BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
New Android Malware Ajina.Banker Steals 2FA Codes, Spreads via Telegram
/in General NewsA new Android malware called Trojan Ajina.Banker is targeting Central Asia – Discover how this malicious malware disguises…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
SolarWinds Reveals RCE Flaw in Access Rights Manager
/in General NewsSolarWinds has disclosed two vulnerabilities in their Access Rights Manager (ARM) software: CVE-2024-28990 (CVSS 6. 3) allows for a hardcoded credential authentication bypass, while CVE-2024-28991 (CVSS 9. 0) enables remote code execution.
Cyware News – Latest Cyber News – Read More
New Android malware targets bank customers in Central Asia
/in General NewsPost Content
The Record from Recorded Future News – Read More
Fortinet confirms customer data breach
/in General NewsOn Thursday, cybersecurity giant Fortinet disclosed a breach involving customer data. In a statement posted online, Fortinet said an individual intruder accessed “a limited number of files” stored on a third-party shared cloud drive belonging to Fortinet, which included data belonging to “less than 0.3%” of its customers. The company said that the incident “did […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Fake Recruiter Coding Tests Target Developers With Malicious Python Packages
/in General NewsThe Lazarus Group has been targeting developers in a new VMConnect campaign, using fake job interviews to trick them into downloading malicious software packages from open-source repositories.
Cyware News – Latest Cyber News – Read More
Hardware Supply Chain Threats Can Undermine Endpoint Infrastructure
/in General NewsTo prevent this, organizations should focus on developing secure hardware and firmware foundations, enabling them to manage, monitor, and remediate hardware and firmware security.
darkreading – Read More
Update: Hackers Target Apache OFBiz RCE Flaw CVE-2024-45195 After PoC Exploit Released
/in General NewsHackers are targeting an RCE vulnerability (CVE-2024-45195) in Apache OFBiz after the release of a Proof of Concept (PoC) exploit. Malicious requests have been detected, with attacks focusing on the financial services industry and business sectors.
Cyware News – Latest Cyber News – Read More
Largest crypto exchange in Indonesia pledges to reimburse users after $22 million theft
/in General NewsPost Content
The Record from Recorded Future News – Read More
Two Critical RCE Flaws Discovered in Docker Desktop
/in General NewsTwo critical remote code execution (RCE) flaws, identified as CVE-2024-8695 and CVE-2024-8696, have been uncovered in Docker Desktop, a popular tool for containerized application development.
Cyware News – Latest Cyber News – Read More
Chinese-speaking Hackers Linked to DragonRank SEO Manipulator Service
/in General NewsBy exploiting web app services, the attackers deploy a web shell to launch malware and gather credentials, compromising IIS servers to spread the BadIIS malware. The malware facilitates proxy ware and SEO fraud by manipulating search engine rankings.
Cyware News – Latest Cyber News – Read More