BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Canadian privacy regulators publish details of medical testing company’s data breach
/in General NewsA 2020 report detailing the hack of a Canadian medical testing company was released Monday after a court ruled it could be made public, ending a four-year battle during which the company sought to keep the details of the investigation secret.
The Record from Recorded Future News – Read More
Anthropic bets on personalization in the AI arms race with new ‘styles’ feature
/in General NewsAnthropic’s AI assistant Claude can now match your writing style and tone at work, making it easier for companies to use AI while keeping their brand voice – a feature missing from ChatGPT and Google’s AI tools.Read More
Security News | VentureBeat – Read More
CyCognito Report Highlights Rising Cybersecurity Risks in Holiday E-Commerce
/in General NewsFindings reveal growing cybersecurity risks in ecommerce, exposing vulnerabilities in PII handling and lack of basic security protections like HTTPS and WAFs
darkreading – Read More
CyberRatings.org Announces Test Results for Cloud Service Provider Native Firewalls
/in General NewsProtection ranged from 0.38% to 50.57% for security effectiveness.
darkreading – Read More
African cybercrime crackdown culminates in 1,006 captured and cuffed
/in General NewsIn September and October, Interpol and Afripol pursued cases against multiple forms of cybercrime originating in Africa, including fraud rings, ransomware and business email compromise (BEC).
The Record from Recorded Future News – Read More
Cybersecurity 101: OWASP Top 10 for LLM Applications, updated for 2025
/in General NewsIn an expected turn of events, OWASP has released the Top 10 for Large Language Models, updated for 2025. This is yet again a milestone in the new normal of AI integrating not only in the development lifecycle, but in tech in general. And discussing AI security is necessary, or just as necessary as discussing AI ethics and conformity. While we’ve spent decades analyzing and improving web…
Source
TechSplicer – Read More
My Car Knows My Secrets, and I’m (Mostly) OK With That
/in General NewsImagine your car gossiping to insurance companies about your lead foot, or data brokers peddling your daily coffee run. Welcome to the world of connected cars, where convenience and privacy are locked in a head-on collision.
darkreading – Read More
VMware Patches High-Severity Vulnerabilities in Aria Operations
/in General NewsThe company warns that malicious hackers can craft exploits to elevate privileges or launch cross-site scripting attacks.
The post VMware Patches High-Severity Vulnerabilities in Aria Operations appeared first on SecurityWeek.
SecurityWeek – Read More
IBM Patches RCE Vulnerabilities in Data Virtualization Manager, Security SOAR
/in General NewsIBM has released patches for two high-severity remote code execution vulnerabilities in Data Virtualization Manager and Security SOAR.
The post IBM Patches RCE Vulnerabilities in Data Virtualization Manager, Security SOAR appeared first on SecurityWeek.
SecurityWeek – Read More
Major UK, US stores face ongoing disruption after ransomware attack hits supply chain giant Blue Yonder
/in General NewsThe Arizona-based firm said it has “no timeline” for restoration, following a cyberattack that caused disruption at companies around the world.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More