BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
- PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
- Wappalyzer-Next - Python library that uses Wappalyzer extension (and its fingerprints) to detect technologies
- Telegram-Checker - A Python Tool For Checking Telegram Accounts Via Phone Numbers Or Usernames
- Torward - An Improved Version Based On The Torghost-Gn And Darktor Scripts, Designed To Enhance Anonymity On The Internet
- Instagram-Brute-Force-2024 - Instagram Brute Force 2024 Compatible With Python 3.13 / X64 Bit / Only Chrome Browser
- QuickResponseC2 - A Command & Control Server That Leverages QR Codes To Send Commands And Receive Results From Remote Systems
- Telegram-Scraper - A Powerful Python Script That Allows You To Scrape Messages And Media From Telegram Channels Using The Telethon Library
Exploit DB
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
- [webapps] Apache Commons Text 1.10.0 - Remote Code Execution
- [webapps] Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation
- [webapps] Tatsu 3.3.11 - Unauthenticated RCE
- [remote] Langflow 1.3.0 - Remote Code Execution (RCE)
- [webapps] UJCMS 9.6.3 - User Enumeration via IDOR
- [webapps] Inventio Lite 4 - SQL Injection
- [webapps] KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection
- [hardware] ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution
3.3 Million People Impacted by DISA Data Breach
/in General NewsBackground and drug screening giant DISA has revealed that a 2024 data breach impacts more than 3.3 million people.
The post 3.3 Million People Impacted by DISA Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
Hackers publish sensitive patient data allegedly stolen from Australian IVF provider Genea
/in General NewsGenea gets a court injunction after ransomware gang Termite claims to have leaked patient information
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Thousands of exposed GitHub repos, now private, can still be accessed through Copilot
/in General NewsData exposed even briefly can live on in generative AI chatbots long after the data is made private.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
ExpressVPN gets faster and more secure, thanks to Rust
/in General NewsBy leveraging the power of Rust, ExpressVPN is setting a new standard for speed, security, and adaptability in VPN protocols.
Latest stories for ZDNET in Security – Read More
CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities in question are as follows –
CVE-2024-49035 (CVSS score: 8.7) – An improper access control
The Hacker News – Read More
OpenAI drops Deep Research access to Plus users, heating up AI agent wars with DeepSeek and Claude
/in General NewsOpenAI expands its powerful Deep Research AI agent to ChatGPT Plus, Team, Education, and Enterprise users, intensifying competition with DeepSeek and Anthropic in the rapidly evolving AI research assistant market.Read More
Security News | VentureBeat – Read More
The people in Elon Musk’s DOGE universe
/in General NewsMeet the DOGE staffers and senior advisors in Elon Musk’s inner circle, and how they got there.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
AI Tricksters Spin Up Fake DeepSeek Sites to Steal Crypto
/in General NewsThe fake websites trick users into downloading and running malware that searches for personal information, especially anything related to crypto currency.
darkreading – Read More
Max Severity RCE Vuln in All Versions of MITRE Caldera
/in General NewsIn the wrong hands, the popular red-teaming tool can be made to access networks, escalate privileges, conduct reconnaissance, and disguise malicious activity as a simulated exercise.
darkreading – Read More
Microsoft 365 Accounts Get Sprayed by Mega-Botnet
/in General NewsThe threat actors are exploiting non-interactive sign-ins, an authentication feature that security teams don’t typically monitor.
darkreading – Read More