"Keep your friends' passwords close, and your enemies' passwords closer." - The Art of Cyber War

📚 SecMisc #

0day.today Security Archive Database – A searchable archive of security vulnerabilities and exploits. 0day.today

ZeroDay Cloud Hacking Competition – Details for the ZeroDay Cloud hacking competition focused on cloud security. Read More

In Memory of Aaron Swartz – A memorial page honoring the life and work of Aaron Swartz. Rest In Code

📰 SecLinks #

Tesla Telematics ADB Auth Bypass – A technical advisory details an ADB auth bypass vulnerability in the Tesla Telematics Control Unit, allowing unauthorized access. Read More

VMware Elevation of Privilege Vulnerability – Analysis of CVE-2025-41244, a VMware elevates it vulnerability leading to local privilege escalation on Workstation and Fusion. Read More

Abusing Notion AI Agent Data Theft – A blog post discusses how Notion's AI Agent can be abused for data theft, extracting sensitive information from documents. Read More

CSS Crimes for Fun and Profit – A slide deck presentation on committing CSS crimes for creative and potentially malicious web effects. Read More

Shellshock Vulnerability Deep Dive – An in-depth essay exploring the history and technical details of the Shellshock bash vulnerability. Read More

Crypto Phishing Campaign Robots.txt Exposure – An investigation into a crypto phishing campaign that attempted to block security researchers via its robots.txt file. Read More

Okta Identity Security Policies Guide – A security researcher's guide to understanding and navigating Okta Identity Security Policies. Read More

Klopatra Android Banking Trojan Operation – Exposure of a new Android banking trojan operation named Klopatra, with roots in Turkey, targeting financial applications. Read More

Gemini Vulnerabilities Private Data Exfiltration – Three new Gemini vulnerabilities in Cloud Assist, Search Model, and Browsing allowed for private data exfiltration from Google's AI. Read More

FreeWifi_Secure Killer Vulnerability Analysis – An analysis of the vulnerability that killed the FreeWifi_Secure service, detailing the security flaw and its impact. Read More

Unity Runtime Arbitrary Code Execution – Details on CVE-2025-59489, an arbitrary code execution vulnerability within the Unity Runtime. Read More

🐦 SecX #

Vulnerable Vibe-Coded App Audit – An audit of a "vibe-coded" application revealed an insane amount of vulnerabilities, including SQLi, SSRF, and command injection. Watch Here

🎥 SecVideo #

The History of GREP Tool – A video exploring the origins and history of the GREP command-line tool. Watch Here

💻 SecGit #

Grep.app Command Line Utility – A command line util for grep.app enabling powerful searches across a vast repository index directly from the terminal. Explore on GitHub

Adobe Experience Manager Hacking Toolkit – Hopgoblin is an AEM hacking toolkit for security testing and exploiting Adobe Experience Manager instances. Explore on GitHub

N-day Exploit Collection Repository – A collection of n-day exploits and related security research. Explore on GitHub

CI/CD Secret Extraction via Pipelines – Nord Stream extracts secrets stored inside CI/CD environments by deploying malicious pipelines for Azure DevOps, GitHub, and GitLab. Explore on GitHub

ReDoS Vulnerability Finder Tool – Regexploit finds regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service). Explore on GitHub

Tailscale SOCKS5 Proxy for Red Teams – SockTail is a lightweight binary that joins a Tailscale network and exposes a local SOCKS5 proxy for red team operations. Explore on GitHub

Nmap Setuid Backdoor via Lua – A backdoor that leverages Nmap with setuid permissions to execute commands as root through a Lua-loaded C library. Explore on GitHub

Multi-Architecture Emulation Platform – Styx is a multi-architecture emulator designed for the modern era. Explore on GitHub

iOS Zero-Click RCE Attack Chain – Exploits for CVE-2025-31200, a zero-click RCE in iOS CoreAudio, and CVE-2025-31201 for kernel escalation, triggered via iMessage. Explore on GitHub

Active Directory DNS Dumping Tool – Adidnsdump allows Active Directory Integrated DNS dumping by any authenticated user. Explore on GitHub

Gemini API Key Exposure Scanner – A scanner to check for exposed Gemini API keys in public sources. Explore on GitHub

Automated Firebase Security Scanner – OpenFirebase is an automated scanner to check for unauthorized read and write access on Firestore, databases, and storage. Explore on GitHub

← Back to Seclog