"Let your strategies be dark and impenetrable as the night, and when you strike, fall like a thunderbolt on their servers." - The Art of Cyber War

📚 SecMisc #

DNS and IP Intelligence Feed – DNSarchive provides easy access to domain data and IP records. It's a repository simplifying searches for DNS intelligence. DNSarchive

📰 SecLinks #

OAuth Security Pitfalls and Risks – Skipping state validation enables CSRF attacks, while misconfigured scopes, public secret storage, and permissive redirect URIs create account takeover risks. Emphasizes OAuth is authorization, not authentication. Read More

Malicious MCP Server Prevalence on GitHub – VirusTotal analysis flagged nearly 8% of Model Context Protocol servers as potentially forged or critically vulnerable, highlighting risks from flawed implementations. Read More

Framebusting Intervention Security Enhancement – Mozilla proposal limits cross-origin iframes from navigating top-level contexts unless legitimacy conditions are met, improving web security and compatibility. Read More

Beginner CVE Discovery and Publishing Guide – Outlines methodical steps for novice bug hunters to find and publish CVEs using curiosity and persistence, bypassing elite skill requirements. Read More

Azure Illicit Consent Grant Attacks in 2025 – With Microsoft's MFA enforcement, credential-based attacks lose impact, shifting focus to consent grant exploits for initial access. Read More

llama.cpp Heap Overflow Vulnerability – CVE-2025-52566 exposes a subtle integer overflow in tokenizer, leading to heap corruption, undiscovered for over a year. Read More

Akamai CloudTest XXE Injection Flaw – XBOW discloses CVE-2025-49493, an XML External Entity injection vulnerability, alongside autonomous vulnerability research strategies. Read More

Reverse Engineering Vercel's BotID System – Analysis of Vercel's invisible CAPTCHA reveals reliance on client-side signals and Kasada's anti-bot tech for Deep Analysis tier. Read More

Google's Secure AI Agent Framework – Hybrid strategy combines deterministic controls with reasoning-based defenses, enforcing human oversight, action limitations, and observability for AI agents. Read More

MCP Protocol Security Design Flaws – Alibaba Cloud discloses OAuth mechanism weaknesses increasing phishing risks, urging community consensus on mitigation. Read More

Critical RCE in Anthropic MCP Inspector – CVE-2025-49596 (CVSS 9.4) enables browser-based exploits via DNS rebinding, allowing remote code execution. Read More

Sudo chroot LPE Vulnerability Impact – CVE-2025-32463 allows attackers to bypass sudoers restrictions via chroot option abuse, escalating to root privileges. Read More

Directory Traversal and CSV Abuse RCE – Chaining exploits in a Django app enabled overwriting wsgi.py for server-side code execution via pandas parser abuse. Read More

Wing FTP Server Null-Based RCE – CVE-2025-47812 details a remote code execution vulnerability exploiting NULL byte handling in Wing FTP. Read More

Reproducing WhatsApp Double-Free Vulnerability – Walkthrough of CVE-2019-11932 using AFL++ and Frida for on-device fuzzing of native Android libraries. Read More

Unpatched RCE in Call of Duty WWII – Exploit enables attackers to trigger Notepad popups, shutdowns, and inappropriate content via Xbox PC Game Pass. Read More

DNSArchive Domain Intelligence Repository – Simplifies DNS, RDNS, and IP record searches for domain intelligence and historical data. Read More

Persistent XSS in Adobe Experience Manager – Researchers achieved DOM-based XSS on AEM Cloud sites by bypassing built-in security features multiple times. Read More

Slack MCP Server Data Leakage Vulnerability – Unmaintained Anthropic Slack MCP Server allows data exfiltration via link unfurling flaws. Read More

Spyware Account Takeover via SQLi – Compromised 60,000 Catwatchful spyware accounts by exploiting SQL injection in the service's authentication flow. Read More

Exposed JDWP Exploitation in TeamCity – Attackers achieved RCE via Java Debug Wire Protocol abuse on CI/CD servers, deploying cryptominers and persistence mechanisms. Read More

🐦 SecX #

Call of Duty WWII RCE Exploit Abuse – Unpatched vulnerability enables in-game trolling via Notepad popups, system shutdowns, and explicit content injections. Watch Here

🎥 SecVideo #

Indirect Prompt Injection Attacks Explained – Demonstrates practical exploitation of LLM-backend integrations to execute arbitrary actions in victim contexts. Watch Here

Localhost API Exploits from Browsers – Browser-based attacks expose local services via port access flaws, enabling remote network infiltration. Watch Here

JavaScript Desktop App Hacking Techniques – Focuses on XSS and RCE in Electron apps, with cross-platform CSP bypasses and security methods. Watch Here

💻 SecGit #

AWS IAM Data Collection Tool – Collects IAM information across AWS organizations, accounts, and resources for security analysis. Explore on GitHub

JAR/WAR/APK Path and Secret Scanner – Discovers URLs, paths, secrets, and generates OpenAPI specs from Java/Android application configs. Explore on GitHub

Kubernetes CEL-Based Cluster Scanner – Uses CEL expressions to detect misconfigurations and vulnerabilities in k8s environments. Explore on GitHub

Self-Hosted Zero Trust Access Platform – FOSS alternative to Teleport/Cloudflare, providing VPN, ZTNA, API gateway, and ngrok-like capabilities. Explore on GitHub

GitHub Secret Scanner for Dangling Commits – Scans GH Archive data to find secrets in overwritten commits from force-push events. Explore on GitHub

Azure Blob Storage SOCKS5 Proxy Tool – Tunnels traffic through Azure Blob Storage when direct connectivity is restricted. Explore on GitHub

Kubernetes Privilege Escalation Toolkit – Automates token theft, secret collection, and cluster takeover techniques for pentesting. Explore on GitHub

Frontend API Key Validation Utility – Tests discovered credentials in-browser via JavaScript without server logging. Explore on GitHub

Electron Security Analysis and Injection Tool – Modern interface for manipulating Electron apps with debugging and exploit features. Explore on GitHub

Malicious Archive Crafting Utility – Generates specially designed archives to test extraction vulnerabilities. Explore on GitHub

LLM-Based Vulnerability Detection Model – FuncVul uses code chunks and LLMs for function-level vulnerability identification. Explore on GitHub

fwd:cloudsec 2025 Talk Summaries – Curated insights and key points from cloud security presentations for time-constrained professionals. Explore on GitHub

← Back to Seclog