In this week's Seclog, the security landscape is characterized by a mix of critical vulnerabilities, sophisticated attack techniques, and concerning developments in commercial surveillance. Multiple high-severity issues emerged, including a CVSS 10.0 Remote Code Execution (RCE) in React Server Components, which has already seen a public Chrome extension for automated exploitation.

📚 SecMisc #

SSRF Payload Generation Tool - shelltrail.com

This tool generates HTML/SVG payloads specifically for testing Server-Side Request Forgery vulnerabilities. Streamlines the process of identifying these critical flaws.

📰 SecLinks #

Ublock Origin Script Injection Risk - grahamhelton.com

The Ublock Origin browser extension's ability to load arbitrary custom JavaScript can be exploited on a compromised machine. Poses a significant risk for malicious script injection.

Legal AI Tool Exposes Client Data - alexschapiro.com

Reverse engineering a $1B legal AI tool revealed a critical API vulnerability with zero authentication. Granting full admin access and exposing over 100,000 confidential files.

Critical RCE in React Server Components - offsec.com

CVE-2025-55182 is a critical RCE vulnerability (CVSS 10.0) in React Server Components. Allows unauthenticated remote code execution with a direct path to compromise server-side logic.

Prompt Injection in GitHub Actions - aikido.dev

A new class of "PromptPwnd" vulnerabilities affects GitHub Actions and GitLab CI/CD pipelines when AI agents are integrated. Leads to supply chain attacks via prompt injection.

Hidden Microphone in NanoKVM - telefoncek.si

A hidden microphone and other serious security flaws were discovered in the Chinese-made NanoKVM switch. Poses significant privacy and security risks.

Advanced Cache Poisoning Techniques - herish.me

This in-depth analysis explores cache poisoning as a highly impactful attack vector. Details foundational attacks and real-world case studies across CDNs and cloud platforms.

Intellexa's Global Spyware Network - recordedfuture.com

This research uncovers Intellexa's intricate global corporate web. Details the highly sophisticated Predator mercenary spyware used to compromise Android and iPhone devices.

Proxy C2 Traffic via Chromium CDP - x90x90.dev

This post details a novel technique to proxy C2 HTTP traffic through Chromium using the Chrome DevTools Protocol. Enables stealthy command-and-control operations by leveraging legitimate browser features.

🐦 SecX #

Chrome Extension Exploits React RCE - x.com

A publicly available Chrome extension has emerged that automatically scans for and exploits CVE-2025-55182. Demonstrates rapid weaponization of recent disclosures.

💻 SecGit #

Modern Distributed Hashcracking Solution - github.com

Phatcrack is a modern, web-based distributed hashcracking solution built on Hashcat. Designed to provide efficient and scalable hash recovery capabilities.

Forensic Trace Cleaning Script - github.com

Nyx is a self-contained script designed for cleaning forensic traces across Linux, macOS, and Windows systems. Useful for post-exploitation cleanup and maintaining operational security.

Docker Container Escape Tool - github.com

DEEPCE is a tool for identifying and exploiting vulnerabilities within Docker environments. Facilitates privilege escalation and container escape techniques.

Secure NPM Package Installation - github.com

npq is a tool designed to enhance supply chain security by auditing npm packages before installation. Prevents the introduction of malicious or insecure dependencies.

← Back to Seclog