BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Cybercriminal Duo Attracts FBI Notice by Spending Big & Living Large
/in General NewsCash may be king, but law enforcement keeps track of who spends it, especially when it’s in the six-figure range.
darkreading – Read More
Critical Ivanti vTM Bug Allows Unauthorized Admin Access
/in General NewsThe CVSS 9.8 authentication bypass in Ivanti’s traffic manager admin panel already has a proof-of-concept (PoC) exploit lurking in the wild.
darkreading – Read More
Inc Ransomware Encryptor Contains Keys to Victim Data Recovery
/in General NewsThe threat group is disrupting healthcare organizations. Victims can help themselves, though, even after compromise, by being careful in the decryption process.
darkreading – Read More
APT41 Spinoff Expands Chinese Actor’s Scope Beyond Asia
/in General NewsEarth Baku, yet another subgroup of the highly active and increasingly sophisticated collective, is moving into EMEA with new malware and living-off-the-land (LOL) tactics.
darkreading – Read More
FBI Shuts Down Dozens of Radar/Dispossessor Ransomware Servers
/in General NewsComputer infrastructure in the US, UK, and Germany associated with the cybercriminal group, which targeted SMBs using double extortion, is officially out of commission.
darkreading – Read More
Microsoft Azure AI Health Bot Infected With Critical Vulnerabilities
/in General NewsPrivilege escalation flaws in the healthcare chatbot platform could have allowed unauthorized cross-tenant access and management of other customers’ resources.
darkreading – Read More
StickmanCyber Report: A Look Inside Australia’s Cybersecurity Skills Crisis
/in General NewsA StickmanCyber report reveals a critical cybersecurity skills shortage in Australia, which can have both short- and long-term business implications
Security | TechRepublic – Read More
Microsoft Warns of Six Windows Zero-Days Being Actively Exploited
/in General NewsMicrosoft’s security response team pushed out documentation for almost 90 vulnerabilities across Windows and OS components and marked several flaws in the actively exploited category.
The post Microsoft Warns of Six Windows Zero-Days Being Actively Exploited appeared first on SecurityWeek.
SecurityWeek – Read More
Adobe Calls Attention to Massive Batch of Code Execution Flaws
/in General NewsPatch Tuesday: Adobe patches 72 security vulnerabilities and warns that Windows and macOS users are at risk of code execution, memory leaks, and denial-of-service attacks.
The post Adobe Calls Attention to Massive Batch of Code Execution Flaws appeared first on SecurityWeek.
SecurityWeek – Read More
GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks
/in General NewsA team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head’s XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices.
The vulnerability has been codenamed GhostWrite. It has been described as a direct CPU bug embedded in the hardware, as
The Hacker News – Read More