In this week's Seclog, the intersection of AI with cybersecurity takes center stage, showcasing both its potential for defense and new attack surfaces. AI is demonstrating prowess in vulnerability discovery, with Claude Code finding long-hidden Linux kernel flaws, and transforming security operations by enabling AI coders to function as SAST scanners. Concurrently, the mobile security landscape remains a critical focus, exemplified by the disclosure of a 1-click RCE on the Samsung S25 and ongoing research into Android kernel modifications. Supply chain attacks continue to pose significant threats, with a detailed look into the axios npm package compromise underscoring the pervasive risk of trojanized dependencies. Furthermore, foundational security practices are highlighted, from the importance of post-exploitation enumeration and WAF bypass techniques to the continuous evolution of vulnerability reward programs and the emerging OWASP Agentic Skills Top 10 for AI agents. However, funding challenges impacting initiatives like the Node.js bug bounty program remind us that effective security requires sustained investment.

📚 SecMisc #

Track AWS Managed IAM Policy Changes - iamtrail.com

This service provides a comprehensive archive and version history for all changes to AWS Managed IAM Policies. It's a critical tool for cloud security teams to proactively monitor for potential privilege escalation pathways or unintended permission alterations within their AWS environments.

📰 SecLinks #

LinkedIn Scans User Systems for Software - browsergate.eu

LinkedIn's website is reportedly executing hidden code to scan users' computers for installed software, collecting and transmitting this data to its servers and third-party cybersecurity firms. This practice raises significant privacy and security concerns regarding unauthorized system introspection and potential data exfiltration from user devices.

Samsung S25 1-Click RCE Achieved - bugscale.ch

Researchers successfully developed a 1-click Remote Code Execution (RCE) chain for the Samsung Galaxy S25, a critical achievement for Pwn2Own 2025. This demonstrates a severe vulnerability in a flagship mobile device, highlighting the potential for complete device compromise with minimal user interaction.

Node.js Bug Bounty Program Paused - nodejs.org

The Node.js project has announced the pausing of its Security Bug Bounty Program due to a lack of funding. This decision could significantly impact the proactive discovery and remediation of vulnerabilities in the widely used Node.js ecosystem, potentially leading to a slower response to security threats.

OWASP Top 10 for AI Agent Skills - owasp.org

The OWASP Agentic Skills Top 10 (AST10) identifies the most critical security risks inherent in agentic AI skills. This framework provides a crucial guide for addressing unique security challenges posed by AI agents' ability to access resources and orchestrate multi-step workflows autonomously.

Custom Android Kernel Compilation Guide - pwner.gg

This post details the intricate process of compiling a custom Android kernel for a OnePlus 6T, specifically to add debug instrumentation for security research on the Qualcomm WLAN driver. It offers invaluable insights for security researchers looking to perform low-level analysis and modification of Android system components and kernels.

AI Discovers Linux Kernel Vulnerability - mtlynch.io

A research scientist leveraged Claude Code to uncover multiple remotely exploitable security vulnerabilities in the Linux kernel, including one that lay undiscovered for 23 years. This demonstrates the significant potential of AI in advanced vulnerability research, capable of identifying deeply embedded flaws in critical and mature software.

Correction on Claude Code Leak Analysis - prabal.ca

This article provides a correction to earlier analysis, retracting claims of an agent-to-agent payment system in Claude Code, which was based on fabricated injected code in a leaked source copy. It highlights the critical importance of source integrity verification and caution when analyzing potentially tampered data in security research to avoid drawing erroneous conclusions.

Google VRP 2025 Year in Review - security.googleblog.com

Google's 2025 VRP year in review marks its 15th anniversary, emphasizing the program's continuous expansion and its value. The review underscores the critical role external security researchers play in enhancing Google's overall security posture and the success of long-running bug bounty initiatives.

OSINT Guide to Reddit Monitoring - osintcombine.com

This in-depth guide provides comprehensive techniques and tools for investigating and monitoring Reddit content for Open Source Intelligence (OSINT) gathering. It details how Reddit, as a platform, can offer unique insights for practitioners looking to leverage public discussions and user-generated content for intelligence purposes.

