BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
Euro Vishing Fraudsters Add Physical Intimidation to Arsenal
/in General NewsThe persistent threat of social engineering tactics sees cybercriminals blending technology with human manipulation to exploit individuals.
darkreading – Read More
OpenAI Kept Mum About Hack of Sensitive AI Research
/in General NewsSecurity breach potentially exposed internal secrets at AI research firm OpenAI after hackers accessed discussions on sensitive AI…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Hacker Stole Secrets From OpenAI
/in General NewsChatGPT maker OpenAI was breached in 2023, but the company says source code and customer data were not accessed.
The post Hacker Stole Secrets From OpenAI appeared first on SecurityWeek.
SecurityWeek – Read More
Are SOC 2 Reports Sufficient for Vendor Risk Management?
/in General NewsSOC 2 reports are a valuable tool for evaluating vendor security, but they shouldn’t be the only piece of the puzzle.
darkreading – Read More
Why Cyber Teams Should Invest in Strong Communicators
/in General NewsAs automation spreads and relieves security pros of time-consuming management tasks, their ability to articulate complex cybersecurity risks with the C-suite is increasingly valuable.
darkreading – Read More
Singapore is working on technical guidelines for securing AI systems
/in General NewsThe voluntary guidelines will be a reference for cybersecurity professionals looking to improve AI security.
Latest stories for ZDNET in Security – Read More
Ensuring AI Safety While Balancing Innovation
/in General NewsExperts will explore the oft-neglected necessity of AI safety and its integration with security practices at next month’s Black Hat USA in Las Vegas.
darkreading – Read More
Webinar Alert: Learn How ITDR Solutions Stop Sophisticated Identity Attacks
/in General NewsIdentity theft isn’t just about stolen credit cards anymore. Today, cybercriminals are using advanced tactics to infiltrate organizations and cause major damage with compromised credentials.
The stakes are high: ransomware attacks, lateral movement, and devastating data breaches.
Don’t be caught off guard. Join us for a groundbreaking webinar that will change the way you approach cybersecurity.
The Hacker News – Read More
A CISO’s Guide to Avoiding Jail After a Breach
/in General NewsYahoo, Uber, SolarWinds — increasingly, the government is incentivizing better corporate security by punishing the individuals leading it. Is that a good idea? And how can security pros avoid ending up on the butt end of a lawsuit?
darkreading – Read More
OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers
/in General NewsFrench cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a packet rate of 840 million packets per second (Mpps).
This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large European bank in June 2020.
The 840 Mpps DDoS attack is said to have been a combination of a TCP
The Hacker News – Read More