In this week's Seclog, the security landscape is dominated by critical vulnerabilities affecting widely used technologies and the emergence of sophisticated AI-centric attack vectors. A major concern is the "MongoBleed" (CVE-2025-14847) vulnerability, allowing unauthenticated remote memory leaks in MongoDB via zlib compression, with confirmed in-the-wild exploitation. Similarly, a critical RCE flaw in WatchGuard Firebox devices and a remote command execution vulnerability in the popular Livewire Laravel framework underscore the persistent threat from software vulnerabilities.

📚 SecMisc #

Certgrep Hunts Squatting, Phishing Domains - certgrep.sh

Introduces certgrep, a specialized tool designed to query Certificate Transparency logs for suspicious entries. Facilitates the identification of potential domain squatting and phishing attempts by monitoring new certificate issuances.

GPG Key Server Testing - gpg.fail

Provides a web service to test the security posture and configuration of GPG keys. Helps users verify if their GPG keys are exposed to known vulnerabilities or misconfigurations.

📰 SecLinks #

GitHub Device Code Phishing Revealed - praetorian.com

Exposes a new initial access vector exploiting GitHub's OAuth2 device flow, similar to previously identified Azure AD device code phishing. Details how this technique has been successfully used in real-world compromises against well-resourced organizations.

Urban VPN Proxy Poses AI Risk - boingboing.net

Warns that Urban VPN Proxy, a free browser extension for Chrome and Edge, poses a significant security risk. Specifically highlights the danger for users interacting with Artificial Intelligence applications.

Task Injection Exploits AI Agents - bughunters.google.com

Defines "Task Injection" as a novel attack vector distinct from Prompt Injection, specifically targeting autonomous AI agents. Explains how attackers can exploit the "agency" of these agents to manipulate their internal task execution.

Arcanum Prompt Injection Taxonomy - arcanum-sec.github.io

Introduces a comprehensive classification system for various types of Prompt Injection attacks targeting Large Language Models. Provides a structured taxonomy to help security researchers categorize and defend against evolving LLM manipulation techniques.

LangGrinch Vulnerability Impacts LangChain Core - cyata.ai

Details CVE-2025-68664, dubbed "LangGrinch," a critical vulnerability in langchain-core's dumps() and dumpd() APIs. Explains how a single malicious text prompt can trigger complex internal deserialization pipelines.

MongoDB Memory Leak Via Zlib - ox.security

Highlights CVE-2025-14847, a critical "MongoBleed" memory disclosure vulnerability in MongoDB's zlib decompression logic. Allows unauthenticated attackers to remotely exfiltrate sensitive data directly from server memory.

MongoBleed Actively Exploited In Wild - wiz.io

Confirms that CVE-2025-14847, "MongoBleed," is being actively exploited in the wild. This mechanism enables attackers to remotely leak fragments of sensitive in-memory data without any valid credentials.

WatchGuard Firewalls RCE Vulnerability - bleepingcomputer.com

Reports on a critical Remote Code Execution vulnerability impacting over 115,000 WatchGuard Firebox devices. Highlights that the flaw is actively being exploited in ongoing attacks.

Livewire RCE via Unmarshaling - synacktiv.com

Uncovers a remote command execution vulnerability in Livewire, a widely used full-stack framework for Laravel. Stresses the significant impact due to Livewire's use in over 30% of new Laravel projects.

Kubernetes Attack Surface Deep-Dive - heilancoos.github.io

Provides a foundational overview of the extensive attack surface present in Kubernetes environments. Offers insights into various attack vectors and defensive considerations for securing Kubernetes deployments.

🎥 SecVideo #

Computerphile Explains Passkeys - youtube.com

Features a Computerphile explanation demystifying what passkeys are and how they function. Breaks down the underlying technology and security benefits of passkeys.

💻 SecGit #

AI Generates Python API Clients - github.com

Presents a "Claude engineer" tool designed to automate the process of reverse engineering APIs. The tool captures network traffic and generates functional Python API clients automatically.

← Back to Seclog