BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Google Workspace Vulnerability Allowed Hackers to Access 3rd-Party Services
/in General NewsA Google Workspace vulnerability exposed thousands of accounts after hackers bypassed email verification. Learn how to protect your…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Adaptive Shield Showcases New ITDR Platform for SaaS at Black Hat USA
/in General NewsLas Vegas, Nevada, 30th July 2024, CyberNewsWire
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Google Cloud CISO Phil Venables: ‘I’m short-term pessimistic, long-term optimistic’
/in General NewsSecurityWeek fireside chat: Google Cloud CISO on CISA’s secure-by-design initiatives, government regulations, holding vendors accountable, and transformational security leadership.
The post Google Cloud CISO Phil Venables: ‘I’m short-term pessimistic, long-term optimistic’ appeared first on SecurityWeek.
SecurityWeek – Read More
Massive Phishing Campaign Exploiting Proofpoint’s Email Protection to Dispatch Millions of Perfectly Spoofed Emails
/in General NewsThe campaign began in January 2024 and peaked at 14 million emails in June. The emails were designed to steal sensitive information and included authentic-looking signatures to bypass security measures.
Cyware News – Latest Cyber News – Read More
Crafty ClickFix-Style Phishing Campaign Targets Microsoft OneDrive Users
/in General NewsThe attackers use social engineering tactics to get users to run a PowerShell script, compromising their systems. The scam starts with an email containing an HTML file that tricks the recipient into clicking on a button to fix a fake DNS issue.
Cyware News – Latest Cyber News – Read More
New Mandrake Spyware Found in Google Play Store Apps After Two Years
/in General NewsA new iteration of a sophisticated Android spyware called Mandrake has been discovered in five applications that were available for download from the Google Play Store and remained undetected for two years.
The applications attracted a total of more than 32,000 installations before being pulled from the app storefront, Kaspersky said in a Monday write-up. A majority of the downloads originated
The Hacker News – Read More
Indian APT Targeting Mediterranean Ports and Maritime Facilities
/in General NewsThe SideWinder APT has been targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea in recent attacks.
The post Indian APT Targeting Mediterranean Ports and Maritime Facilities appeared first on SecurityWeek.
SecurityWeek – Read More
Cyberattackers Accessed HealthEquity Customer Info via Third Party
/in General NewsData thieves heisted the HSA provider’s data repository for 4.5 million people’s HR information, including employer and dependents intel.
darkreading – Read More
AI, Cybersecurity Top Investment Areas for Industrial Organizations: Cisco
/in General NewsCisco has published its inaugural State of Industrial Networking report, based on a survey of 1,000 individuals.
The post AI, Cybersecurity Top Investment Areas for Industrial Organizations: Cisco appeared first on SecurityWeek.
SecurityWeek – Read More
The CrowdStrike Meltdown: A Wake-up Call for Cybersecurity
/in General NewsThe incident serves as a stark reminder of the fragility of our digital infrastructure. By adopting a diversified, resilient approach to cybersecurity, we can mitigate the risks and build a more secure digital future.
darkreading – Read More