In this week's Seclog, the cybersecurity landscape is markedly shaped by the rapid advancements and inherent risks of artificial intelligence, with new AI models like Claude C2 demonstrating remote access capabilities and emerging tools leveraging AI for vulnerability discovery and penetration testing. Concurrently, the increasing reliance on AI also introduces new attack vectors, as highlighted by a tracker for AI-generated code vulnerabilities and novel defenses against prompt injection. Cloud environments continue to be a focal point for researchers, revealing critical flaws in AWS services such as Bedrock AgentCore's sandbox bypass and domain verification issues in the AWS Security Agent, alongside demonstrations of ransomware simulations via AWS KMS. Traditional web application security remains paramount, with significant disclosures including unauthenticated RCE in Magento, persistent XSS/RCE in Storybook, and zero-click account takeovers. Moreover, sophisticated and persistent threat campaigns, like TeamPCP's supply chain attacks and the Glassworm operator's infrastructure rotation, underscore the ongoing need for vigilant monitoring and robust defensive strategies across all facets of the digital infrastructure.

Understanding the Cyber Kill Chain Framework - www.picussecurity.com

This resource provides an explanation of the Cyber Kill Chain, a foundational cybersecurity framework that outlines the linear stages of an attack, from initial reconnaissance to objective completion. It is a valuable tool for security professionals to understand threat actor methodologies and implement defenses at each phase of an attack.

RSAC Trends and Product Commentary - blog.thinkst.com

This post offers commentary on the recurring themes and perceived quality of products at the RSA Conference (RSAC), touching upon general infosec trends. It provides a critical perspective on the industry's direction and the practical value of showcased solutions.

📰 SecLinks #

Unauthenticated RCE via Magento PolyShell Vulnerability - slcyber.io

An unauthenticated file upload vulnerability (PolyShell, APSB25-94) has been discovered in Magento, a widely used e-commerce platform, leading to potential Remote Code Execution (RCE) on over 130,000 websites. This flaw specifically impacts production versions of Magento, as Adobe Commerce (the enterprise offering) receives automatic patching, highlighting a critical patch gap for self-hosted instances.

Zero-Click Account Takeover Via MessagePort Injection - labs.trace37.com

Researchers uncovered a zero-click, cross-origin account takeover vulnerability impacting hundreds of millions of users, stemming from three overlooked flaws in postMessage + MessageChannel login architectures. This attack bypasses standard protections like PKCE, demonstrating new risks in inter-frame communication.

Persistent XSS/RCE in Storybook WebSockets - www.aikido.dev

A persistent Cross-Site Scripting (XSS) and Remote Code Execution (RCE) vulnerability (CVE-2026-27148) has been identified in Storybook, an open-source UI component development tool. The flaw specifically targets the WebSocket-powered story creation and editing functionality, particularly in versions 8.1 and later that allow direct browser editing.

AWS Security Agent Domain Verification Flaw - blog.richardfan.xyz

A domain verification flaw in AWS Security Agent's private web app pentesting functionality allows attackers to manipulate private DNS zones. This manipulation can trick the agent into performing pentests against public domains the attacker does not own, effectively enabling the abuse of the security agent for unauthorized external scans.

AWS Bedrock AgentCore Sandbox DNS Bypass - www.beyondtrust.com

Phantom Labs identified a vulnerability in AWS Bedrock AgentCore Code Interpreter's sandbox mode, where allowed DNS queries enable a bypass of network isolation. This flaw facilitates DNS-based command-and-control, allowing attackers to exfiltrate data or control the sandboxed environment despite intended security measures.

SQL Injection in Spring AI MariaDB Vector Store - blog.securelayer7.net

A critical SQL Injection vulnerability (CVE-2026-22730) has been discovered in Spring AI when using MariaDB as a vector store, particularly impacting RAG pipelines with metadata-based access control. This flaw could allow unauthorized data retrieval, bypassing granular access controls designed to restrict sensitive information based on user roles.

