BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Hackers Deliver Popular Crypto-Miner Through Malicious Email Auto Replies, Researchers Say
/in General NewsHackers are distributing a popular crypto-miner via malicious email auto-replies, as per researchers. They compromised email accounts to send innocent automatic replies with links to crypto-mining malware, specifically XMRig.
Cyware News – Latest Cyber News – Read More
UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks
/in General NewsUNC1860 has been observed using victim networks as staging areas for additional operations, targeting entities in Saudi Arabia and Qatar. They overlap with APT34, assisting in lateral movement within compromised organizations.
Cyware News – Latest Cyber News – Read More
Google Now Syncing Passkeys Across Desktop, Android Devices
/in General NewsUsers can now save passkeys to Google Password Manager on computers running Windows, macOS, and Linux, in addition to Android devices.
The post Google Now Syncing Passkeys Across Desktop, Android Devices appeared first on SecurityWeek.
SecurityWeek – Read More
GenAI in Cybersecurity: Insights Beyond the Verizon DBIR
/in General NewsThe lack of abundant data on AI-enabled attacks in official reports shouldn’t prevent us from preparing for and mitigating potential future threats.
darkreading – Read More
In Other News: Disney Ditches Slack, Binance Malware Warning, Defense Conference Targeted
/in General NewsNoteworthy stories that might have slipped under the radar: Disney will stop using Slack following a hack, Binance warns of malware, and US-Taiwan defense conference targeted by hackers.
The post In Other News: Disney Ditches Slack, Binance Malware Warning, Defense Conference Targeted appeared first on SecurityWeek.
SecurityWeek RSS Feed – Read More
Germany shuts down 47 cryptocurrency exchange services used by cybercriminals
/in General NewsNearly four dozen sites greeted users with the message “This was your final exchange” after German police executed a sting against alleged money laundering services.
The Record from Recorded Future News – Read More
Acronis Backup Plugins Hit by CVE-2024-8767: CVSS 9.9 Severity Alert
/in General NewsAcronis Backup Plugins have been affected by a critical security flaw, CVE-2024-8767 (CVSS 9.9). The vulnerability impacts Linux-based plugins for cPanel & WHM, Plesk, and DirectAdmin, potentially leading to data breaches and unauthorized operations.
Cyware News – Latest Cyber News – Read More
Noise Storms: Massive Amounts of Spoofed Web Traffic Linked to China
/in General NewsGreyNoise has observed millions of spoofed IPs flooding internet providers with web traffic primarily focusing on TCP connections.
The post Noise Storms: Massive Amounts of Spoofed Web Traffic Linked to China appeared first on SecurityWeek.
SecurityWeek – Read More
Experts Warn of China-Linked APT’s Raptor Train IoT Botnet
/in General NewsThe attribution of the Raptor Train botnet to a Chinese nation-state actor is based on various factors, including operational timelines, targeting sectors aligned with Chinese interests, and the use of the Chinese language.
Cyware News – Latest Cyber News – Read More
CVE-2023-48788 Exploited: Researcher Details Cyberattacks on Fortinet FortiClient EMS
/in General NewsCybersecurity researchers at Darktrace have discovered cybercriminals exploiting Fortinet’s FortiClient EMS. The attackers targeted a critical vulnerability, CVE-2023-48788, to gain unauthorized access through an SQL injection flaw.
Cyware News – Latest Cyber News – Read More