BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Price Drop: This Complete Ethical Hacking Bundle is Now $40
/in General NewsGet a comprehensive, potentially lucrative ethical hacking education with 18 courses on today’s top tools and tech. This bundle is just $39.97 through 5/12.
Security | TechRepublic – Read More
Over 50,000 Tinyproxy Servers Vulnerable to Critical RCE Flaw
/in General NewsA critical remote code execution (RCE) flaw, CVE-2023-49606, was found affecting nearly 52,000 Tinyproxy servers. This vulnerability was disclosed by Cisco Talos in December 2023, impacting versions 1.11.1 and 1.10.0 of Tinyproxy.
Cyware News – Latest Cyber News – Read More
Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites
/in General NewsA high-severity flaw impacting the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts on susceptible websites.
The findings come from WPScan, which said that the vulnerability (CVE-2023-40000, CVSS score: 8.3) has been leveraged to set up bogus admin users with the names wpsupp‑user
The Hacker News – Read More
Hackers Exploit LiteSpeed Cache Flaw to Create WordPress Admins
/in General NewsWPScan observed in April increased exploitation activity against WordPress sites with versions of the plugin older than 5.7.0.1, which are vulnerable to a high-severity (8.8) unauthenticated cross-site scripting flaw tracked as CVE-2023-40000.
Cyware News – Latest Cyber News – Read More
Law Enforcement Agencies Identified LockBit Ransomware Admin and Sanctioned Him
/in General NewsThe FBI, UK National Crime Agency, and Europol have unmasked the identity of the admin of the LockBit ransomware operation, aka ‘LockBitSupp’ and ‘putinkrab’, and issued sanctions against him.
Cyware News – Latest Cyber News – Read More
LockBit Honcho Faces Sanctions, With Aussie Org Ramifications
/in General NewsAustralian businesses and individuals now face government fines and consequences for paying ransoms or interacting with assets owned by LockBitSupp, aka Dmitry Yuryevich Khoroshev.
darkreading – Read More
Chinese Hackers Deployed Backdoor Quintet to Down MITRE
/in General NewsMITRE’s hackers made use of at least five different Web shells and backdoors as part of their attack chain.
darkreading – Read More
Major UK Security Provider Leaks Trove of Guard and Suspect Data
/in General NewsBy Deeba Ahmed
Over 1.2 million records were exposed in a major data breach at UK security firm Amberstone. Learn the potential impact, what to do if affected, and how to stay secure.
This is a post from HackRead.com Read the original post: Major UK Security Provider Leaks Trove of Guard and Suspect Data
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Wiz Announces $1B Funding Round, Plans More M&A
/in General NewsMuch of the funding will be used for product development and talent acquisition to cover more ground as the cybersecurity industry continues to evolve.
darkreading – Read More
Does CISA’s KEV Catalog Speed Up Remediation?
/in General NewsVulnerabilities added to the CISA known exploited vulnerability (KEV) list do indeed get patched faster, but not fast enough.
darkreading – Read More