BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
- Uro - Declutters Url Lists For Crawling/Pentesting
- Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Exploit DB
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
- [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
- [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
- [local] Daikin Security Gateway 14 - Remote Password Reset
- [local] ZTE ZXV10 H201L - RCE via authentication bypass
Signal downloads spike in the U.S. and Yemen amid government scandal
/in General NewsThe encrypted messaging app Signal is getting some unexpected attention this week. High-ranking officials in the Trump administration, including Vice President J.D. Vance and Secretary of Defense Peter Hegseth, communicated the plans for an attack on the Yemeni Houthis via a potentially unauthorized group chat on Signal. However, Atlantic editor-in-chief Jeffrey Goldberg was mistakenly added […]
Security News | TechCrunch – Read More
10 pesky Windows 11 24H2 bugs still haunting PCs despite several patches
/in General NewsBefore diving into the Windows 11 2024 update, know that you may encounter some problems. Here’s the bug report now.
Latest stories for ZDNET in Security – Read More
Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks
/in General NewsA new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play.
The connection stems from the use of a custom tool that’s designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used by RansomHub actors in
The Hacker News – Read More
How to protect your site from DDoS attacks – before it’s too late
/in General NewsDDoS attacks don’t take much technical expertise to launch these days. Defending against them is more complicated.
Latest stories for ZDNET in Security – Read More
Russian media, academia targeted in espionage campaign using Google Chrome zero-day exploit
/in General News“We have discovered and reported dozens of zero-day exploits actively used in attacks, but this particular exploit is certainly one of the most interesting we’ve encountered,” researchers from Kaspersky said in their analysis published Tuesday.
The Record from Recorded Future News – Read More
Two Serbian journalists reportedly targeted with Pegasus spyware
/in General NewsTwo investigative journalists in Serbia were targeted with advanced commercial spyware last month, Amnesty International said Thursday.
The Record from Recorded Future News – Read More
The Importance of Allyship For Women in Cyber
/in General NewsInterview with Taylor Pyle, a Cybersecurity Engineer at Viasat on her experience with both cyber and mentorship.
The post The Importance of Allyship For Women in Cyber appeared first on SecurityWeek.
SecurityWeek – Read More
APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware
/in General NewsAn advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India’s public sector postal system as part of a campaign designed to infect both Windows and Android users in the country.
Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which is also known as
The Hacker News – Read More
Defense Contractor MORSE to Pay $4.6M to Settle Cybersecurity Failure Allegations
/in General NewsUS defense contractor MORSE Corp has agreed to pay $4.6 million to settle allegations over its cybersecurity failures.
The post Defense Contractor MORSE to Pay $4.6M to Settle Cybersecurity Failure Allegations appeared first on SecurityWeek.
SecurityWeek – Read More
Ransomware Groups Increasingly Adopting EDR Killer Tools
/in General NewsESET uncovers a link between RansomHub, Play, Medusa, and BianLian ransomware gangs as more groups adopt tools to disable EDR software.
The post Ransomware Groups Increasingly Adopting EDR Killer Tools appeared first on SecurityWeek.
SecurityWeek – Read More