BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
Zscaler Investigates Hacking Claims After Data Offered for Sale
/in General NewsZscaler says its customer, production and corporate environments are not impacted after a notorious hacker offers to sell access.
The post Zscaler Investigates Hacking Claims After Data Offered for Sale appeared first on SecurityWeek.
SecurityWeek – Read More
Undetectable Threats Found in F5 BIG-IP Next Central Manager
/in General NewsThe two vulnerabilities, an SQL injection flaw (CVE-2024-26026) and an OData injection vulnerability (CVE-2024-21793), could allow attackers to gain admin control and create hidden rogue accounts on managed assets.
Cyware News – Latest Cyber News – Read More
Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover
/in General NewsTwo security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence.
The remotely exploitable flaws “can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next
The Hacker News – Read More
UK Military Data Breach a Reminder of Third-Party Risk in Defense Sector
/in General NewsAn attacker accessed personal information of over 225,000 active, reserve, and former UK military members from third-party payroll processing system.
darkreading – Read More
3-Year Iranian Influence Op Preys on Divides in Israeli Society
/in General NewsIran follows in Russia’s disinformation footsteps but with a different, more economical, and potentially higher-impact model.
darkreading – Read More
Netcraft Announces New AI-Powered Innovations to Disrupt and Expose Criminal Financial Infrastructure
/in General NewsPost Content
darkreading – Read More
runZero Research Explores Unexpected Exposures in Enterprise Infrastructure
/in General NewsPost Content
darkreading – Read More
Cyolo Partners With Dragos to Unveil Holistic Secure Remote Access Solution for Critical Infrastructure
/in General NewsPost Content
darkreading – Read More
IntelBroker Hacker Claims Breach of Top Cybersecurity Firm, Selling Access
/in General NewsBy Waqas
The norotious IntelBroker hackers claims to have breached a leading cybersecurity company (revenue: $1.8 billion). The hacker is selling access to stolen data, including sensitive credentials and critical logs, for $20,000 in cryptocurrency.
This is a post from HackRead.com Read the original post: IntelBroker Hacker Claims Breach of Top Cybersecurity Firm, Selling Access
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
CISOs Are Worried About Their Jobs & Dissatisfied With Their Incomes
/in General NewsThe research shows a significant drop in the number of tech CISOs that got a base salary increase in the past year — roughly 18% year-over-year.
darkreading – Read More