"The enemy does not care what systems were in scope for testing. Protect your weak points." - The Art of Cyber War

📚 SecMisc #

Chat Control Must Be Stopped Now – Act now to stop chat control mass surveillance. privacyguides.org

📰 SecLinks #

AI Coding Blog Post by Geohot – A blog post on AI coding, exploring the intersection of artificial intelligence and software development. Read More

AI-Powered Ransomware Emerges as Threat – The first AI-powered ransomware is here, marking a new era in automated cyber threats. beaglesecurity.substack.com

Major npm Supply Chain Attack Analysis – Widespread npm supply chain attack impacts debug, chalk, and beyond, with over 2 billion weekly downloads compromised. Read More

18 Popular Code Packages Hacked – Eighteen popular code packages were hacked and rigged to steal crypto in a major supply chain attack. Read More

GhostAction GitHub Steals 3,325 Secrets – Hackers steal 3,325 secrets in the GhostAction GitHub supply chain attack, compromising numerous repositories. Read More

NPM Packages Compromised via Maintainer Hack – NPM packages were compromised after maintainer 'qix' was hacked, leading to a widespread supply chain incident. Read More

Salt Typhoon Hack Affects Everyone in US – The Salt Typhoon hack affects everyone in the US, according to a new security advisory. Read More

Anatomy of a Billion-Download NPM Attack – Analysis of the malicious code found in the largest NPM supply-chain attack in history. Read More

Security Alert for chalk, debug, color – chalk, debug and color on npm compromised in new supply chain attack, prompting a major security alert. Read More

Major NPM Attack Impacts Mobile Apps – Major NPM supply-chain attack has a potential impact on mobile applications, exposing a vast attack surface. Read More

Software Packages Hit in Supply-Chain Attack – Software packages with more than 2 billion weekly downloads hit in a massive supply-chain attack. Read More

APT37 Targets Windows with Rust Backdoor – APT37 targets Windows with a Rust backdoor and Python loader in a new campaign. Read More

mXSS Cheatsheet for Web Security – A comprehensive mXSS cheatsheet for understanding and preventing mutation-based XSS vulnerabilities. Read More

OWASP Checklist Tracker for Testing – An OWASP checklist tracker to help manage and track web security testing guide progress. Read More

🐦 SecX #

Japan PSIA Database Allegedly Leaked – A threat actor claims to have leaked the full 2.3 TB database of Japan’s Public Security Intelligence Agency (PSIA). Watch Here

GFW Report on Great Firewall Leak – The Great Firewall of China (GFW) experienced a massive internal document leak, exposing over 500GB of source code and logs. Watch Here

🎥 SecVideo #

Gen AI, Cybersecurity & AI Agents – Experts answer questions on Gen AI, cybersecurity, and AI agents in a dedicated session. Watch Here

One Prompt Hacked Lenovo’s Chatbot – A single prompt was used to hack Lenovo’s chatbot, demonstrating a critical vulnerability. Watch Here

Largest npm Supply Chain Attack History – Analysis of what is potentially the largest supply chain attack in npm history. Watch Here

Biggest Supply Chain Hack Ever – This is literally the biggest supply chain hack ever, with unprecedented scale and impact. Watch Here

💻 SecGit #

MCP Server for Metasploit Integration – An MCP Server for Metasploit, enabling new integration and automation capabilities for the framework. Explore on GitHub

Cobalt Strike Aggressor Script Arsenal – An Aggressor script to automatically download and load an arsenal of open source and private Cobalt Strike tooling. Explore on GitHub

CVE-2025-57817 GitHub Advisory Details – The GitHub Advisory Database entry for CVE-2025-57817, providing details on the vulnerability. Explore on GitHub

FancyTracker Firefox Port for PostMessage – A modern postMessage tracker ported to Firefox, inspired by Frans Rosens original work. Explore on GitHub

FlareSolverr Bypasses Cloudflare Protection – A proxy server to bypass Cloudflare protection, useful for web scraping and automation. Explore on GitHub

CoRPhone Android Kernel Pwn Challenge – CoRCTF 2025 - CoRPhone: An Android Kernel Pwn challenge from the capture the flag event. Explore on GitHub

Inboxfuscation for Mailbox Rule Obfuscation – An advanced framework for mailbox rule obfuscation and detection in Exchange environments. Explore on GitHub

BadPIE for Security Testing – A tool named badpie for various security testing purposes. Explore on GitHub

Sni5Gect 5GNR Sniffing Framework – A 5G sniffer and downlink injector framework with Wireshark support for network analysis. Explore on GitHub

Crimson7 NPM Scanner for Supply Chain – An advanced supply chain security analysis tool for detecting malicious NPM packages from the September 2025 compromise. Explore on GitHub

← Back to Seclog