BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
- [remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
Apple fixes new iPhone zero-day bug used in Paragon spyware hacks
/in General NewsThe iPhone maker quietly updated a February security advisory to publicize a flaw that was used to hack at least two journalists in Europe.
Security News | TechCrunch – Read More
Belarusian hackers taunt Kaspersky over report detailing their attacks
/in General NewsA recent Kaspersky report offers a rare glimpse into the alleged arsenal of politically motivated hackers waging a digital war against authoritarian regimes in Russia and Belarus.
The Record from Recorded Future News – Read More
Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones
/in General NewsCitizen Lab publishes forensic proof that spyware maker Paragon can compromise up-to-date iPhones. Journalists in Europe among victims.
The post Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones appeared first on SecurityWeek.
SecurityWeek – Read More
New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
/in General NewsCybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model’s (LLM) safety and content moderation guardrails with just a single character change.
“The TokenBreak attack targets a text classification model’s tokenization strategy to induce false negatives, leaving end targets vulnerable to attacks that the implemented
The Hacker News – Read More
The AI Arms Race: Deepfake Generation vs. Detection
/in General NewsAI-generated voice deepfakes have crossed the uncanny valley, fueling a surge in fraud that outpaces traditional security measures. Detection technology is racing to keep up.
The post The AI Arms Race: Deepfake Generation vs. Detection appeared first on SecurityWeek.
SecurityWeek – Read More
The $200,000 Zoom call
/in General NewsA crypto CEO shared his screen. What happened next unraveled his digital life.
The Record from Recorded Future News – Read More
AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
/in General NewsAI is changing everything — from how we code, to how we sell, to how we secure. But while most conversations focus on what AI can do, this one focuses on what AI can break — if you’re not paying attention.
Behind every AI agent, chatbot, or automation script lies a growing number of non-human identities — API keys, service accounts, OAuth tokens — silently operating in the background.
And here’s
The Hacker News – Read More
Ransomware attack on ticketing platform upends South Korean entertainment industry
/in General NewsYes24, a South Korean ticketing platform and online bookseller, has been disrupted for days after a ransomware attack, with effects rippling into K-pop concerts, theater performances and more.
The Record from Recorded Future News – Read More
New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches
/in General NewsThe new attack technique uses smartwatches to capture ultrasonic covert communication in air-gapped environments and exfiltrate data.
The post New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches appeared first on SecurityWeek.
SecurityWeek – Read More
Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior
/in General NewsHirundo tackles AI hallucinations and bias by making trained models “forget” poisoned, malicious, and confidential data.
The post Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior appeared first on SecurityWeek.
SecurityWeek – Read More