BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Russian Trolls Pose as Reputable Media to Sow US Election Chaos
/in General NewsOperation Overload pushes dressed up Russian state propaganda with the aim of flooding the US with election disinformation.
darkreading – Read More
OpenAI scientist Noam Brown stuns TED AI Conference: ’20 seconds of thinking worth 100,000x more data’
/in General NewsAt the TED AI conference, OpenAI’s Noam Brown unveiled the o1 model, showcasing how “System Two Thinking” could transform industries by enabling AI to deliver smarter, more deliberate decision-making.Read More
Security News | VentureBeat – Read More
Fortinet Confirms Zero-Day Exploit Targeting FortiManager Systems
/in General NewsFortinet confirms zero-day exploits hitting critical (CVSS severity score 9.8/10) remote code execution bug in the FortiManager platform.
The post Fortinet Confirms Zero-Day Exploit Targeting FortiManager Systems appeared first on SecurityWeek.
SecurityWeek – Read More
New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection
/in General NewsNew variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud measures, indicating that the malicious software is continuing to be actively developed despite law enforcement efforts to crack down on the operation.
“Only part of this gang was arrested: the remaining operators behind Grandoreiro continue attacking users all over the
The Hacker News – Read More
Google SynthID Adding Invisible Watermarks to AI-Generated Content
/in General NewsGoogle has released new technology to embed watermarks and flag AI-generated content across text, images, audio, and video.
The post Google SynthID Adding Invisible Watermarks to AI-Generated Content appeared first on SecurityWeek.
SecurityWeek – Read More
TA866 Group Linked to New WarmCookie Malware in Espionage Campaign
/in General NewsCisco Talos reveals TA866’s (also known as Asylum Ambuscade) sophisticated tactics and its link to the new WarmCookie…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Threat Actors Are Exploiting Vulnerabilities Faster Than Ever
/in General NewsIt only takes five days on average for attackers to exploit a vulnerability, according to a new report.
Security | TechRepublic – Read More
Mobile Apps With Millions of Downloads Expose Cloud Credentials
/in General NewsPopular titles on both Google Play and Apple’s App Store include hardcoded and unencrypted AWS and Azure credentials in their codebases or binaries, making them vulnerable to misuse by threat actors.
darkreading – Read More
Microsoft Warns Foreign Disinformation Is Hitting the US Election From All Directions
/in General NewsRussia, Iran, and China are targeting the US election with an evolving array of influence operations in the last days of campaign season.
Security Latest – Read More
Basic Security Oversights: How a Public API Token Led to Internet Archive’s 7TB Data Breach
/in General NewsIn cybersecurity the underlying discussions are surrounding topics like quantum encryption and zero-trust architecture, meanwhile the Internet Archive just lost 7TB of data through an exposed GitLab authentication token. This token, reported as publicly accessible since December 2022, led to one of the most significant breaches of 2024, affecting 33 million users. 31,081,179…
Source
TechSplicer – Read More