BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools
/in General NewsEasily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools
The post Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools appeared first on SecurityWeek.
SecurityWeek – Read More
Indian Ex-Employee Jailed for Wiping 180 Virtual Servers in Singapore
/in General NewsA terminated employee deleted his employer’s servers, causing major financial loss. Read about the growing threat of disgruntled ex-employees and how companies can protect themselves from this threat.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Why SaaS Security is Suddenly Hot: Racing to Defend and Comply
/in General NewsRecent supply chain cyber-attacks are prompting cyber security regulations in the financial sector to tighten compliance requirements, and other industries are expected to follow. Many companies still don’t have efficient methods to manage related time-sensitive SaaS security and compliance tasks. Free SaaS risk assessment tools are an easy and practical way to bring visibility and initial
The Hacker News – Read More
AWS Announces Authentication and Malware Protection Enhancements
/in General NewsAWS announced passkey MFA for IAM and root users, IAM Access Analyzer updates, and Amazon GuardDuty Malware Protection for S3.
The post AWS Announces Authentication and Malware Protection Enhancements appeared first on SecurityWeek.
SecurityWeek – Read More
Know Your Adversary: Why Tuning Intelligence-Gathering to Your Sector Pays Dividends
/in General NewsWithout tuning your approach to fit your sector, amongst other variables, you’ll be faced with an unmanageable amount of noise.
The post Know Your Adversary: Why Tuning Intelligence-Gathering to Your Sector Pays Dividends appeared first on SecurityWeek.
SecurityWeek – Read More
Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware
/in General NewsThe nascent malware known as SSLoad is being delivered by means of a previously undocumented loader called PhantomLoader, according to findings from cybersecurity firm Intezer.
“The loader is added to a legitimate DLL, usually EDR or AV products, by binary patching the file and employing self-modifying techniques to evade detection,” security researchers Nicole Fishbein and Ryan Robinson said in
The Hacker News – Read More
Life360 Says Personal Information Stolen From Tile Customer Support Platform
/in General NewsLife360 says hackers attempted to extort it after stealing personal information from a Tile customer support platform.
The post Life360 Says Personal Information Stolen From Tile Customer Support Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS
/in General NewsThreat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018.
The activity, still ongoing, entails the use of an Android malware called GravityRAT and a Windows-based malware loader codenamed HeavyLift, according to Cisco Talos, which are administered using another standalone tool referred to as GravityAdmin.
The
The Hacker News – Read More
Prevalence and Impact of Password Exposure Vulnerabilities in ICS/OT
/in General NewsAnalysis and insights on the prevalence and impact of password exposure vulnerabilities in ICS and other OT products.
The post Prevalence and Impact of Password Exposure Vulnerabilities in ICS/OT appeared first on SecurityWeek.
SecurityWeek – Read More
Pakistani Hacking Team ‘Celestial Force’ Spies on Indian Gov’t, Defense
/in General NewsAgainst a backdrop of political conflict, a years-long cyber espionage campaign in South Asia is coming to light.
darkreading – Read More