BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
Google SynthID Adding Invisible Watermarks to AI-Generated Content
/in General NewsGoogle has released new technology to embed watermarks and flag AI-generated content across text, images, audio, and video.
The post Google SynthID Adding Invisible Watermarks to AI-Generated Content appeared first on SecurityWeek.
SecurityWeek – Read More
TA866 Group Linked to New WarmCookie Malware in Espionage Campaign
/in General NewsCisco Talos reveals TA866’s (also known as Asylum Ambuscade) sophisticated tactics and its link to the new WarmCookie…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Threat Actors Are Exploiting Vulnerabilities Faster Than Ever
/in General NewsIt only takes five days on average for attackers to exploit a vulnerability, according to a new report.
Security | TechRepublic – Read More
Mobile Apps With Millions of Downloads Expose Cloud Credentials
/in General NewsPopular titles on both Google Play and Apple’s App Store include hardcoded and unencrypted AWS and Azure credentials in their codebases or binaries, making them vulnerable to misuse by threat actors.
darkreading – Read More
Microsoft Warns Foreign Disinformation Is Hitting the US Election From All Directions
/in General NewsRussia, Iran, and China are targeting the US election with an evolving array of influence operations in the last days of campaign season.
Security Latest – Read More
Basic Security Oversights: How a Public API Token Led to Internet Archive’s 7TB Data Breach
/in General NewsIn cybersecurity the underlying discussions are surrounding topics like quantum encryption and zero-trust architecture, meanwhile the Internet Archive just lost 7TB of data through an exposed GitLab authentication token. This token, reported as publicly accessible since December 2022, led to one of the most significant breaches of 2024, affecting 33 million users. 31,081,179…
Source
TechSplicer – Read More
Reality Defender Banks $33M to Tackle AI-Generated Deepfakes
/in General NewsNew York startup raises $33 million in an expanded Series A round to build technology to detect deepfake and AI-generated media.
The post Reality Defender Banks $33M to Tackle AI-Generated Deepfakes appeared first on SecurityWeek.
SecurityWeek – Read More
Nigeria Drops Charges Against Tigran Gambaryan, Jailed Binance Exec and Former IRS Agent
/in General NewsAfter eight months, one of the US’s most prominent crypto-crime investigators may finally be coming home.
Security Latest – Read More
Socket Raises $40 Million for Supply Chain Security Tech
/in General NewsSocket has raised $40 million in a Series B funding round to work on open source software supply chain security technology.
The post Socket Raises $40 Million for Supply Chain Security Tech appeared first on SecurityWeek.
SecurityWeek – Read More
Avast Releases Free Decryptor for Mallox Ransomware
/in General NewsAvast has released a decryptor for the Mallox ransomware after identifying a weakness in its cryptographic schema.
The post Avast Releases Free Decryptor for Mallox Ransomware appeared first on SecurityWeek.
SecurityWeek – Read More