BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
No feed items found.
Exploit DB
- [webapps] FluxBB 1.5.11 - Stored Cross-Site Scripting (XSS)
- [webapps] JUX Real Estate 3.4.0 - SQL Injection
- [webapps] Loaded Commerce 6.6 - Client-Side Template Injection(CSTI) (AngularJS)
- [webapps] Extensive VC Addons for WPBakery page builder 1.9.0 - Remote Code Execution (RCE)
- [webapps] TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated)
- [webapps] Gitea 1.24.0 - HTML Injection
- [local] VeeVPN 1.6.1 - Unquoted Service Path
- [webapps] Chamilo LMS 1.11.24 - Remote Code Execution (RCE)
Hackers Target Middle East Governments with Evasive “CR4T” Backdoor
/in General NewsGovernment entities in the Middle East have been targeted as part of a previously undocumented campaign to deliver a new backdoor dubbed CR4T.
Russian cybersecurity company Kaspersky said it discovered the activity in February 2024, with evidence suggesting that it may have been active since at least a year prior. The campaign has been codenamed
The Hacker News – Read More
‘Crude’ Ransomware Tools Proliferating on the Dark Web for Cheap, Researchers Find
/in General NewsResearchers at the intelligence unit at the cybersecurity firm Sophos found 19 ransomware varieties being offered for sale or advertised as under development on four forums from June 2023 to February 2024.
Cyware News – Latest Cyber News – Read More
Cyberattack Takes Frontier Communications Offline
/in General NewsThe local phone and business communications company said that attackers accessed unspecified PII, after infiltrating its internal networks.
darkreading – Read More
Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware
/in General NewsIt turns out that a powerful security solution can double as even more powerful malware, capable of granting comprehensive access over a targeted machine.
darkreading – Read More
Russian APT Group Thwarted in Attack on US Automotive Manufacturer
/in General NewsThe group gained access to the victim network by duping IT employees with high administrative-access privileges.
darkreading – Read More
Brave search engine adds privacy-focused AI – no Google or Bing needed
/in General NewsAccessible in any browser, Brave’s new ‘Answer with AI’ option provides an AI-generated summary – with sources – in response to your requests and searches.
Latest stories for ZDNET in Security – Read More
The Trump Jury Has a Doxing Problem
/in General NewsOne juror in former US president Donald Trump’s criminal case in New York has been excused over fears she could be identified. It could get even messier.
Security Latest – Read More
Auburn’s McCrary Institute and Oak Ridge National Laboratory to Partner on Regional Cybersecurity Center
/in General NewsPost Content
darkreading – Read More
ICS Network Controllers Open to Remote Exploit, No Patches Available
/in General NewsCISA advisory warns of critical ICS device flaws, but a lack of available fixes leaves network administrators on defense to prevent exploits.
darkreading – Read More
GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories
/in General NewsExisting AI technology can allow hackers to automate exploits for public vulnerabilities in minutes flat. Very soon, diligent patching will no longer be optional.
darkreading – Read More