"A wise warrior knows that every click is a potential weapon in the digital battlefield." - The Art of Cyber War

📚 SecMisc #

Attacker File Extensions Database for Threat Intel – Filesec.io provides a database of file extensions used by attackers, helping you stay up-to-date with threat intelligence. You can contribute to expand this valuable resource. Filesec.io

Red-Teaming AI Models for Vulnerabilities – A Kaggle competition challenges participants to find previously undiscovered flaws and vulnerabilities in the gpt-oss-20b model. This aims to improve AI security through community red-teaming efforts. Kaggle

Vulnerability Vibes: Network, Learn, Connect – Vulnerability Vibes offers an opportunity to network and make new connections within the security industry. Attendees can learn from the hackers themselves, understanding both industry trends and attacker tactics. Vulnerabilityvibes.com

📰 SecLinks #

HTTP/1.1 Desynchronization Endgame – Protocol deemed inherently insecure. Read More

AWS SAR IAM Action Nuances – AWS Service Authorization References (SAR) and IAM action risks. Read More

AWS Account Termination Without Warning – 10-year-old AWS account deleted without recovery. Read More

ORM Injection Crypto Theft Exploit – Cryptocurrency theft via ORM injection in online game. Read More

CVE-2025-29891 Apache Camel RCE – Header injection RCE via misconfiguration. Read More

Squid Proxy Critical RCE Vulnerability – SQUID-2025:1 flaw enables remote code execution. Read More

Adobe Experience Manager Pre-Auth Flaws – Critical vulnerabilities in AEM Forms via Struts DevMode. Read More

Jenkins RCE via Git Parameter Plugin – CVE-2025-53652 allows unauthenticated RCE. Read More

Fastly HTTP/1.1 Attack Resilience – Parser robustness protects against desync. Read More

1Panel Agent Certificate Bypass – GHSA-8j63-96wh-wh3j allows arbitrary code execution. Read More

Buttercup Open-Source Release – AI Cyber Challenge runner-up CRS open-sourced. Read More

Blind SSRF to File Reading Oracle – Turning SSRF into a file oracle. Read More

Copilot Studio AIjacking Data Theft – Prompt injection leads to full data exfiltration. Read More

Security Products and Human Psychology – Security tools linked to 7 deadly sins. Read More

HashiCorp Vault Auth Flaws Exposed – Zero-day in authentication & authorization. Read More

Safari PermissionJacking Privacy Risk – Permission hijacking in Safari. Read More

Zscaler SAML Auth Bypass Advisory – CVE-2025-54982 missing signature verification. Read More

Confluence Auth Bypass via XSS – iOS-specific XSS leads to auth bypass. Read More

FileJacking Initial Access with File System API – Experimental API allows direct file editing. Read More

Introducing AI-powered Exploit Verification and Triage – AI to triage vulnerabilities. Read More

Cursor IDE's MCP Vulnerability Discovery – MCP flaw in AI IDE allows local command execution. Read More

🐦 SecX #

Brave HTML Serialization Vulnerability – Demo shows broken serialization. Watch Here

💻 SecGit #

Quack PHP Deserialization Protector – Runtime validation against PHP deserialization attacks. Explore on GitHub

Finch TLS Fingerprint-Aware Proxy – Reverse proxy blocks/reroutes traffic using JA3/JA4 fingerprints. Explore on GitHub

Kwcmd Hidden Linux Backdoor – Persistent access via disguised commands. Explore on GitHub

Beelzebub AI Honeypot Framework – AI for virtualization deception environments. Explore on GitHub

Signal Key Transparency Auditor – Audits Signal's Merkle^2-style logs. Explore on GitHub

Claude-Powered Security Code Review – Uses Claude AI to analyze commits for vulnerabilities. Explore on GitHub

ECSpace AWS ECS Credential Theft – IAM credential theft in EC2 launch mode. Explore on GitHub

Viper AI Red Teaming Platform – AI-powered adversary simulation. Explore on GitHub

← Back to Seclog