The State of Vulnerability Research - sockpuppet.org

This opinion piece discusses the evolving landscape and challenges currently facing vulnerability research. It provides a critical perspective on the current state of bug hunting, likely exploring the impact of AI, shifting market dynamics, and future trends in vulnerability discovery.

Axios npm Package Supply Chain Attack - socket.dev

This report details a supply chain attack on the axios npm package, where malicious versions included a trojanized plain-crypto-js dependency. It underscores how attackers compromise popular libraries through maintainer accounts to distribute malware, emphasizing the critical need for robust software supply chain security measures.

JavaScript Analysis for Pentesters - kpwn.de

This blog post summarizes essential techniques for JavaScript analysis, tailored for web application penetration testers based on five years of practical experience. It equips security professionals with methods to identify vulnerabilities by dissecting client-side code for hidden URLs, sensitive paths, secrets, and other exploitable information.

WAF Bypass and Misconfiguration Exploits - blog.quarkslab.com

This deep dive explores Web Application Firewall (WAF) bypasses, covering misconfiguration exploitation and the crafting of obfuscated payloads. It highlights critical parsing discrepancies between how a WAF processes requests and how backend systems execute them, demonstrating that WAFs are not foolproof and require careful tuning and understanding of bypass techniques.

Exploiting SVG for Clickjacking - lyra.horse

This blog post discusses SVG clickjacking, a technique that leverages Scalable Vector Graphics for malicious purposes. It likely explores how specially crafted SVG files can be used to overlay transparent or misleading elements, effectively tricking users into interacting with hidden UI components on web pages.

Wiz Report: Axios Supply Chain Attack - threats.wiz.io

This Wiz report details the supply chain attack on the axios npm package, where compromised maintainer accounts were used to publish malicious versions containing the plain-crypto-js trojan. It highlights the significant impact of such attacks, even with short exposure windows, due to the widespread adoption of compromised popular libraries in numerous projects.

🐦 SecX #

Claude Code Signing System Cracked - x.com

The cch= signing system used in Claude Code has been fully reverse engineered, credited to @ssslomp. This breakthrough allows open-source clients to enable users to utilize their existing Anthropic subscriptions with custom tools, bypassing official client restrictions.

💻 SecGit #

Mobile Security with AI Insights - github.com

This GitHub project, "LLMobile-v2," focuses on enhancing mobile security by integrating AI insights. It aims to leverage artificial intelligence for advanced threat detection and analysis in mobile environments, likely offering refined AI models and broader functionality to counter evolving mobile threats.

AI Coder as SAST Scanner - github.com

This repository provides a collection of agent skills specifically designed to transform an AI coder into a Static Application Security Testing (SAST) scanner. It enables automated code review and vulnerability detection directly within AI-driven development workflows, enhancing developer efficiency in identifying security flaws.

Offensive Security Toolkit for Claude - github.com

This GitHub repository hosts "red-run," an offensive security toolkit specifically designed for Claude Code. The tool enables red teamers and security researchers to effectively test and potentially exploit vulnerabilities within systems that integrate or rely on Claude's AI capabilities.

Axios npm Supply Chain Compromise Post-Mortem - github.com

This GitHub issue comment provides a detailed post-mortem regarding the axios npm supply chain compromise, where malicious versions delivered malware. It highlights critical risks associated with software supply chain security, showing that the distributed malware was similar to that dropped via malicious Zoom/Teams updates.

Axios Compromise Issue Comments - github.com

This comment on the axios GitHub issue provides additional community context and discussion regarding the recent supply chain compromise. It complements formal post-mortem analyses by offering real-time observations and insights from other security professionals or affected users about the incident.

Jsluice for JavaScript Analysis - github.com

jsluice is a BishopFox tool designed to automatically extract URLs, paths, secrets, and other interesting data from JavaScript code. This utility significantly aids security researchers and penetration testers in automating the reconnaissance phase of web application analysis, uncovering potentially sensitive information embedded in client-side scripts.

Pen Test Report Generation Tool - github.com

The faction GitHub repository presents an offensive security toolkit focused on streamlining pen test report generation and assessment collaboration. This tool assists security professionals by organizing findings and facilitating the production of structured, comprehensive reports during the post-engagement phase.

← Back to Seclog