BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
/in General NewsDetails have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances.
The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system.
According to DEVCORE security researcher, the shortcoming makes
The Hacker News – Read More
Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns
/in General NewsMicrosoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in.
Recall, currently in preview and coming exclusively to Copilot+ PCs on June 18, 2024, functions as an “explorable visual timeline” by capturing screenshots of what appears on users’ screens every five seconds, which are subsequently analyzed and
The Hacker News – Read More
Harvard, MIT, and Wharton research reveals pitfalls of relying on junior staff for AI training
/in General NewsNew study by Harvard, MIT, Wharton, and BCG researchers finds that relying on junior employees to train seniors on generative AI risks is ineffective, highlighting the need for top-down governance and expertise at all levels.Read More
Security News | VentureBeat – Read More
New Phishing Campaign Uses Stealthy JPGs to Drop Agent Tesla
/in General NewsSpanish speakers beware! A new campaign using the Agent Tesla RAT targets Spanish-speaking individuals. Learn how to protect…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
GitHub Repos Targeted in Cyber-Extortion Attacks
/in General NewsSince at least February, a threat actor has been attempting to extort victims by stealing or wiping data in their GitHub repositories.
darkreading – Read More
OpenAI, Anthropic Research Reveals More About How LLMs Affect Security and Bias
/in General NewsAnthropic opened a window into the ‘black box’ where ‘features’ steer a large language model’s output. OpenAI dug into the same concept two weeks later with a deep dive into sparse autoencoders.
Security | TechRepublic – Read More
CISO Corner: Red Sox CloudSec; Deepfake Biz Risk; Ticketmaster Takeaways
/in General NewsOur collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Proactive playbooks, a US-Kenya partnership, and the trouble with shadow engineering.
darkreading – Read More
How AI-driven identity attacks are defining the new threatscape
/in General NewsAttackers are turning to deepfakes and other identity attacks to achieve their goals, quickly changing the enterprise threatscape.Read More
Security News | VentureBeat – Read More
Microsoft temporarily disables Recall on Copilot+ PCs amid security and privacy concerns
/in General NewsMicrosoft temporarily disables its AI-powered Recall feature on Copilot+ PCs following privacy and security concerns raised by cybersecurity experts and the public.Read More
Security News | VentureBeat – Read More
Snowflake’s customer breaches make 2024 the year of the identity siege
/in General NewsAccess happened because the demo account was not behind Okta or Multi-Factor Authentication (MFA), unlike Snowflake’s corporate and production systems.Read More
Security News | VentureBeat – Read More