BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta’s Lawsuit
/in General NewsLegal documents released as part of an ongoing legal tussle between Meta’s WhatsApp and NSO Group have revealed that the Israeli spyware vendor used multiple exploits targeting the messaging app to deliver Pegasus, including one even after it was sued by Meta for doing so.
They also show that NSO Group repeatedly found ways to install the invasive surveillance tool on the target’s devices as
The Hacker News – Read More
Microsoft Pulls Exchange Patches Amid Mail Flow Issues
/in General NewsEmail at many organizations has stopped working; the tech giant has advised users who are facing the issue to uninstall the updates so that it can address flaw.
darkreading – Read More
What Okta’s failures say about the future of identity security in 2025
/in General News2025 needs to be the year identity providers go all in on improving every aspect of software quality and security, including red teaming.Read More
Security News | VentureBeat – Read More
Ohio man behind Helix cryptocurrency mixer gets 3-year sentence
/in General NewsLarry Harmon ran the mixer from 2014 to 2017, facilitating more than $300 million worth of cryptocurrency transactions.
The Record from Recorded Future News – Read More
ANZ CIO Challenges: AI, Cybersecurity & Data Analytics for 2025
/in General NewsANZ government CIOs face budget constraints while prioritizing AI, cybersecurity, and data analytics for productivity gains and digital transformation in 2025.
Security | TechRepublic – Read More
Homeland Security Department Releases Framework for Using AI in Critical Infrastructure
/in General NewsThe framework recommends that AI developers evaluate potentially dangerous capabilities in their products, ensure their products align with “human-centric values” and protect users’ privacy.
The post Homeland Security Department Releases Framework for Using AI in Critical Infrastructure appeared first on SecurityWeek.
SecurityWeek – Read More
NSO Group admits cutting off 10 customers because they abused its Pegasus spyware, say unsealed court documents
/in General NewsNewly unsealed documents brought by a WhatsApp lawsuit shows NSO Group’s spyware, Pegasus, was used to hack as many as “tens of thousands” of devices.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations
/in General NewsCybersecurity researchers have shed light on a new remote access trojan and information stealer used by Iranian state-sponsored actors to conduct reconnaissance of compromised endpoints and execute malicious commands.
Cybersecurity company Check Point has codenamed the malware WezRat, stating it has been detected in the wild since at least September 1, 2023, based on artifacts uploaded to the
The Hacker News – Read More
8.8 Rated PostgreSQL Vulnerability Puts Databases at Risk
/in General NewsCybersecurity researchers at Varonis have identified a serious security vulnerability in PostgreSQL that could lead to data breaches…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Microsoft Power Pages Misconfigurations Expose Millions of Records Globally
/in General NewsSaaS Security firm AppOmni has identified misconfigurations in Microsoft Power Pages that can lead to severe data breaches.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More