Rosecurify

Seclog - #132

"In the digital battlefield, the greatest weapon is the ability to adapt faster than the enemy." - The Art of Cyber War

๐Ÿ“šย SecMisc #

Wiz CTF: Cloud Hacking Challenges โ€“ Sharpens skills via cloud hacking scenarios; earn certificates and build infosec reputations. Read More

Django IPv6 DoS Vulnerability Analysis โ€“ Exploits missing input limits in IPv6 validation (CVE-2024โ€“56374), allowing oversized payloads to trigger resource exhaustion and DoS in Django's address fields. Read More

FileFix: ClickFix Attack Alternative โ€“ Introduces FileFix for social engineering via Run Dialog execution, diving into ClickFix techniques for phishing operations. Read More

CentOS Web Panel RCE (CVE-2025-48703) โ€“ Discloses a remote code execution flaw in CWP, tracing its evolution from CentOS-focused to supporting AlmaLinux/Rocky Linux. Read More

AI Uncovers Dassault Delmia Apriso RCE โ€“ Hacktron found a pre-auth RCE missed by audits, demonstrating AIโ€™s speed in exposing critical vulnerabilities like unprotected .svc files. Read More

OWASP AI Agent Security Framework โ€“ Maps NIST AI RMF to OWASP standards, offering threat analysis for securing agentic systems. Read More

Semgrep MCP for Agentic Era Security โ€“ Launches beta tools addressing agentic era risks in AI systems. Read More

Detecting IP KVMs with RunZero โ€“ Identifies open-source IP KVMs like TinyPilot for remote control, common in labs/SMBs. Read More

Malicious GitHub MCP Servers Study โ€“ VirusTotal found 8% of MCP servers potentially malicious or vulnerable due to poor practices. Read More

North Korean npm Supply Chain Attack โ€“ Exposes supply chain attack using 35 malicious packages; 6 remain live with 4k+ downloads. Read More

Make Self-XSS Great Again - Slonser Notes

๐Ÿฆย SecX #

Agentic Ecosystem Achieves 1-Click RCE โ€“ @pwndotai enabled 1-click RCE in Cluely via indirect prompt injection. Watch Here

Agentic Hacking RCE via AI โ€“ Octagon Networks demonstrated a 1-click RCE in Cluely using @pwndotai, an agentic hacking ecosystem. The exploit involved techniques like indirect prompt injection. Read More

๐Ÿ’ปย SecGit #

stamparm/ipsum โ€“ Daily feed of bad IPs (with blacklist-hit scores). Explore on GitHub

NHAS/reverse_ssh โ€“ SSH-based reverse shell. Explore on GitHub

Cybr-Inc/reinforce-2025-summaries โ€“ Summaries and key insights from AWS re:inforce 2025 talks. Explore on GitHub

ANG13T/skytrack โ€“ Cybersecurity toolkit for various security tasks. Explore on GitHub

Suggestions & Feedback

Enjoyed this post? Subscribe to Seclog for more in-depth security analysis and updates.

For any suggestions or feedback, please contact us at: [email protected]

Subscribe to Seclog

Enjoyed this post? Subscribe for more in-depth security analysis and updates direct to your inbox.

No spam. Only high-security insights. Unsubscribe at any time.

Share this Seclog:

← Back to Seclog