BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
No feed items found.
Exploit DB
- [webapps] MoziloCMS 3.0 - Remote Code Execution (RCE)
- [webapps] KubeSphere 3.4.0 - Insecure Direct Object Reference (IDOR)
- [webapps] X2CRM 8.5 - Stored Cross-Site Scripting (XSS)
- [local] NVIDIA Container Toolkit 1.16.1 - Time-of-check Time-of-Use (TOCTOU)
- [remote] Microsoft Windows - NTLM Hash Leak Malicious Windows Theme
- [remote] Aztech DSL5005EN Router - 'sysAccess.asp' Admin Password Change (Unauthenticated)
- [webapps] TeamPass 3.0.0.21 - SQL Injection
- [webapps] Jasmin Ransomware - SQL Injection Login Bypass
- [webapps] FluxBB 1.5.11 - Stored Cross-Site Scripting (XSS)
- [webapps] JUX Real Estate 3.4.0 - SQL Injection
Even More Venmo Accounts Tied to Trump Officials in Signal Group Chat Left Data Public
/in General NewsWIRED has found four new Venmo accounts that appear to be associated with Trump officials who were in an infamous Signal chat. One made a payment with a note consisting solely of an eggplant emoji.
Security Latest – Read More
OpenAI Bumps Up Bug Bounty Reward to $100K in Security Update
/in General NewsThe artificial intelligence research company previously had its maximum payout set at $20,000 before exponentially raising the reward.
darkreading – Read More
How CISA Cuts Impact Election Security
/in General NewsState and federal security experts weighed in on the impact that budgetary and personnel cuts to CISA will have on election security as a whole.
darkreading – Read More
Hoff’s Rule: People First
/in General NewsDark Reading Confidential Episode 5: Christofer Hoff, chief secure technology officer at LastPass, shares the human side of the story of how he led his team through a major cyber incident and built from the ground up a security team and security culture.
darkreading – Read More
Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection
/in General NewsMicrosoft’s .NET MAUI lets developers build cross-platform apps in C#, but its use of binary blob files poses new risks by bypassing Android’s DEX-based security checks.
Security | TechRepublic – Read More
SignalGate Is Driving the Most US Downloads of Signal Ever
/in General NewsScandal surrounding the Trump administration’s Signal group chat has led to a landmark week for the encrypted messaging app’s adoption—its “largest US growth moment by a massive margin.”
Security Latest – Read More
Splunk Patches Dozens of Vulnerabilities
/in General NewsSplunk patches high-severity remote code execution and information disclosure flaws in Splunk Enterprise and Secure Gateway App.
The post Splunk Patches Dozens of Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
OpenAI Bug Bounty Program Increases Top Reward to $100,000
/in General NewsOpenAI Bug Bounty program boosts max reward to $100,000, expanding scope and offering new incentives to enhance AI security and reliability.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
RedCurl Uses New QWCrypt Ransomware in Hypervisor Attacks
/in General NewsDiscover the novel QWCrypt ransomware used by RedCurl in targeted hypervisor attacks. This article details their tactics, including…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Anthropic scientists expose how AI actually ‘thinks’ — and discover it secretly plans ahead and sometimes lies
/in General NewsAnthropic has developed a new method for peering inside large language models like Claude, revealing for the first time how these AI systems process information and make decisions. The research, published today in two papers (available here and here), shows these models are more sophisticated than previously understood — they plan ahead when writin…Read More
Security News | VentureBeat – Read More