Reverse Engineering Apple's Silent Security Fixes - blog.calif.io

This research delves into Apple's Rapid Security Responses (RSR), a mechanism introduced to deliver urgent patches outside of full OS updates, which was quickly shelved due to unexpected compatibility issues with User-Agent parsing. The analysis highlights the challenges of implementing agile patching mechanisms and the ecosystem-wide impact of seemingly minor changes.

Vibe Security Radar Tracks AI Vulnerabilities - vibe-radar-ten.vercel.app

Vibe Security Radar serves as a public resource documenting real-world CVEs where the vulnerability was directly introduced by AI-generated code. This resource is crucial for understanding the emerging attack surface and risks associated with AI-assisted software development, providing concrete examples of AI-induced security flaws.

Simulating Ransomware Attacks Using AWS KMS - heilancoos.github.io

This research demonstrates how AWS Key Management Service (KMS) can be misused to simulate ransomware attacks, exploiting customer misconfigurations in key management. It emphasizes the "shared responsibility model," where AWS secures the service itself, but customers are responsible for proper key protection and usage, highlighting a critical area for cloud security hardening.

Unrestricted File Upload in Magento via PolyShell - sansec.io

The PolyShell vulnerability enables attackers to upload executable files to Magento and Adobe Commerce stores via the REST API, leading to potential Remote Code Execution (RCE) or stored Cross-Site Scripting (XSS) for account takeover. Critically, no official patch is yet available for many production versions, leaving numerous e-commerce sites exposed.

Linux Rootkit Evolution and Hooking Techniques - www.elastic.co

Elastic Security Labs presents an exploration of Linux rootkit taxonomy and their evolution, detailing techniques from userland shared object hijacking and kernel-space Loadable Kernel Module (LKM) hooking to modern eBPF- and io_uring-powered methods. This research provides crucial insights into advanced stealth and persistence mechanisms used by sophisticated threats on Linux systems.

TeamPCP Supply Chain Campaign Details - ramimac.me

This incident timeline details the "TeamPCP" supply chain campaign, a multi-week, multi-ecosystem attack chain compromising platforms like GitHub Actions, Docker Hub, npm, PyPI, and OpenVSX. Key security tools such as Aqua's Trivy and Checkmarx KICS, along with LiteLLM, have been impacted, underscoring the broad reach and critical nature of this campaign.

Glassworm Operator Evades Decommission Signal - codeberg.org

Analysis of the "Glassworm" campaign reveals the operator is actively rotating infrastructure and persisting attacks despite a perceived "wind-down" signal, indicating selective bot management rather than true decommissioning. The attackers are leveraging stolen credentials to inject new GitHub repositories and establish new C2 servers via Solana memos and port scanning.

Enhance Bug Bounty with Claude Hacking Skills - clawd.it

This article introduces "h1-brain," an MCP server that integrates personal HackerOne bounty history and public disclosures into a local SQLite database, making it queryable by Claude. This tool enables security researchers to leverage AI for more strategic bug bounty hunting by analyzing past findings and identifying promising areas within target scopes.

Intent-Based Access Control Defends LLMs - ibac.dev

Intent-Based Access Control (IBAC) is proposed as a novel defense against prompt injection attacks, shifting focus from detecting attacks to making them irrelevant by enforcing permissions based on explicit user intent. IBAC deterministically controls tool invocations, blocking unauthorized actions even if the LLM's reasoning is compromised by injected instructions.

AWS Security Agent Penetration Testing Capabilities - aws.plainenglish.io

This overview details AWS Security Agent, announced at re:Invent 2025, as an automated "teammate" for continuous application testing, complementing human pentesters. The agent focuses on Design Review, Code Review, and Penetration Testing, with a particular emphasis on its capabilities for automated penetration testing to identify common vulnerabilities.

