In this week's Seclog, the cybersecurity landscape reveals a heightened focus on software supply chain vulnerabilities and the emerging risks associated with AI-driven applications. Critical zero-day exploits impacting self-hosted Git services like Gogs and widely used React Server Components, coupled with the alarming ease of publishing malicious VS Code extensions, underscore the persistent threat to development environments and foundational infrastructure.

📚 SecMisc #

Crypto, FIDO, Security Tokens Overview - docs.google.com

This resource provides a detailed, structured overview of various cryptographic concepts, FIDO standards, and security token implementations. It serves as a valuable reference for security professionals to deepen their understanding of modern authentication mechanisms.

📰 SecLinks #

OWASP Top 10 for Agentic AI Applications - resilientcyber.io

This framework outlines critical security risks specific to agentic AI applications, where agents operate autonomously using natural language. Attack vectors include manipulating agent objectives via prompt injection, deceptive tool outputs, and poisoned data.

Go Language Proposes Secret Mode - antonz.org

The Go language proposes a new runtime/secret package, enabling a "secret mode" for functions to enhance memory security. This mode ensures immediate zeroing of registers and stack upon function completion.

Stop Spreading Digital Security Folklore - hacklore.org

"Hacklore" refers to widespread, plausible but ultimately unfounded digital safety advice and urban legends. This initiative aims to educate by debunking common misconceptions, promoting evidence-based security practices.

React2Shell RCE Widely Exploited - cloud.google.com

A critical unauthenticated RCE vulnerability, CVE-2025-55182 ("React2Shell"), impacting React Server Components, is under widespread exploitation. Rapid exploitation by cybercrime groups and suspected espionage actors emphasizes the urgency for organizations to patch.

Novel SAML Authentication Bypass Techniques - portswigger.net

Researchers have uncovered novel parser-level inconsistencies in Ruby and PHP SAML implementations that allow full authentication bypass. Techniques like attribute pollution and namespace confusion enable attackers to bypass XML Signature validation.

SOAPwn: Pwning .NET Through WSDL - labs.watchtowr.com

Research on "SOAPwn" revealed new primitives in the .NET Framework allowing Remote Code Execution via HTTP client proxies. Despite Microsoft's "DONOTFIX" stance, their successful weaponization highlights a significant attack surface.

Gogs Zero-Day RCE Actively Exploited - wiz.io

A zero-day RCE vulnerability (CVE-2025-8110) in Gogs, a popular self-hosted Git service, is actively being exploited. This vulnerability is a symlink bypass allowing authenticated users to overwrite arbitrary files.

🎥 SecVideo #

AWS re:Invent 2025 Security Talks Playlist - youtube.com

This playlist aggregates security-focused sessions from AWS re:Invent 2025. It offers insights into the latest AWS security features and best practices.

CCP Manipulates NPM to Hoard Malware - youtube.com

This talk explores the alleged manipulation of the NPM ecosystem by the Chinese CCP to accumulate malware. Such activity poses a significant risk to developers relying on NPM packages.

← Back to Seclog