BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
LinkedIn Halts AI Data Processing in UK Amid Privacy Concerns Raised by ICO
/in General NewsThe U.K. Information Commissioner’s Office (ICO) has confirmed that professional social networking platform LinkedIn has suspended processing users’ data in the country to train its artificial intelligence (AI) models.
“We are pleased that LinkedIn has reflected on the concerns we raised about its approach to training generative AI models with information relating to its U.K. users,” Stephen
The Hacker News – Read More
How Apple, Google, and Microsoft can save us from AI deepfakes
/in General NewsTo combat AI-driven disinformation, tech giants must collaborate to adopt these open standards. The absence of Apple and X raises concerns.
Latest stories for ZDNET in Security – Read More
Iranian Hackers Tried to Give Hacked Trump Campaign Emails to Dems
/in General NewsPlus: The FBI dismantles the largest-ever China-backed botnet, the DOJ charges two men with a $243 million crypto theft, Apple’s MacOS Sequoia breaks cybersecurity tools, and more.
Security Latest – Read More
Patch this Critical Safeguard for Privileged Passwords Authentication Bypass Flaw
/in General NewsResearchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access.
Cyware News – Latest Cyber News – Read More
Germany Seizes 47 Crypto Exchanges Used by Ransomware Gangs
/in General NewsThese exchanges allowed users to trade cryptocurrencies anonymously, creating a safe environment for cybercriminals to launder their proceeds without fear of prosecution.
Cyware News – Latest Cyber News – Read More
CISA Adds Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and MSSQL Server Bugs to its KEV Catalog
/in General NewsThese vulnerabilities can lead to remote code execution and privilege escalation, posing a significant risk to affected systems. For example, the Oracle JDeveloper vulnerability can allow attackers to compromise the software and take over the system.
Cyware News – Latest Cyber News – Read More
Clever ‘GitHub Scanner’ Campaign Abusing Repositories to Push Malware
/in General NewsA sophisticated campaign is using GitHub repositories to spread the Lumma Stealer malware, targeting users interested in open-source projects or receiving email notifications from them.
Cyware News – Latest Cyber News – Read More
Microsoft Entra ID’s Administrative Units Weaponized to Gain Stealthy Persistence
/in General NewsDatadog Security Labs recently revealed a security risk within Microsoft Entra ID, showing how its administrative units (AUs) can be weaponized by attackers to create persistent backdoor access.
Cyware News – Latest Cyber News – Read More
Adversarial attacks on AI models are rising: what should you do now?
/in General NewsWith AI’s growing influence across industries, malicious attackers continue to sharpen their tradecraft to exploit ML models.Read More
Security News | VentureBeat – Read More
Ivanti’s Cloud Service Appliance Attacked via Second Vuln
/in General NewsThe critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).
darkreading – Read More