BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
- PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
- Wappalyzer-Next - Python library that uses Wappalyzer extension (and its fingerprints) to detect technologies
- Telegram-Checker - A Python Tool For Checking Telegram Accounts Via Phone Numbers Or Usernames
- Torward - An Improved Version Based On The Torghost-Gn And Darktor Scripts, Designed To Enhance Anonymity On The Internet
- Instagram-Brute-Force-2024 - Instagram Brute Force 2024 Compatible With Python 3.13 / X64 Bit / Only Chrome Browser
- QuickResponseC2 - A Command & Control Server That Leverages QR Codes To Send Commands And Receive Results From Remote Systems
- Telegram-Scraper - A Powerful Python Script That Allows You To Scrape Messages And Media From Telegram Channels Using The Telethon Library
- Moukthar - Android Remote Administration Tool
Exploit DB
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
- [webapps] Apache Commons Text 1.10.0 - Remote Code Execution
- [webapps] Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation
- [webapps] Tatsu 3.3.11 - Unauthenticated RCE
- [remote] Langflow 1.3.0 - Remote Code Execution (RCE)
- [webapps] UJCMS 9.6.3 - User Enumeration via IDOR
- [webapps] Inventio Lite 4 - SQL Injection
- [webapps] KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection
- [hardware] ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution
Iranian State Hackers Partner Up for Large-Scale Attacks, Report
/in General NewsBy Deeba Ahmed
Check Point researchers have detailed a new Iranian state-sponsored hacker group called Void Manticore, partnering with Scarred Manticore, another threat group based in Iran’s Ministry of Intelligence and Security.
This is a post from HackRead.com Read the original post: Iranian State Hackers Partner Up for Large-Scale Attacks, Report
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Five Core Tenets Of Highly Effective DevSecOps Practices
/in General NewsOne of the enduring challenges of building modern applications is to make them more secure without disrupting high-velocity DevOps processes or degrading the developer experience. Today’s cyber threat landscape is rife with sophisticated attacks aimed at all different parts of the software supply chain and the urgency for software-producing organizations to adopt DevSecOps practices that deeply
The Hacker News – Read More
QNAP QTS Zero-Day in Share Feature Gets Public RCE Exploit
/in General NewsAn extensive security audit of QNAP QTS, the operating system for the company’s NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed.
Cyware News – Latest Cyber News – Read More
Consumers Continue to Overestimate Their Ability to Spot Deepfakes
/in General NewsThe Jumio 2024 Online Identity Study reveals that while consumers are increasingly concerned about the risks posed by deepfakes and generative AI, they continue to overestimate their ability to detect these deceptions.
Cyware News – Latest Cyber News – Read More
Eventbrite Promoted Illegal Opioid Sales to People Searching for Addiction Recovery Help
/in General NewsA WIRED investigation found thousands of Eventbrite posts selling escort services and drugs like Xanax and oxycodone—some of which the company’s algorithm recommended alongside addiction recovery events.
Security Latest – Read More
EPA Issues Alert After Finding Critical Vulnerabilities in Drinking Water Systems
/in General NewsThe EPA has issued an enforcement alert, outlining the steps needed to comply with the Safe Drinking Water Act.
The post EPA Issues Alert After Finding Critical Vulnerabilities in Drinking Water Systems appeared first on SecurityWeek.
SecurityWeek – Read More
Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox
/in General NewsA critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by threat actors to achieve arbitrary code execution.
Tracked as CVE-2024-34359 (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx.
“If exploited, it could allow attackers to execute arbitrary code on your system,
The Hacker News – Read More
CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw
/in General NewsCISA has added CVE-2023-43208, an unauthenticated remote code execution vulnerability, to its KEV catalog.
The post CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw appeared first on SecurityWeek.
SecurityWeek – Read More
How to Install a VPN on Your Router
/in General NewsTrying to figure out how to install a VPN on your router? Read our step-by-step guide to help you get started.
Security | TechRepublic – Read More
CISA Warns of Actively Exploited NextGen Mirth Connect Pre-Auth RCE Vulnerability
/in General NewsThe CISA has required federal agencies to update to a patched version of Mirth Connect (version 4.4.1 or later) by June 10, 2024, to secure their networks against active threats.
Cyware News – Latest Cyber News – Read More