BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Ransomware Group Leaks Data Allegedly Stolen From Kawasaki Motors
/in General NewsThe RansomHub ransomware gang has published 487 gigabytes of data allegedly stolen from Kawasaki Motors Europe’s systems.
The post Ransomware Group Leaks Data Allegedly Stolen From Kawasaki Motors appeared first on SecurityWeek.
SecurityWeek – Read More
Hackers Target Selenium Grid Servers for Proxyjacking and Cryptomining Attacks
/in General NewsThreat actors are infecting publicly exposed Selenium Grid servers to utilize victims’ internet bandwidth for cryptomining, proxyjacking, and potentially more harmful activities.
Cyware News – Latest Cyber News – Read More
Data Stolen in Ransomware Attack That Hit Seattle Airport
/in General NewsThe Port of Seattle, which operates the SEA Airport, has confirmed that the August outage was the result of a ransomware attack.
The post Data Stolen in Ransomware Attack That Hit Seattle Airport appeared first on SecurityWeek.
SecurityWeek – Read More
Hacker Claims Breach of UK’s Experience Engine, Data Sold Online
/in General NewsA hacker known as IntelBroker claims to have breached the UK-based company Experience Engine, allegedly exposing sensitive data.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Windows Vulnerability Abused Braille “Spaces” in Zero-Day Attacks
/in General NewsA recently patched Windows vulnerability, identified as CVE-2024-43461, was exploited by the Void Banshee APT hacking group in zero-day attacks to install information-stealing malware.
Cyware News – Latest Cyber News – Read More
Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure
/in General NewsThe Ivanti Cloud Service Appliance vulnerability CVE-2024-8190 has been exploited in the wild, with attacks starting just days after disclosure.
The post Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure appeared first on SecurityWeek.
SecurityWeek – Read More
SolarWinds Patches Critical Vulnerability in Access Rights Manager
/in General NewsSolarWinds has announced patches for a critical-severity remote code execution vulnerability in Access Rights Manager.
The post SolarWinds Patches Critical Vulnerability in Access Rights Manager appeared first on SecurityWeek.
SecurityWeek – Read More
Applications are Open for IoT Device Cyber Certifiers
/in General NewsThe FCC is seeking volunteers to serve as administrators for a new cybersecurity labeling program, allowing consumers to identify products less vulnerable to cyberattacks.
Cyware News – Latest Cyber News – Read More
Python Libraries Exploited for Malicious Intent
/in General NewsA recent report by Xavier Mertens, a Senior ISC Handler and cybersecurity consultant, highlights a concerning trend where cybercriminals are increasingly using legitimate Python libraries for malicious activities.
Cyware News – Latest Cyber News – Read More
WordPress to Require Two-Factor Authentication for Plugin Developers
/in General NewsWordPress will require two-factor authentication for plugin developers starting October 1, 2024. This mandate will also apply to theme authors. The organization aims to enhance security by preventing hijacked accounts from spreading malicious code.
Cyware News – Latest Cyber News – Read More