BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
GhostWrite Vulnerability Facilitates Attacks on Devices With RISC-V CPU
/in General NewsResearchers disclose the details of GhostWrite, a RISC-V CPU vulnerability that can be exploited to gain full access to targeted devices.
The post GhostWrite Vulnerability Facilitates Attacks on Devices With RISC-V CPU appeared first on SecurityWeek.
SecurityWeek – Read More
Critical Solar Power Grid Vulnerabilities Risk Global Blackouts
/in General NewsCybersecurity firm Bitdefender reveals critical vulnerabilities in solar power management platforms, putting 20% of global solar production at…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Report: Email Attacks Skyrocket 293%
/in General NewsAccording to Acronis, ransomware remains a top threat for SMBs, especially in critical sectors like government and healthcare, where 10 new ransomware groups conducted 84 cyberattacks globally in Q1 2024.
Cyware News – Latest Cyber News – Read More
Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords
/in General NewsCybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim’s web browser and steal sensitive information from their account under specific circumstances.
“When a victim views a malicious email in Roundcube sent by an attacker, the attacker can execute arbitrary JavaScript in the victim’s
The Hacker News – Read More
Researcher Sounds Alarm on Windows Update Flaws Allowing Undetectable Downgrade Attacks
/in General NewsResearcher showcases hack against Microsoft Windows Update architecture, turning fixed vulnerabilities into zero-days.
The post Researcher Sounds Alarm on Windows Update Flaws Allowing Undetectable Downgrade Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Implement MFA or Risk Non-Compliance With GDPR
/in General NewsThe UK Information Commissioner’s Office announced its intention to fine Advanced Computer Software Group £6.09 million.
The post Implement MFA or Risk Non-Compliance With GDPR appeared first on SecurityWeek.
SecurityWeek – Read More
Federal Watchdog Urges EPA to Develop Comprehensive Cyber Strategy to Protect Water Systems
/in General NewsThe U.S. Government Accountability Office is urging the Environmental Protection Agency (EPA) to develop a comprehensive strategy to protect the nation’s drinking and wastewater systems from cyber threats.
Cyware News – Latest Cyber News – Read More
New Linux Kernel Exploit Technique ‘SLUBStick’ Discovered by Researchers
/in General NewsCybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive.
“Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably,” a group of academics from the Graz University of Technology said [PDF]. ”
The Hacker News – Read More
NHS Software Supplier Advanced Faces $7.6 Million Fine Over Ransomware Attack Failings
/in General NewsNHS software supplier Advanced faces a hefty fine of over £6 million (~$7.6 Million) for failing to protect personal information during a ransomware attack that impacted the National Health Service in the UK.
Cyware News – Latest Cyber News – Read More
Phishing Attacks Can Bypass Microsoft 365 Email Safety Warnings
/in General NewsA vulnerability in Microsoft 365’s anti-phishing measures allows malicious actors to deceive users into opening harmful emails by…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More