BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
EU court fines European Commission for breaching its own data privacy laws
/in General NewsThe EU court said the bloc’s executive authority violated a citizen’s rights by transferring some of his personal data to the U.S. without proper safeguards.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques
/in General NewsCybersecurity researchers have shed light on a new remote access trojan called NonEuclid that allows bad actors to remotely control compromised Windows systems.
“The NonEuclid remote access trojan (RAT), developed in C#, is a highly sophisticated malware offering unauthorised remote access with advanced evasion techniques,” Cyfirma said in a technical analysis published last week.
“It employs
The Hacker News – Read More
New PayPal Phishing Scam Exploits MS365 Tools and Genuine-Looking Emails
/in General NewsFortinet uncovers a new PayPal phishing scam exploiting legitimate platform features. Learn how this sophisticated attack works and how to protect yourself from falling victim.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Cybersecurity Funding Reached $9.5 Billion in 2024: Report
/in General NewsCybersecurity firms raised $9.5 billion in over 300 funding rounds in 2024, with Wiz scoring the largest investment at $1 billion.
The post Cybersecurity Funding Reached $9.5 Billion in 2024: Report appeared first on SecurityWeek.
SecurityWeek – Read More
UN aviation agency ICAO confirms its recruitment database was hacked
/in General NewsICAO said that a previously reported data breach involved “approximately 42,000 recruitment application data records from April 2016 to July 2024.”
The Record from Recorded Future News – Read More
Insider Threat: Tackling the Complex Challenges of the Enemy Within
/in General NewsThe insider threat problem will worsen, and the solutions will widen, in the age of generative-AI.
The post Insider Threat: Tackling the Complex Challenges of the Enemy Within appeared first on SecurityWeek.
SecurityWeek – Read More
Scammers Impersonate Authorities to Swipe OTPs with Remote Access Apps
/in General NewsSUMMARY Cybersecurity researchers at Group-IB have discovered a sophisticated refund scam where scammers are using remote access tools…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks
/in General NewsA Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks.
The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States.
The Hacker News – Read More
Chrome 131, Firefox 134 Updates Patch High-Severity Vulnerabilities
/in General NewsChrome and Firefox updates released this week resolve high-severity vulnerabilities in the two popular browsers.
The post Chrome 131, Firefox 134 Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
First Android Update of 2025 Patches Critical Code Execution Vulnerabilities
/in General NewsThis year’s first batch of monthly security updates for Android resolves 36 vulnerabilities, including critical remote code execution flaws.
The post First Android Update of 2025 Patches Critical Code Execution Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More