BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo
/in General NewsCybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests library and has been found concealing a Golang-version of the Sliver command-and-control (C2) framework within a PNG image of the project’s logo.
The package employing this steganographic trickery is requests-darwin-lite, which has been
The Hacker News – Read More
Latvian TV Channels Hacked to Broadcast Russian Victory Day Parade
/in General NewsBy Deeba Ahmed
Confused Latvians woke up to the Russian Victory Day parade on their TVs! Hackers targeted a content delivery network to manipulate broadcasts exposing media supply chain vulnerabilities.
This is a post from HackRead.com Read the original post: Latvian TV Channels Hacked to Broadcast Russian Victory Day Parade
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Microsoft Deploys Generative AI for US Spies
/in General NewsPlus: China is suspected in a hack targeting the UK’s military, the US Marines are testing gun-toting robotic dogs, and Dell suffers a data breach impacting 49 million customers.
Security Latest – Read More
Attack Makes Autonomous Vehicle Tech Ignore Road Signs
/in General NewsResearchers have developed a technique called “GhostStripe” that can exploit the camera-based computer vision systems of autonomous vehicles, causing them to fail to recognize road signs, making it very risky for Tesla and Baidu Apollo vehicles.
Cyware News – Latest Cyber News – Read More
FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT
/in General NewsThe financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT.
“The threat actors used malicious websites to impersonate well-known brands, including AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall
The Hacker News – Read More
Cisco reimagines cybersecurity at RSAC 2024 with AI and kernel-level visibility
/in General NewsDefending against adversarial AI-based attacks and the torrent of new tradecraft attackers are creating requires a new approach to cybersecurity.Read More
Security News | VentureBeat – Read More
Millions of IoT Devices at Risk from Flaws in Integrated Cellular Modem
/in General NewsResearchers discovered seven vulnerabilities — including an unauthenticated RCE issue — in widely deployed Telit Cinterion modems.
darkreading – Read More
Europol Hacked? IntelBroker Claims Major Law Enforcement Breach
/in General NewsBy Waqas
Notorious hacker IntelBroker claims a major data breach at Europol. Allegedly, sensitive data including employee info, source code, and operational documents were compromised. Europol has yet to confirm the breach. Could this expose ongoing investigations and endanger law enforcement personnel? Find out more.
This is a post from HackRead.com Read the original post: Europol Hacked? IntelBroker Claims Major Law Enforcement Breach
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
New LLMjacking Attack Lets Hackers Hijack AI Models for Profit
/in General NewsBy Deeba Ahmed
Researchers uncover a novel cyberattack scheme called “LLMjacking” exploiting stolen cloud credentials to hijack powerful AI models. This article explores the implications of attackers leveraging large language models (LLMs) for malicious purposes and offers security recommendations for the cloud and AI communities.
This is a post from HackRead.com Read the original post: New LLMjacking Attack Lets Hackers Hijack AI Models for Profit
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
CISO as a CTO: When and Why It Makes Sense
/in General NewsEnterprises are increasingly recognizing that the CISO’s skills and experience building risk-based cyber programs translate well to other C-suite positions.
darkreading – Read More