BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
- Pulsegram - Integrated Keylogger With Telegram
- Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
- VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
Exploit DB
- [local] Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
- [local] unzip-stream 0.3.1 - Arbitrary File Write
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
Splunk Patches Dozens of Vulnerabilities
/in General NewsSplunk patches high-severity remote code execution and information disclosure flaws in Splunk Enterprise and Secure Gateway App.
The post Splunk Patches Dozens of Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
OpenAI Bug Bounty Program Increases Top Reward to $100,000
/in General NewsOpenAI Bug Bounty program boosts max reward to $100,000, expanding scope and offering new incentives to enhance AI security and reliability.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
RedCurl Uses New QWCrypt Ransomware in Hypervisor Attacks
/in General NewsDiscover the novel QWCrypt ransomware used by RedCurl in targeted hypervisor attacks. This article details their tactics, including…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Anthropic scientists expose how AI actually ‘thinks’ — and discover it secretly plans ahead and sometimes lies
/in General NewsAnthropic has developed a new method for peering inside large language models like Claude, revealing for the first time how these AI systems process information and make decisions. The research, published today in two papers (available here and here), shows these models are more sophisticated than previously understood — they plan ahead when writin…Read More
Security News | VentureBeat – Read More
DoJ Recovers $5M Lost in BEC Fraud Against Workers’ Union
/in General NewsThe union received a spoofed email that led to the loss of $6.4 million, much of it transferred to other accounts or to a cryptocurrency exchange.
darkreading – Read More
UK Software Firm Fined £3 Million Over Ransomware-Caused Data Breach
/in General NewsThe UK ICO has fined Advanced Computer Software Group £3 million ($3.8 million) over a 2022 data breach resulting from a ransomware attack.
The post UK Software Firm Fined £3 Million Over Ransomware-Caused Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
Russia arrests three for allegedly creating Mamont malware, tied to over 300 cybercrimes
/in General NewsRussian authorities said they arrested three people and seized hardware in an operation against Mamont malware, which specializes in stealing money from Android device users.
The Record from Recorded Future News – Read More
Signal downloads spike in the U.S. and Yemen amid government scandal
/in General NewsThe encrypted messaging app Signal is getting some unexpected attention this week. High-ranking officials in the Trump administration, including Vice President J.D. Vance and Secretary of Defense Peter Hegseth, communicated the plans for an attack on the Yemeni Houthis via a potentially unauthorized group chat on Signal. However, Atlantic editor-in-chief Jeffrey Goldberg was mistakenly added […]
Security News | TechCrunch – Read More
10 pesky Windows 11 24H2 bugs still haunting PCs despite several patches
/in General NewsBefore diving into the Windows 11 2024 update, know that you may encounter some problems. Here’s the bug report now.
Latest stories for ZDNET in Security – Read More
Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks
/in General NewsA new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play.
The connection stems from the use of a custom tool that’s designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used by RansomHub actors in
The Hacker News – Read More