In this week's Seclog, the security landscape is marked by diverse and evolving threats, alongside advancements in defensive tooling and intelligence. A significant focus is placed on new attack vectors in AI, with prompt injection emerging as a potent vulnerability in GenAI applications, potentially more severe than traditional SQL injection due to fundamental differences. Cloud security remains a critical concern, evidenced by tools for detecting AWS IAM privilege escalation and samples for file integrity monitoring on EC2 instances.

📚 SecMisc #

JavaScript: Security Risks and Disablement - disable-javascript.org

Emphasizes the inherent security risks associated with JavaScript execution in web browsers. Suggests disabling JavaScript as a security measure to mitigate potential harm.

IP.THC.ORG: World's Largest Domain Database - ip.thc.org

Presents IP.THC.ORG as an online resource providing access to the "world's largest Internet Domain Database." Offers capabilities for reverse-DNS, subdomain, and CNAME lookups.

Pathfinding.cloud for AWS IAM Privilege Escalation - pathfinding.cloud

Offers a platform specifically designed to help security professionals detect IAM-based privilege escalation vulnerabilities in AWS. Provides tools to identify and remediate misconfigurations before they can be exploited.

📰 SecLinks #

Prompt Injection: A Worse Threat Than SQLi - ncsc.gov.uk

Defines prompt injection as a GenAI vulnerability where untrusted user input allows manipulation of model behavior. Highlights the critical distinction from SQL injection, emphasizing that traditional mitigations may be ineffective.

Kimwolf Botnet Infects 1.8 Million Android Devices - blog.xlab.qianxin.com

Details the Kimwolf botnet, an NDK-compiled Android malware with DDoS, proxy forwarding, and reverse shell capabilities. Reveals its hyper-scale operation, having infected an estimated 1.8 million devices.

ORM Leakage Exploits Filtering, Bypasses Protections - elttam.com

Demonstrates how developers' filtering capabilities can inadvertently expose sensitive attributes through ORMs like Beego and Prisma. Showcases authentication-bypass techniques emphasizing the need to disallow filtering on sensitive attributes.

Datadog Introduces Pathfinding.cloud - securitylabs.datadoghq.com

Highlights the critical concern of privilege escalation in AWS environments. Explains that attackers routinely exploit these escalation paths post-initial access.

AI Aids TP-Link Tapo C200 Reverse Engineering - evilsocket.net

Details the discovery of vulnerabilities like hardcoded keys and buffer overflows in the TP-Link Tapo C200 camera firmware. Showcases the effectiveness of AI-assisted reverse engineering techniques.

Amadey Loader Exploits GitLab to Deliver StealC - threats.wiz.io

Reports on the Amadey malware loader leveraging a compromised GitLab instance as a C2 server. Details the loader's obfuscation techniques, including custom Base64 encoding and RC4 encryption.

2025 Vulnerabilities: Rapid Exploitation Post-Disclosure - projectdiscovery.io

Reflects on 2025's most impactful vulnerabilities, highlighting the accelerated timeline from disclosure to exploitation. Underscores the critical challenge for defenders to patch vulnerabilities before attackers can operationalize exploits.

🐦 SecX #

Mixpanel Hacked via SMS Phishing, Data Extorted - x.com

Reports on the compromise of Mixpanel through an SMS phishing attack, leading to data theft and extortion. Notes the unusual circumstance where OpenAI preemptively announced the breach.

THC Releases Massive Free IP-Domain Database - x.com

Announces the release of a comprehensive, free IP-to-domain database by The Hacker's Choice. Highlights the utility for reconnaissance and threat intelligence.

💻 SecGit #

AWS Sample for EC2 File Integrity Monitoring - github.com

Provides a practical AWS sample for implementing File Integrity Monitoring on EC2 instances. Demonstrates integration with AWS Security Hub and Amazon Security Lake.

TRECO: Tactical Race Exploitation Orchestrator - github.com

Introduces TRECO, a tool designed to facilitate the exploitation of race conditions in applications. Implies utility for security researchers in identifying concurrency vulnerabilities.

AI-Driven Attack Tree Generator with MITRE ATT&CK - github.com

Presents an AWS sample utilizing AI for automated threat modeling and attack tree generation. Integrates with MITRE ATT&CK for structured approach to attack paths.

bhgrep: Fast Browser History Search Tool - github.com

Introduces bhgrep, a high-performance command-line utility for searching browser history. Offers fuzzy matching, regex support, and interactive TUI.

OpenBao: Solution for Sensitive Data Management - github.com

Introduces OpenBao, an open-source solution for secure management of sensitive data. Emphasizes its utility for handling secrets, certificates, and cryptographic keys.

← Back to Seclog