BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Implementing Zero Trust and Mitigating Risk: ISC2 Courses to Support Your Development
/in General NewsPost Content
darkreading – Read More
Ransomware Attack Demands Reach a Staggering $5.2m in 2024
/in General NewsAccording to a new analysis by Comparitech, the average ransom demand per ransomware attack in the first half of 2024 was over $5.2m (£4.1m). This was calculated from 56 known ransom demands issued by threat actors during that period.
Cyware News – Latest Cyber News – Read More
Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug
/in General NewsGoogle ships an Android security update with fixes for 15 vulnerabilities, including a critical-severity flaw in Framework.
The post Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug appeared first on SecurityWeek.
SecurityWeek – Read More
Cyber-Insurance Premiums Decline as Firms Build Resilience
/in General NewsCyber insurance premiums have seen significant reductions in price due to improved cybersecurity measures implemented by organizations. Despite an 18% increase in ransomware incidents, premiums have decreased in 2023/24.
Cyware News – Latest Cyber News – Read More
Patch Now: Cisco Zero-Day Under Fire From Chinese APT
/in General NewsThreat actor “Velvet Ant” has been exploiting a vulnerability in Cisco’s NX-OS Software for managing a variety of switches, executing commands and dropping custom malware.
darkreading – Read More
New Orcinius Trojan Uses VBA Stomping to Mask Infection
/in General NewsThis multi-stage trojan utilizes Dropbox and Google Docs to update and deliver payloads. It uses the VBA stomping technique, removing the VBA source code in a Microsoft Office document, leaving only compiled p-code.
Cyware News – Latest Cyber News – Read More
Over 14M servers may be vulnerable to OpenSSH’s regreSSHion RCE flaw. Here’s what you need to do
/in General NewsOpenSSH, the bedrock of secure Linux network access, has a nasty security flaw.
Latest stories for ZDNET in Security – Read More
What Cybersecurity Defense Looks Like for School Districts
/in General NewsDark Reading chats with Johnathan Kim, director of technology at the Woodland Hills School District in North Braddock, Penn., about why cybercriminals target schools — and what they can do about it.
darkreading – Read More
Google Launches $250,000 kvmCTF Bug Bounty Program for KVM Exploits
/in General NewsGoogle offers up to $250,000 for finding security holes in KVM, a key technology for virtual machines. This…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Preparing for Q-Day as NIST Nears Approval of PQC Standards
/in General NewsQ-Day, the day when a quantum computer can break modern encryption, is approaching rapidly, leaving our society vulnerable to cyberattacks. Recent advancements in quantum technology suggest that Q-Day is coming sooner than expected.
Cyware News – Latest Cyber News – Read More