BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Contractor Software Targeted via Microsoft SQL Server Loophole
/in General NewsBy accessing the MSSQL, threat actors gain admin-level access to the application, allowing them to automate their attacks.
darkreading – Read More
Packed With Features, ‘SambaSpy’ RAT Delivers Hefty Punch
/in General NewsThought to be Brazilian in origin, the remote access Trojan is the “perfect tool for a 21st-century James Bond.”
darkreading – Read More
Global Crime Hit as Europol Shuts Down Encrypted Chat App Ghost
/in General NewsEuropol, alongside global law enforcement, dismantled the encrypted chat app Ghost, widely used by criminal networks for drug…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
FCC: AT&T Didn’t Adequately Protect Customers’ Cloud Data
/in General NewsRegulators fine AT&T $13 million for failing to protect customer information held by a third-party vendor, and extend consumer data protections to the cloud.
darkreading – Read More
Singapore mandates face authentication for ‘higher risk’ bank transactions
/in General NewsThe move comes amid growing phishing attacks targeting the financial services sector; most impacted by brand impersonation scams.
Latest stories for ZDNET in Security – Read More
QR Phishing Scams Gain Motorized Momentum in UK
/in General NewsCriminal actors are finding their niche in utilizing QR phishing codes, otherwise known as “quishing,” to victimize unsuspecting tourists in Europe and beyond.
darkreading – Read More
Thousands of ServiceNow KB Instances Expose Sensitive Corporate Data
/in General NewsDespite security updates to protect data, 45% of total enterprise instances of the cloud-based IT management platform leaked PII, internal system details, and active credentials over the past year.
darkreading – Read More
Censys Uncovers Hidden Infrastructure of Iranian Fox Kitten Group
/in General NewsCensys uncovers the hidden infrastructure of Fox Kitten, an Iranian cyberespionage group. It reveals unique patterns, potential new…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Two-Thirds of Security Leaders Consider Banning AI-Generated Code, Report Finds
/in General NewsSecurity leaders don’t believe developers check the quality of the AI-generated code with as much rigour as they do their own, according to a report from Venafi.
Security | TechRepublic – Read More
Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing
/in General NewsGoogle Chrome has (finally) introduced new privacy features, these include automatic Safety Check and one-time permissions. Safety Check now runs in the background, evaluating and revoking site permissions, while also flagging suspicious activity. Meanwhile, one-time permissions allow users to grant temporary access to their camera or microphone, automatically revoking it once they leave the…
Source
TechSplicer Blog – Read More