BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] WebDAV Windows 10 - Remote Code Execution (RCE)
- [local] Microsoft Excel Use After Free - Local Code Execution
- [remote] Windows File Explorer Windows 10 Pro x64 - TAR Extraction
Critical SSTI Flaw in WPML Plugin Exposes Millions of WordPress Sites to RCE Attacks
/in General NewsThis vulnerability allows authorized users to inject and execute malicious code through the plugin’s shortcode feature, potentially leading to data theft and website takeover.
Cyware News – Latest Cyber News – Read More
Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot
/in General NewsDetails have emerged about a now-patched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user information using a technique called ASCII smuggling.
“ASCII Smuggling is a novel technique that uses special Unicode characters that mirror ASCII but are actually not visible in the user interface,” security researcher Johann Rehberger said.
“This means that an attacker
The Hacker News – Read More
Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation
/in General NewsGoogle has revealed that a security flaw that was patched as part of a security update rolled out last week to its Chrome browser has come under active exploitation in the wild.
Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine.
“Inappropriate implementation in V8 in Google Chrome prior to
The Hacker News – Read More
How AI is helping cut the risks of breaches with patch management
/in General NewsAI/ML-driven patch management delivers real-time risk assessments, guiding IT and security teams to prioritize critical patches first.Read More
Security News | VentureBeat – Read More
Microsoft to Host Windows Security Summit in CrowdStrike Outage Aftermath
/in General NewsThe tech giant seeks to work with endpoint security partners, including CrowdStrike, on how to prevent an outage event of such gravity from happening again.
darkreading – Read More
Hackers Use Rare Stealth Techniques to Down Asian Military, Gov’t Orgs
/in General NewsA threat actor resembling APT41 performed “AppDomainManager Injection,” which is like DLL sideloading, but arguably easier and stealthier.
darkreading – Read More
Telegram CEO Pavel Durov’s Arrest Linked to Sweeping Criminal Investigation
/in General NewsFrench authorities detained Durov to question him as part of a probe into a wide range of alleged violations—including money laundering and CSAM—but it remains unclear if he will face charges.
Security Latest – Read More
Audit Finds Notable Security Gaps in FBI’s Storage Media Management
/in General NewsThe FBI lacks proper policies and controls for tracking and disposing of storage media, leading to risks of loss or theft. The audit also identified physical security gaps in the media destruction process at FBI facilities.
Cyware News – Latest Cyber News – Read More
Cybercriminals Tap Greasy Opal to Create 750M Fake Microsoft Accounts
/in General NewsSuch cyberattack enablement services let attackers breach security measures, establish new fake accounts, and brute-force servers.
darkreading – Read More
Vulnerability Prioritization is Only the Beginning
/in General NewsVulnerability prioritization is crucial in managing security threats but is only the beginning. Knowing which vulnerabilities to address is not enough; the focus should be on quickly addressing and mitigating them.
Cyware News – Latest Cyber News – Read More