BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
FreeType Zero-Day Being Exploited in the Wild
/in General NewsMeta’s Facebook security team warns of live exploitation of a zero-day vulnerability in the open-source FreeType library.
The post FreeType Zero-Day Being Exploited in the Wild appeared first on SecurityWeek.
SecurityWeek – Read More
Anthropic researchers forced Claude to become deceptive — what they discovered could save us from rogue AI
/in General NewsAnthropic researchers reveal groundbreaking techniques to detect hidden objectives in AI systems, training Claude to conceal its true goals before successfully uncovering them through innovative auditing methods that could transform AI safety standards.Read More
Security News | VentureBeat – Read More
Patronus AI’s Judge-Image wants to keep AI honest — and Etsy is already using it
/in General NewsPatronus AI launches the first multimodal LLM-as-a-Judge for evaluating AI systems that process images, with Etsy already implementing the technology to validate product image captions across its marketplace.Read More
Security News | VentureBeat – Read More
Cisco Patches 10 Vulnerabilities in IOS XR
/in General NewsCisco has released patches for 10 vulnerabilities in IOS XR, including five denial-of-service (DoS) bugs.
The post Cisco Patches 10 Vulnerabilities in IOS XR appeared first on SecurityWeek.
SecurityWeek – Read More
Apple’s appeal against UK’s secret iCloud backdoor order must be held in public, rights groups urge
/in General NewsPrivacy rights groups have called on Apple’s legal challenge to a secret U.K. government order asking it to backdoor an end-to-end encrypted (E2EE) version of its iCloud storage service to be heard in public, rather than behind closed doors. The existence of the order emerged via press reports last month. Apple went on to confirm […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Grafana Flaws Likely Targeted in Broad SSRF Exploitation Campaign
/in General NewsThreat actors are likely targeting Grafana path traversal bugs for reconnaissance in a SSRF exploitation campaign targeting popular platforms.
The post Grafana Flaws Likely Targeted in Broad SSRF Exploitation Campaign appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft Warns of Hospitality Sector Attacks Involving ClickFix
/in General NewsA cybercrime group named Storm-1865 has targeted hospitality organizations via fake Booking.com emails and the use of social engineering.
The post Microsoft Warns of Hospitality Sector Attacks Involving ClickFix appeared first on SecurityWeek.
SecurityWeek – Read More
Salt Typhoon: A Wake-up Call for Critical Infrastructure
/in General NewsThe Salt Typhoon attacks underscored the need for unity, innovation, and resilience in the face of an increasingly sophisticated cyber-threat landscape.
darkreading – Read More
New OBSCURE#BAT Malware Targets Users with Fake Captchas
/in General NewsOBSCURE#BAT malware campaign exploits social engineering & fake software downloads to evade detection, steal data and persist on…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More
DeepSeek’s Malware-Generation Capabilities Put to Test
/in General NewsResearchers have analyzed the ability of the Chinese gen-AI DeepSeek to create malware such as ransomware and keyloggers.
The post DeepSeek’s Malware-Generation Capabilities Put to Test appeared first on SecurityWeek.
SecurityWeek – Read More