BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
Goffloader: In-Memory Execution, No Disk Required
/in General NewsPraetorian has uncovered GoffLoader, an in-memory execution tool that allows security professionals to run BOF and unmanaged Cobalt Strike PE files directly in memory without writing to disk.
Cyware News – Latest Cyber News – Read More
CVE-2024-26581 PoC Exploit Released: Linux Systems at Risk of Root Compromise
/in General NewsThe CVE-2024-26581 PoC exploit has been disclosed, posing a risk to Linux systems by allowing root compromise. The flaw exists in the nft_set_rbtree function within the Linux kernel, enabling attackers to access sensitive data on affected systems.
Cyware News – Latest Cyber News – Read More
Head Mare Hacktivist Group Targets Russia and Belarus
/in General NewsThe group, active since at least 2023, exclusively targets companies in these countries. They use modern techniques to gain initial access to systems, primarily through phishing emails with custom malware like PhantomDL and PhantomCore.
Cyware News – Latest Cyber News – Read More
LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks
/in General NewsA vulnerability in the LiteSpeed Cache WordPress plugin leads to the exposure of sensitive information, including user cookies.
The post LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025
/in General NewsThe 2024 State of the vCISO Report continues Cynomi’s tradition of examining the growing popularity of virtual Chief Information Security Officer (vCISO) services. According to the independent survey, the demand for these services is increasing, with both providers and clients reaping the rewards. The upward trend is set to continue, with even faster growth expected in the future. However,
The Hacker News – Read More
1Password review: A premium password manager well worth the money
/in General NewsUpgrade your security with 1Password, a premium password manager with useful features.
Latest stories for ZDNET in Security – Read More
Veeam Patches Critical Vulnerabilities in Enterprise Products
/in General NewsVeeam has released patches for critical-severity vulnerabilities in Backup & Replication, ONE, and Service Provider Console.
The post Veeam Patches Critical Vulnerabilities in Enterprise Products appeared first on SecurityWeek.
SecurityWeek – Read More
Therapy Sessions Exposed by Mental Health Care Firm’s Unsecured Database
/in General NewsVideo and audio of therapy sessions, transcripts, and other patient records were accidentally exposed in a publicly accessible database operated by the virtual medical company Confidant Health.
Security Latest – Read More
Critical Vulnerability Discovered in Progress LoadMaster
/in General NewsProgress Software has alerted users to a critical vulnerability (CVE-2024-7591) in its LoadMaster ADC and load balancer solution. The flaw, with a CVSS score of 10, allows remote attackers to execute system commands without authentication.
Cyware News – Latest Cyber News – Read More
Webmin/Virtualmin Vulnerability Opens Door to Loop DoS Attacks
/in General NewsA critical vulnerability (CVE-2024-2169) in Webmin/Virtualmin control panels allows for launching DoS attacks. This flaw reveals IP addresses through the UDP service on port 10000, enabling attackers to create a loop of traffic between servers.
Cyware News – Latest Cyber News – Read More