"Guard your data as you would a fortress; for once breached, all defenses crumble." - The Art of Cyber War

📚 SecMisc #

CTFtime Points Calculation Tool – The CTFtime Points Calculator is a utility designed to help participants determine their scores and standings in Capture The Flag competitions. It provides a convenient way to track progress. ctfpoints-calculator.me

Detective Wiki: Cyber Security Resources – The Detective Wiki serves as a comprehensive resource for cybersecurity information, tools, and methodologies. It aims to assist security professionals and enthusiasts in their investigations. detective.wiki

📰 SecLinks #

Progress Telerik UI Unsafe Reflection – A detailed analysis of Progress Telerik UI for ASP.NET AJAX Unsafe Reflection (CVE-2025-3600) reveals vulnerabilities extending beyond typical DoS attacks. This research explores critical implications. Read More

LLM Poisoning: Transformer's Thoughts – This first part of a series explores LLM Poisoning, focusing on methods for "reading the Transformer's thoughts." It delves into initial techniques for understanding and manipulating large language models. Read More

Agentic AI Red Teaming Playbook – A comprehensive Agentic AI Red Teaming Playbook is presented, offering strategies and methodologies for effectively testing and securing AI agents against adversarial attacks. Read More

WSUS Unauthenticated RCE Vulnerability – HawkTrace details CVE-2025-59287, an unauthenticated RCE vulnerability impacting WSUS. The report provides technical insights into the exploit and potential mitigation strategies. Read More

Cisco Talos Intelligence Report – Cisco Talos Intelligence Group releases TALOS-2025-2243, a comprehensive threat intelligence report detailing a specific vulnerability. This advisory provides critical security information. Read More

Microsoft Copilot Data Exfiltration – Adam Logue details how Microsoft 365 Copilot could be vulnerable to arbitrary data exfiltration through Mermaid diagrams. The issue has since been fixed, highlighting critical AI security concerns. Read More

Stealing Microsoft Teams Access Tokens – This article explores methods for stealing Microsoft Teams access tokens in 2025, detailing current attack vectors and implications. It provides insights into the persistent challenges of securing collaboration platforms. Read More

Unseeable Prompt Injections in AI Browsers – Brave's research uncovers unseeable prompt injections via screenshots, revealing more vulnerabilities in Comet and other AI browsers. This highlights new adversarial methods targeting AI-driven interfaces. Read More

Prompt Injection to AI Agents RCE – Trail of Bits details how prompt injection can escalate to Remote Code Execution (RCE) in AI agents. This analysis demonstrates a critical attack vector against intelligent systems. Read More

Pwn2Own Ireland 2025 Results – The Zero Day Initiative reports on the Pwn2Own Ireland 2025 event, covering results from Day One, Day Two, and Day Three, culminating in the crowning of the Master of Pwn. This provides a comprehensive overview of successful exploits. Read More

Hacking Formula 1: FIA PII Access – A report on hacking Formula 1 reveals vulnerabilities in FIA systems allowing access to Max Verstappen's passport and PII. This highlights critical data breaches in high-profile organizations. Read More

Chromium DevTools XSS Vulnerabilities – A Chromium security issue (402791076) details how DevTools XSS vulnerabilities can lead to sandbox escape, UXSS, and CDP access. This impacts browser security significantly. Read More

LLM Poisoning with Small Samples – Anthropic research demonstrates that even a small number of samples can poison LLMs of any size. This study underscores the fragility of large language models to data manipulation. Read More

Burp Suite Extension for gRPC-Web – Compass Security introduces bRPC-Web, a new Burp Suite extension specifically designed for testing gRPC-Web applications. This tool enhances the capabilities of security professionals for API analysis. Read More

🐦 SecX #

AI Browser Jailbreak Alert – An AI browser jailbreak alert on X reveals a successful "LSD jailbreak" against GPT-5, resulting in an "Atlas-Browser" liberation. This highlights significant vulnerabilities in new AI browsers. Watch Here

🎥 SecVideo #

Automating Network Exploits with NetExec – Dale Hobbs presents on automating network exploits using NetExec. This video provides insights and techniques for enhancing exploit capabilities. Watch Here

💻 SecGit #

Caddy C2 Profile Request Filter – Caddy v2 module for filtering requests based on C2 profiles, enhancing detection evasion capabilities. Explore on GitHub

Enhanced Captcha Killer for Burp – Modified captcha-killer supporting base64 image recognition and free OCR libraries for verification code爆破. Explore on GitHub

MCP Server Vulnerability Scanner – Scanner for Model Context Protocol servers identifying vulnerabilities in AI infrastructure components. Explore on GitHub

← Back to Seclog