BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
Unsecured Database Exposed 39 Million Sensitive Legal Records Online
/in General NewsMillions of Legal Documents Exposed Online! Sensitive data leak raises security concerns for the legal industry. Learn how…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Hackers Target WordPress Calendar Plugin Used by 150,000 Sites
/in General NewsHackers are targeting a vulnerability in the Modern Events Calendar WordPress plugin found on over 150,000 websites to upload files and execute code remotely. The plugin by Webnus is used to manage events.
Cyware News – Latest Cyber News – Read More
Google Is Adding Passkey Support for Its Most Vulnerable Users
/in General NewsGoogle is bringing the password-killing “passkey” tech to its Advanced Protection Program users more than a year after rolling them out broadly.
Security Latest – Read More
Google Targets Passkey Support to High-Risk Execs, Civil Society
/in General NewsThe tech giant has rolled out passkey support for account authentication within its Advanced Protection Program to complement existing compatibility with FIDO2 hardware keys.
darkreading – Read More
Crypto Analysts Expose HuiOne Guarantee’s $11 Billion Cybercrime Transactions
/in General NewsCryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that’s widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams.
“Merchants on the platform offer technology, data, and money laundering services, and have engaged in transactions totaling at least $11 billion,” Elliptic said in a report shared with The Hacker News.
The Hacker News – Read More
The $11 Billion Marketplace Enabling the Crypto Scam Economy
/in General NewsDeepfake scam services. Victim data. Electrified shackles for human trafficking. Crypto tracing firm Elliptic found all were available for sale on an online marketplace linked to Cambodia’s ruling family.
Security Latest – Read More
ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks
/in General NewsThe sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents.
“A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime (CLR) to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations,” Trellix security researchers Mathanraj Thangaraju and Sijo Jacob
The Hacker News – Read More
New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk
/in General NewsSelect versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE).
The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1
The Hacker News – Read More
Houthi-Aligned APT Targets Mideast Militaries With ‘GuardZoo’ Spyware
/in General NewsSimple malware and simple TTPs play against a backdrop of complex geopolitical conflict in the Arab world.
darkreading – Read More
Microsoft Patch Tuesday: Microsoft Patches 142 Critical Vulnerabilities
/in General NewsMicrosoft plugs critical security holes in July Patch Tuesday! 142 vulnerabilities patched, including actively exploited zero-days and remote…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More