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal
VexTrio: The Uber of Cybercrime – Brokering Malware for 60+ Affiliates
/in General NewsVexTrio has been attributed to malicious campaigns that use domains generated by a dictionary domain generation algorithm (DDGA) to propagate scams, riskware, spyware, adware, potentially unwanted programs (PUPs), and pornographic content.
Cyware News – Latest Cyber News – Read More
Splunk fixed high-severity flaw impacting Windows versions
/in General NewsDeserialization of untrusted data can allow malicious code to be executed on the system. This is because the serialized data can contain instructions that the application will execute when it deserializes the data.
Cyware News – Latest Cyber News – Read More
Chrome 121 Patches 17 Vulnerabilities
/in General NewsGoogle releases Chrome 121 to the stable channel with 17 security fixes, including 11 reported by external researchers.
The post Chrome 121 Patches 17 Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Trello API Abused to Link Email Addresses to 15 Million Accounts
/in General NewsFor those concerned, the Trello leak has been added to the Have I Been Pwned data breach notification service, allowing anyone to check if they are among the 15 million leaked email addresses.
Cyware News – Latest Cyber News – Read More
GoAnywhere MFT Critical Flaw Lets Anyone Be Admin
/in General NewsAuthentication bypass in Fortra’s GoAnywhere MFT before 7.4.1 allows an unauthorized user to create an admin user via the administration portal,” Fortra said in an advisory released on January 22, 2024.
Cyware News – Latest Cyber News – Read More
Netskope Announces MSP-Friendly, Enterprise-Grade SASE Tailored for the Midmarket
/in General NewsPost Content
darkreading – Read More
US, UK, AU Officials Sanction 33-Year-Old Russian Medibank Hacker
/in General NewsAleksandr Ermakov, alongside other members of the REvil ransomware gang, are responsible for one of the biggest cyberattacks in Australia’s history.
darkreading – Read More
Google Chrome adds new AI features to boost productivity and creativity
/in General NewsGoogle Chrome introduces new AI features to help you organize tabs, create themes and write text on the web, and faces some challenges along the way.Read More
Security News | VentureBeat – Read More
Patch Your GoAnywhere MFT Immediately – Critical Flaw Lets Anyone Be Admin
/in General NewsA critical security flaw has been disclosed in Fortra’s GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user.
Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10.
“Authentication bypass in Fortra’s GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal,” Fortra&
The Hacker News – Read More
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine
/in General NewsThe new bug is Apple’s 12th WebKit zero-day in the last year, highlighting the increasing enterprise exposure to browser-borne threats.
darkreading – Read More