"In the realm of cyber, victory belongs not to the swiftest click, but to the most strategic mind." - The Art of Cyber War

📚 SecMisc #

Torflow Network Analysis Tool – Torflow provides network analysis and visualization for Tor relays, offering insights into network performance and security monitoring. uncharted.software

Interim Computer Museum Digital Archive – The Interim Computer Museum showcases historical computing devices and preservation efforts, serving as a digital archive for technology enthusiasts. icm.museum

Phrack Magazine Latest Issue – Explore the latest issue of Phrack Magazine, a long-standing publication for security research and hacking culture. Phrack Magazine

📰 SecLinks #

Multi-Agent Hijacks, Ruby Deserialization, Image Scaling Attacks – Hijacking multi-agent systems, Ruby deserialization exploits, and weaponizing image scaling against production AI systems. Read More

Marshal Madness: Ruby Deserialization History – Brief history of Ruby deserialization exploits. Read More

Weaponizing Image Scaling – New Trail of Bits research on production AI image scaling attacks. Read More

0-Click Account Takeover and Security Demo – Exploitation via CaMeL. Read More

Azure Weakest Link: Cross-Tenant and API Secrets – Misconfigurations leading to cross-tenant compromise. Read More

Azure API Connections Secrets Leak – API connections spilling secrets. Read More

ECC.Fail Cryptography Insights – ECC vulnerabilities & failures. Read More

MCP Security: Network-Exposed Servers Backdoors – Cloud misconfiguration risks. Read More

Gumroad Security Report – Findings & recommendations. Read More

Automate Cloud Security with AWS Step Functions – Security workflows automation. Read More

Intel Outside: Hacking Every Employee – Hacking Intel staff & internal sites. Read More

OSINT of Cuba Analysis – Intelligence insights. Read More

Malicious PyPI and npm Packages – Supply chain attacks. Read More

Cache Deception + CSPT Account Takeover – Turning low-severity bugs into account takeover. Read More

Trivial C# Random Exploitation – RNG exploitation. Read More

Zero-Day Startup Offers $20M for Smartphone Hacks – New vulnerability market. Read More

Exploiting CodeRabbit: PR to RCE on 1M Repos – Pull request → RCE. Read More

Hallucinated Package Attack: Slopsquatting – Supply chain risks. Read More

How Brands Downplay Security Breaches – Case study: Orange. Read More

Missing Semester of AI: LLM Security – AI vulns & best practices. Read More

Request Collapsing Demystified – CDN security implications. Read More

DOM-Based Extension Clickjacking Risks – Browser extension exploit. Read More

AWS IAM Privilege Escalation Techniques – Exploiting IAM misconfigs. Read More

A Fuzzy Escape: Hypervisor Vulnerability Research – Hypervisor exploit. Read More

AI Assisted Dev aka Vibecoding – AI in dev workflows. Read More

Windsurf: Memory-Persistent Data Exfiltration – SpAIware exploit. Read More

🐦 SecX #

XBOW Unleashes GPT-5’s Hidden Hacking Power – GPT-5 cyber capabilities revealed. Watch Here

🎥 SecVideo #

CSRF Exploits, Deserialization Insights, AI Fraud Detection – Client-side path traversal, CSRF, deserialization, AI-based fraud detection. Watch Here

DEF CON 33 VPN Cloud Breach – Cloud VPN bug exploitation. Watch Here

Deserialization: what, how and why [not] - Alexei Kojenov - AppSecUSA 2018 (YouTube) – Additional session. Watch Here

AI & Security Demo (YouTube) – Watch Here

💻 SecGit #

OAuth Phishing, TOCTOU Attacks, AI Security Tools – Azure OAuth phishing, OpenAI TOCTOU, iOS privacy vulns, prompt injection. Explore

Google Security Advisory GHSA-mp56-7vrw-qxvf – TOCTOU attack. Explore

Anthropic Claude Code Security Review – AI code analysis tool. Explore

NineSunsInc Mighty Security – Security tooling repo. Explore

iOS 18.5 Bluetooth Privacy Vuln – Exploit PoC. Explore

Git Authors 0.2.0 – Git commit authorship tracking. Explore

Trail of Bits Anamorpher – Security visualization tool. Explore

MCP Guardian – Cloud MCP security guardian tool. Explore

← Back to Seclog