BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
CVE Program Stays Online as CISA Backs Temporary MITRE Extension
/in General NewsMITRE avoids CVE program shutdown with last-minute contract extension. Questions remain about long-term funding and the future of…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
More than 100,000 had information stolen from Hertz through Cleo file share tool
/in General NewsCar rental giant Hertz has been notifying state regulators of a data breach that occurred through third-party file sharing software. Tens of thousands of people are affected, but the company hasn’t specified a total number.
The Record from Recorded Future News – Read More
Patch Now: NVDIA Flaws Expose AI Models, Critical Infrastructure
/in General NewsA fix for a critical flaw in a tool allowing organizations to run GPU-accelerated containers released last year did not fully mitigate the issue, spurring the need to patch a secondary flaw to protect organizations that rely on NVIDIA processors for AI workloads.
darkreading – Read More
MITRE CVE Program Gets Last-Hour Funding Reprieve
/in General NewsThe US government’s cybersecurity agency CISA has “executed the option period on the contract” to keep the vulnerability catalog operational.
The post MITRE CVE Program Gets Last-Hour Funding Reprieve appeared first on SecurityWeek.
SecurityWeek – Read More
How Apple plans to train its AI on your data without sacrificing your privacy
/in General NewsApple’s solution is called ‘differential privacy’ – and it’s already been using it for Genmojis.
Latest stories for ZDNET in Security – Read More
NSO lawyer names Mexico, Saudi Arabia, and Uzbekistan as spyware customers behind 2019 WhatsApp hacks
/in General NewsThis is the first time representatives for the spyware maker have publicly named its government customers.
Security News | TechCrunch – Read More
Cloud, Cryptography Flaws in Mobile Apps Leak Enterprise Data
/in General NewsCloud misconfigurations and cryptography flaws plague some of the top apps used in work environments, exposing organizations to risk and intrusion.
darkreading – Read More
Active Directory Recovery Can’t Be an Afterthought
/in General NewsActive Directory is one of the most vulnerable access points in an organization’s IT environment. Companies cannot wait for a real attack to pressure-test their AD recovery strategy.
darkreading – Read More
Pillar Security Banks $9M for AI Security Guardrails
/in General NewsShield Capital leads a $9 million seed-stage funding round for Israeli startup building technologies for AI security and privacy guardrails.
The post Pillar Security Banks $9M for AI Security Guardrails appeared first on SecurityWeek.
SecurityWeek – Read More
Chinese firm tied to Uyghur rights abuses now training Tibet police on hacking techniques
/in General NewsThe digital forensics company known as Meiya Pico won a contract in mid-2023 to build two labs at the Tibet Police College: one on offensive and defensive cyber techniques and the other on electronic evidence collection and analysis.
The Record from Recorded Future News – Read More