In this week's Seclog, a significant theme revolves around the emergent security challenges introduced by advanced AI agents, with reports highlighting successful prompt injection attacks against systems like Claude and continuous hardening efforts for ChatGPT Atlas, alongside discussions on agentic AI's potential as a pervasive surveillance tool. Simultaneously, traditional software and infrastructure remain fertile ground for attackers, as evidenced by critical zero-day vulnerabilities in widely deployed devices like XSpeeder's SXZOS firmware and persistent implementation errors in cryptographic tools like GnuPG and libsodium. The ongoing threat of ransomware, exemplified by legal action against ALPHV BlackCat operators and fresh intelligence on Medusa Locker, underscores the persistent malicious landscape. However, the security community continues to innovate with new open-source tools for application security testing, race condition exploitation, and red teaming, alongside detailed technical deep dives into existing bypasses and novel fuzzing techniques for complex targets like Qualcomm GPU drivers. This mix of new AI-driven risks and enduring traditional vulnerabilities necessitates a proactive and adaptive approach to cybersecurity.

📰 SecLinks #

GnuPG and Crypto Tools Flawed - heise.de

Security researchers discovered 14 implementation vulnerabilities across GnuPG and three other cryptographic tools. These flaws do not undermine the fundamental security of cryptographic methods but highlight critical errors in their concrete software implementation, with many remaining unfixed.

OpenAI Hardens ChatGPT Atlas Against Prompt Injection - openai.com

OpenAI is actively hardening ChatGPT Atlas against prompt injection, which is identified as a significant risk for the "agent in the browser" paradigm. Agent mode allows ChatGPT to view webpages and take actions within the browser, making AI security paramount as it becomes a high-value target for adversarial attacks.

Claude Chrome Extension Threat Analysis - labs.zenity.io

This analysis maps the attack surface of agentic browser extensions like Claude in Chrome, where the AI agent, not the user, is in control. The shift to agentic browsers introduces novel risks and demands a new security threat model beyond traditional browser security.

PHP Code with 7 Characters - splitline.github.io

This content demonstrates the ability to write and execute PHP code using only 7 distinct characters. It highlights advanced obfuscation techniques and the potential for code execution in highly constrained or filtered environments.

ALPHV BlackCat Ransomware Attackers Plead Guilty - justice.gov

Two individuals with sophisticated cybersecurity training pleaded guilty to committing ransomware attacks using ALPHV BlackCat. The Department of Justice emphasizes its commitment to identifying and prosecuting perpetrators of ransomware attacks globally.

Libsodium Vulnerability Disclosed - 00f.net

A vulnerability in the libsodium cryptographic library has been disclosed, stemming from an implementation error rather than a cryptographic weakness. This incident reinforces that even libraries designed for simplicity and high-level APIs can contain exploitable flaws in their concrete execution.

Grafana CVE-2025-6023 Bypass Details - blog.ethiack.com

A bypass for CVE-2025-6023 in Grafana, an open redirect vulnerability, has been detailed, which could lead to XSS and account takeover. The vulnerability was discovered and remediated across customer bases by a research team 24 days prior to public advisory, highlighting effective pre-patch remediation strategies.

CloudFlare Workers for Red Teams - blog.zsec.uk

This article demonstrates how CloudFlare Workers can be utilized by red teams for Conditional Access Payload Delivery (CAPD). It provides a highly available and rapidly updatable method for delivering arbitrary content, allowing for custom access restrictions without a traditional server setup.

XSpeeder SXZOS Unauthenticated Root RCE - pwn.ai

A zero-day unauthenticated root RCE (CVE-2025-54322) has been discovered in XSpeeder SXZOS firmware, affecting over 70,000 edge devices globally. This critical vulnerability targets devices like routers and SD-WAN appliances, posing a significant risk to remote industrial and branch environments.

Revisiting Medusa Locker Ransomware - theravenfile.com

Research indicates ongoing activity for Medusa Locker ransomware, with old TOR domains redirecting to new Onion URLs and new samples being found. This suggests a potential resurgence or continued operation of the Medusa Locker ransomware group, requiring updated defensive measures.

