BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Update Your iPhone Now to Fix Safari Security Flaw
/in General NewsThe vulnerability allowed malicious code running inside the Web Content sandbox, an isolated environment for web processes designed to limit security risks, to impact other parts of the device.
Security | TechRepublic – Read More
Threat Actor Impersonates Booking.com in Phishing Scheme
/in General NewsMicrosoft detailed a sophisticated campaign that relies on a social engineering technique, “ClickFix,” in which a phisher uses security verification like captcha to give the target a false sense of safety.
darkreading – Read More
Apple-UK Encryption Saga Continues: British Officials’ Clarification & US Officials’ Warning
/in General NewsThe British side reportedly said they would have to produce warrants for each individual data access request, so they will always have to be made as part of an investigation into serious crime.
Security | TechRepublic – Read More
Will Cisco’s Free Tech Training for 1.5M People Help Close EU’s Skills Gap?
/in General NewsCisco’s training through its Networking Academy will help “build a resilient and skilled workforce ready to meet Europe’s digital transformation and AI objectives.”
Security | TechRepublic – Read More
Ransomware Developer Extradited, Admits Working for LockBit
/in General NewsLaw enforcement discovered admin credentials on the suspect’s computer for an online repository hosted on the Dark Web that stored source code for multiple versions of the LockBit builder.
darkreading – Read More
Man-in-the-Middle Vulns Provide New Research Opportunities for Car Security
/in General NewsA pair of researchers plan on detailing effective tools to dig into the effectiveness of vehicle cybersecurity without breaking the bank.
darkreading – Read More
OpenAI’s strategic gambit: The Agents SDK and why it changes everything for enterprise AI
/in General NewsOpenAI’s new API and Agents SDK consolidate a previously fragmented complex ecosystem into a unified, production-ready framework. For enterprise AI teams, the implications are potentially profound: Projects that previously demanded multiple frameworks, specialized vector databases, and complex orchestration logic can now be achieved through a single, standardized platform. But perhaps most revealing is OpenAI’s implicit acknowledgment that solving AI agent reliability issues requires outside expertise. This shift comes amid growing evidence that external developers are finding innovative solutions to agent reliability – something that the shocking Manus release also clearly demonstrated. This strategic concession represents a critical turning point: OpenAI recognizes that even with its vast resources, the path to truly reliable agents requires opening up to outside developers who can discover innovative solutions and workarounds that OpenAI’s internal teams might miss.Read More
Security News | VentureBeat – Read More
AT&T technician Mark Klein, who exposed secret NSA spying, dies
/in General NewsKlein, a former AT&T technician turned whistleblower, exposed mass surveillance by the U.S. government in 2006.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Symantec Demonstrates OpenAI’s Operator Agent in PoC Phishing Attack
/in General NewsSymantec demonstrates OpenAI’s Operator Agent in PoC phishing attack, highlighting AI security risks and the need for proper cybersecurity.
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
Threat Actor Tied to LockBit Ransomware Targets Fortinet Users
/in General NewsThe Mora_001 group uses similar post-exploitation patterns and ransomware customization originated by LockBit.
darkreading – Read More