BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] WP Publications WordPress Plugin 1.2 - Stored XSS
- [local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
- [remote] Keras 2.15 - Remote Code Execution (RCE)
- [local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
- [webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
- [hardware] TOTOLINK N300RB 8.54 - Command Execution
- [webapps] SugarCRM 14.0.0 - SSRF/Code Injection
- [webapps] Langflow 1.2.x - Remote Code Execution (RCE)
- [remote] NodeJS 24.x - Path Traversal
- [remote] MikroTik RouterOS 7.19.1 - Reflected XSS
These Yale and Berkeley dropouts just raised $2 million to build an AI assistant that could rival OpenAI
/in General NewsY Combinator-backed startup Martin AI secures $2M seed funding to challenge Siri and Google with its innovative personal AI assistant, built by 19-year-old founders to revolutionize how consumers interact with AI through custom memory architecture and multi-channel accessibility.Read More
Security News | VentureBeat – Read More
DeepSeek exposed internal database containing chat histories and sensitive data
/in General NewsThe internal DeepSeek database was exposed to the internet without a password.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Nulled, Other Cybercrime Websites Seized by Law Enforcement
/in General NewsSeveral cybercrime websites have been seized in a law enforcement operation, including Nulled, Cracked, Sellix, and StarkRDP.
The post Nulled, Other Cybercrime Websites Seized by Law Enforcement appeared first on SecurityWeek.
SecurityWeek – Read More
How to Use Keeper Password Manager: A Comprehensive Guide
/in General NewsThis step-by-step guide shows you how to set up Keeper Password Manager and use it to secure and organize your passwords.
Security | TechRepublic – Read More
152,000 Impacted by Data Breach at Berman & Rabin
/in General NewsLaw firm Berman & Rabin says 152,000 people are impacted by a data breach resulting from a July 2024 ransomware attack.
The post 152,000 Impacted by Data Breach at Berman & Rabin appeared first on SecurityWeek.
SecurityWeek – Read More
Frederick Health Hit by Ransomware Attack
/in General NewsMaryland healthcare provider Frederick Health has taken some of its systems offline in response to a ransomware attack.
The post Frederick Health Hit by Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
Unprotected DeepSeek Database Exposed Chats, Other Sensitive Information
/in General NewsAn unprotected database belonging to Chinese AI company DeepSeek exposed highly sensitive information, including chat history, secret keys, and backend data.
The post Unprotected DeepSeek Database Exposed Chats, Other Sensitive Information appeared first on SecurityWeek.
SecurityWeek – Read More
Tenable to Acquire Vulcan Cyber for $150 Million
/in General NewsTenable plans to acquire exposure management company Vulcan Cyber for roughly $150 million in cash and stock.
The post Tenable to Acquire Vulcan Cyber for $150 Million appeared first on SecurityWeek.
SecurityWeek – Read More
New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks
/in General NewsA Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks.
The vulnerability in question is CVE-2024-41710 (CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actor
The Hacker News – Read More
Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits
/in General NewsThree security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances.
“When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server,” Sonar researcher Yaniv Nizry said in a write-up published earlier this week.
The
The Hacker News – Read More