Debugging DNS with Tshark - isc.sans.edu

This post outlines how to use tshark to effectively inspect and summarize DNS traffic. It provides practical steps for debugging DNS response times, which is critical for network troubleshooting and identifying potential performance or security anomalies.

Cybersecurity Outlook 2026 Predictions - danielmiessler.com

CISOs are facing an unscalable challenge with human teams against increasingly sophisticated and relentless attackers. The core competition in 2026 will be the speed at which organizations can perform asset, attack surface, and vulnerability management, especially at the perimeter.

🐦 SecX #

Claude Security Bypass via Prompt Injection - x.com

A security researcher successfully bypassed Claude's security review by injecting prompts within code comments. This technique convinced Claude that a blatant SQL injection vulnerability was a false positive, highlighting the current limitations of AI security mechanisms against creative adversarial input.

CellMapper for Mobile Network Coverage - x.com

This post introduces CellMapper, a free, crowdsourced tool for mapping 2G/3G/4G/5G mobile tower locations and coverage. It is a useful resource for intelligence gathering, reconnaissance, or physical security assessments related to mobile network infrastructure.

🎥 SecVideo #

WhatsApp 0-Click Vulnerability Reverse Engineering - youtube.com

This video focuses on the reverse engineering process of a WhatsApp 0-click vulnerability. It is highly relevant for security researchers and reverse engineers looking to understand advanced mobile application exploitation techniques.

Fuzzing Qualcomm GPU Drivers in QEMU - media.ccc.de

Researchers virtualized the Qualcomm Android kernel and KGSL graphics driver in QEMU to enable deep debugging and large-scale fuzzing of GPU drivers. This approach helps mitigate kernel escalation risks by efficiently finding bugs in GPU drivers, which are common final escalation vectors on Android devices.

Agentic AI Poses Surveillance Threat - media.ccc.de

This presentation argues that the integration of agentic AI into operating systems and applications (e.g., Microsoft's "Recall") fundamentally shifts control away from users. Such systems create OS-level surveillance and high-value targets for attackers, posing existential threats to privacy guarantees and eroding individual autonomy.

💻 SecGit #

jsscm GitHub Repository Starred - github.com

This entry notes a GitHub user starring the sametsahinnet/jsscm repository. It reflects community interest in this specific software project, often indicating active development or utility.

File-Tunnel for TCP Connections - github.com

This repository provides a tool to tunnel TCP connections directly through a file. This technique can be used for covert communication, data exfiltration, or establishing channels in highly restricted network environments.

XSpeeder SXZOS RCE Scanner - github.com

This repository offers a multi-threaded vulnerability scanner for CVE-2025-54322, an unauthenticated remote code execution flaw in XSpeeder SXZOS firmware. Security professionals can use this tool to quickly identify vulnerable XSpeeder devices across a network, aiding in rapid assessment and remediation efforts.

Reaper Application Security Framework - github.com

Reaper is an open-source application security testing framework that integrates reconnaissance, request proxying, tampering, active testing, and vulnerability validation. Engineered for modern app security, it streamlines the security testing workflow and is designed for potential AI integration.

Custom Semgrep Rules for Vulnerabilities - github.com

This repository contains a collection of custom Semgrep rules designed for vulnerability detection in Swift, Java, and COBOL source code. These rules aim to reduce false negatives by providing additional patterns that augment official Semgrep rules, enhancing static analysis capabilities.

Docker Desktop ECI Bypass PoC - github.com

A public Proof-of-Concept for CVE-2025-9074 is available, demonstrating a critical vulnerability in Docker Desktop. This flaw allows Linux containers to bypass Enhanced Container Isolation and connect to the Docker Engine API, potentially leading to unauthorized access to host user files with a High Risk rating.

TRECO for Race Condition Exploitation - github.com

TRECO is a Tactical Race Exploitation & Concurrency Orchestrator designed for precise concurrent HTTP attacks. It enables security researchers to reliably trigger and exploit race conditions in web applications with sub-microsecond timing accuracy, supporting both Python 3.10+ and GIL-free Python 3.14t.

← Back to Seclog