BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
iOS 17.5.1 patches cringey bug that was resurrecting old, deleted photos
/in General NewsiPhone and iPad users were reporting personal and sensitive images reappearing – even on wiped and sold devices. Keep those deleted photos deleted!
Latest stories for ZDNET in Security – Read More
Hacktivist Groups Target Indian Elections, Leak Personal Data, Says Report
/in General NewsBy Deeba Ahmed
Multiple independent hacktivist groups are targeting India’s elections with influence campaigns, Resecurity reports. The campaigns are designed to sway voters’ opinions and undermine trust in the democratic process. Learn more about the tactics being used and how to protect yourself from disinformation.
This is a post from HackRead.com Read the original post: Hacktivist Groups Target Indian Elections, Leak Personal Data, Says Report
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Chinese Duo Indicted for Laundering $73m in Pig Butchering Case
/in General NewsTwo Chinese nationals have been indicted for their alleged involvement in a multimillion-dollar “pig butchering” investment fraud scheme, where they laundered over $73 million through US financial institutions and cryptocurrency wallets.
Cyware News – Latest Cyber News – Read More
Too Many ICS Assets are Exposed to the Public Internet
/in General NewsThe enterprise attack surface is rapidly expanding due to the convergence of IT and OT systems, leading to a large number of ICS assets being exposed to the public internet and creating new vulnerabilities that security teams struggle to manage.
Cyware News – Latest Cyber News – Read More
Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel
/in General NewsAn Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas Homeland Justice and Karma, respectively.
Cybersecurity firm Check Point is tracking the activity under the moniker Void Manticore, which is also known as Storm-0842 (formerly DEV-0842) by
The Hacker News – Read More
Judge Denies Class Certification in Blackbaud Hack Lawsuit
/in General NewsThe judge said the plaintiffs did not show an “administratively feasible” way for the court to determine whether a particular individual is a class member without extensive and individualized fact-finding.
Cyware News – Latest Cyber News – Read More
US SEC Approves Wall Street Data Breach Reporting Regs
/in General NewsThe SEC has approved new regulations that require broker-dealers and investment firms to notify their clients within 30 days of detecting a data breach, in an effort to modernize and enhance the protection of consumers’ financial data.
Cyware News – Latest Cyber News – Read More
Latrodectus Malware Loader Emerges as Potential Replacement for IcedID
/in General NewsResearchers have observed a surge in email phishing campaigns delivering Latrodectus, a new malware loader believed to be the successor to the IcedID malware, which is capable of deploying additional payloads such as QakBot, DarkGate, and PikaBot.
Cyware News – Latest Cyber News – Read More
The Importance of Access Controls in Incident Response
/in General NewsAdequate IAM policies are essential for incident management tooling to ensure the right people can quickly address issues without being blocked. Authentication verifies a person’s identity, while authorization manages permissions and access levels.
Cyware News – Latest Cyber News – Read More
What American Enterprises Can Learn From Europe's GDPR Mistakes
/in General NewsAs the US braces for a data privacy overhaul, companies need to update data practices, train staff, and ensuring compliance from the outset to avoid Europe’s costly missteps.
darkreading – Read More