BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
- [remote] PCMan FTP Server 2.0.7 - Buffer Overflow
- [webapps] Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
- [local] Parrot and DJI variants Drone OSes - Kernel Panic Exploit
- [remote] Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
- [remote] AirKeyboard iOS App 1.0.5 - Remote Input Injection
- [webapps] PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
- [remote] WebDAV Windows 10 - Remote Code Execution (RCE)
- [local] Microsoft Excel Use After Free - Local Code Execution
- [remote] Windows File Explorer Windows 10 Pro x64 - TAR Extraction
Doti AI Raises £7 Million Seed Funding for Instant Access to Internal Company Data
/in General NewsDoti’s platform uses AI to improve, automate, and streamline standard office and business processes across distributed and hybrid environments.
The post Doti AI Raises £7 Million Seed Funding for Instant Access to Internal Company Data appeared first on SecurityWeek.
SecurityWeek – Read More
Conduent confirms outage was due to a cybersecurity incident
/in General NewsU.S. government contractor Conduent, which provides technology to support services such as child support and food assistance, has confirmed that a recent outage was caused by a cybersecurity incident. Conduent confirmed the disruption, which left some U.S. residents without access to support payments, to TechCrunch on Tuesday but declined to say whether the outage was […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
The Mathematics Behind Password Strength
/in General NewsThe conventional thinking about password security often misses important nuances. While common sense trained us to believe “p#4St49@!” represents the pinnacle of security, the mathematics tells a more interesting story. Spoiler: The longer the password, the better. Password security’s math starts with a basic function. This formula explains the security advantage of length: Here’s a…
Source
TechSplicer – Read More
What PowerSchool isn’t saying about its ‘massive’ student data breach
/in General NewsThe hack has the potential to be one of the biggest of the year, but the edtech giant is refusing to answer important questions
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Is classic Outlook crashing when you start or reply to an email? A fix is on the way
/in General NewsA fix is due out in late January. For now, Microsoft has a workaround.
Latest stories for ZDNET in Security – Read More
Will 2025 See a Rise of NHI Attacks?
/in General NewsThe flurry of non-human identity attacks at the end of 2024 demonstrates extremely strong momentum heading into the new year. That does not bode well.
darkreading – Read More
Over $380,000 Paid Out on First Day of Pwn2Own Automotive 2025
/in General News$380,000 paid out on the first day of Pwn2Own Automotive 2025 for exploits targeting car infotainment units, operating systems, and chargers.
The post Over $380,000 Paid Out on First Day of Pwn2Own Automotive 2025 appeared first on SecurityWeek.
SecurityWeek – Read More
Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet
/in General NewsThreat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks.
According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further abuse.
Some
The Hacker News – Read More
Cyber Insights 2025: APIs – The Threat Continues
/in General NewsAPIs are easy to develop, simple to implement, and frequently attacked. They are prime and lucrative targets for cybercriminals.
The post Cyber Insights 2025: APIs – The Threat Continues appeared first on SecurityWeek.
SecurityWeek – Read More
Oracle Patches 200 Vulnerabilities With January 2025 CPU
/in General NewsOracle has released 318 new security patches to address roughly 200 unique CVEs as part of its January 2025 Critical Patch Update.
The post Oracle Patches 200 Vulnerabilities With January 2025 CPU appeared first on SecurityWeek.
SecurityWeek – Read More