BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights
/in General NewsAn Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data.
The unnamed 42-year-old “allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from unsuspecting victims who mistakenly connected to them,” the Australian Federal Police (AFP) said in a press
The Hacker News – Read More
Papua New Guinea Sets High Bar in Data Security
/in General NewsThe small island nation’s new data protection and governance policy reflects a forward-thinking cybersecurity strategy.
darkreading – Read More
Deepfakes will cost $40 billion by 2027 as adversarial AI gains momentum
/in General NewsNow one of the fastest-growing forms of adversarial AI, deepfakes-related losses are expected to soar from $12.3 billion in 2023.Read More
Security News | VentureBeat – Read More
CISA Report Finds Most Open-Source Projects Contain Memory-Unsafe Code
/in General NewsAnalysts found that 52% of open-source projects are written in memory-unsafe languages like C and C++.
Security | TechRepublic – Read More
Multi-Malware ‘Cluster Bomb’ Campaign Drops Widespread Cyber Havoc
/in General News“Unfurling Hemlock” has deployed malware on tens of thousands of systems worldwide by nesting multiple malicious files inside other malicious files.
darkreading – Read More
Google Opens $250K Bug Bounty Contest for VM Hypervisor
/in General NewsIf security researchers can execute a guest-to-host attack using a zero-day vulnerability in the KVM open source hypervisor, Google will make it worth their while.
darkreading – Read More
regreSSHion: Critical Vulnerability in OpenSSH Exposes Millions of Servers
/in General NewsA critical vulnerability in OpenSSH (regreSSHion) allows attackers full access to servers! Millions at risk. Learn how to…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Prudential Data Breach Victim Count Soars to 2.5M
/in General NewsThe company seemingly underestimated the severity of the breach after originally providing a head count of roughly 36,000 impacted individuals.
darkreading – Read More
‘RegreSSHion’ Bug Threatens Takeover of Millions of Linux Systems
/in General NewsThe high-severity CVE-2024-6387 in OpenSSH is a reintroduction of a 2006 flaw, and it allows unauthenticated RCE as root.
darkreading – Read More
Juniper Rushes Out Emergency Patch for Critical Smart Router Flaw
/in General NewsAlthough not yet exploited in the wild, the max-critical authentication bypass bug could allow adversaries to take over unpatched Juniper Session Smart Routers and Conductors, and WAN Assurance Routers, the company warns.
darkreading – Read More