Google Firebase Studio XSS Disclosed - ndevtk.github.io

This write-up details a Cross-Site Scripting (XSS) vulnerability discovered in Google Firebase Studio, which resulted in a $7500 bounty and was subsequently deprecated. It offers insights into specific XSS vectors within Google's cloud development environment.

Abusing Browser Features for Phishing - certitude.consulting

This research explores how modern browser features and default-allowed APIs can be abused to create highly convincing phishing attempts without explicit user consent. It highlights the expanded attack surface of client-side web applications and the challenge of distinguishing legitimate from malicious functionalities.

AprielGuard Tested Against Adversarial Attacks - www.lasso.security

AprielGuard, an 8-billion-parameter open-source AI model designed as a unified guardrail layer, has been tested against 1,500 adversarial attacks to evaluate its effectiveness in detecting safety risks and preventing malicious prompts. This highlights efforts to secure AI systems and monitor agent behavior in modern AI workflows.

Claude Mythos: AI Security Research - m1astra-mythos.pages.dev

The "Claude Mythos" page likely represents a collection of research or findings related to the security capabilities, vulnerabilities, or general understanding of Claude AI. While the snippet is minimal, the context from other AI-related articles suggests this is a deeper dive into Claude's operational aspects.

Pentest-AI: Claude Code Offensive Assistant - 0xsteph.github.io

This resource introduces "pentest-ai," a framework featuring six specialized AI subagents designed to assist in penetration testing through Claude Code. It streamlines various offensive security tasks, including engagement planning, reconnaissance analysis, exploit research, detection building, STIG checks, and report writing, enhancing the efficiency of security professionals.

File Upload Bypass to Admin Account XSS - kurtisebear.com

This article details an attack chain exploiting a file upload bypass combined with a stored Cross-Site Scripting (XSS) vulnerability to achieve administrative account creation. This demonstrates a critical path for escalating privileges through multiple layered vulnerabilities, leading to full application compromise.

Google Cloud Looker RCE via Directory Deletion - flatt.tech

A Remote Command Execution (RCE) vulnerability was discovered in Google Cloud's Looker product, stemming from improper directory validation during Git repository management. This flaw allows an attacker to delete the repository directory while concurrently triggering Git operations, leading to RCE by manipulating the timing of these actions.

🐦 SecX #

Claude C2 Remote Access Alarms C2 Vendors - x.com

This indicates a significant advancement in AI capabilities, where models like Claude C2 are gaining direct "Computer use + remote access" functionalities, potentially disrupting traditional C2 (Command and Control) operations by offering new, automated methods for interaction and control, which could be leveraged in both offensive and defensive security contexts.

TeamPCP Post-Exploit IOCs Revealed - x.com

A Kudelski IR writeup, brought to light by Rami McCarthy, provides the first known post-exploit Indicators of Compromise (IOCs) for the TeamPCP campaign. TrufflesHog scans traced back to an attacker's VPS, revealing file shares, target lists, and MinIO storage, offering critical hunting intelligence for defenders.

🎥 SecVideo #

Claude AI Skills for Bug Bounty Hacking - www.youtube.com

This podcast episode discusses "Claude Skills for Hacking," detailing how AI, specifically Claude, can be leveraged by bug bounty hunters. It covers practical applications and strategies for integrating AI into the vulnerability discovery process, enhancing a researcher's capabilities.

💻 SecGit #

VulnHuntr: LLM-Powered Zero-Shot Vulnerability Discovery - github.com

VulnHuntr is a GitHub repository showcasing a tool for "zero-shot vulnerability discovery" utilizing Large Language Models (LLMs). This indicates an emerging capability for AI to identify security flaws in code without prior specific training, potentially accelerating initial vulnerability assessments.

Grapefruit GitHub Repository Highlighted - github.com

The GitHub repository ChiChou/grapefruit has been highlighted, suggesting a potential new tool or project of interest within the security community. Further investigation into its contents would be required to determine its specific utility or contribution.

← Back to Seclog