Seclog - #179

In this week's Seclog, the security landscape is heavily influenced by the burgeoning role of artificial intelligence, both as a critical new attack surface requiring robust defense strategies and as an emerging tool for vulnerability discovery and red teaming. Simultaneously, traditional yet potent vulnerabilities continue to pose significant threats, with multiple disclosures detailing critical SQL injection flaws, remote code execution in widely used platforms like Drupal and Apache, and intricate account takeover techniques leveraging JWT and OAuth mechanisms. A strong emphasis is placed on proactive supply chain security, highlighting the reactive nature of CVEs and the need for earlier detection within CI/CD pipelines. Furthermore, the reports showcase advanced exploitation techniques, from browser sandbox escapes to cloud infrastructure compromise, alongside insights into the evolving dynamics of bug bounty programs and the challenges presented by AI in CTFs.

📚 SecMisc #

Flipper One vs. Flipper Zero Comparison - mobile-hacker.com

Compares the Flipper One with the Flipper Zero, detailing advancements and new features such as the Flipper One's capability as a portable Linux PC.

HTTP Proxy for Secret Management - blog.exe.dev

Argues for the strategic placement of secret management within an HTTP proxy, particularly for handling third-party integrations.
Highlights how proxies can securely manage HTTP headers to prevent sensitive data exposure.

📰 SecLinks #

The Downfall of Bug Bounties - shubs.io

Examines the current challenges and evolving landscape of bug bounty programs, discussing factors that may contribute to their perceived decline. Explores the experiences of researchers and platforms, potentially touching on reward structures and submission quality.

RITSEC CTF: Humans vs. LLMs - sylvie.fyi

Explores the difficulties and successes of organizing a Capture The Flag (CTF) competition specifically designed to challenge human participants against LLM-driven adversaries or solutions. Provides insights into designing competitive hacking events that account for AI's capabilities, aiming to maintain a focus on human ingenuity.

Securing Enterprise LLM Deployments - fortbridge.co.uk

Provides a comprehensive guide on best practices for securing Large Language Model (LLM) implementations within an enterprise context. Covers critical areas such as secure deployment strategies, effective threat mitigation techniques, robust governance frameworks, and continuous monitoring requirements for AI systems.

Critical SQL Injection in Drupal PostgreSQL - yeswehack.com

Details a highly critical SQL injection vulnerability (CVE-2026-9082) impacting Drupal installations when utilizing PostgreSQL as the backend database. Highlights a severe flaw allowing arbitrary database interaction by unauthenticated users, potentially leading to data compromise or unauthorized access to the system.

Benchmarking LLMs for Pentesting - purpleshift.io

Presents a comparative analysis evaluating the performance of multiple local Large Language Models (LLMs) in their ability to identify security vulnerabilities. Demonstrates the practical application and effectiveness of AI models in automated penetration testing and security assessment scenarios.

JWT Algorithm Confusion to Account Takeover - blogs.jsmon.sh

Analyzes three critical attack classes against JSON Web Tokens (JWTs): RS256 to HS256 algorithm confusion, JKU injection, and kid SQL injection. Explains how these vulnerabilities, responsible for multiple recent CVEs, can be weaponized to forge tokens and achieve full account takeover in modern web applications and APIs.

Redirect Discrepancies Leak URL Secrets - ethiack.com

Uncovers a novel technique to exfiltrate sensitive information embedded in URLs by exploiting inconsistencies in how different systems handle HTTP redirects. Details how secrets can be leaked through carefully crafted redirect chains, posing a risk to data confidentiality.

Apache.NMS.AMQP Deserialization RCE - core-jmp.org

Describes CVE-2025-54539, an unauthenticated Remote Code Execution (RCE) vulnerability found in Apache.NMS.AMQP (versions ≤ 2.3.0). Explains how a 290-byte AMQP message can bypass deserialization policies, triggering BinaryFormatter execution for arbitrary command execution on .NET clients.

Google Cloud RCE Earns Big Bounty - brutecat.com

Details "StubZero," a significant Remote Code Execution (RCE) vulnerability discovered in Google Cloud's production environment. Highlights a high-impact bug bounty discovery, illustrating critical weaknesses in complex cloud infrastructure that can lead to substantial payouts.

Red Teaming Cloud with Neo - projectdiscovery.io

Introduces "Neo," a tool or methodology designed for red-teaming cloud infrastructure environments. Focuses on techniques and strategies for simulating advanced attacks to effectively assess the security posture and resilience of cloud deployments.

Pwn2Own Berlin 2026 Concludes - zerodayinitiative.com

Summarizes the final day of Pwn2Own Berlin 2026, highlighting the last successful exploits demonstrated against enterprise systems. Reports on the conclusion of the event, showcasing cutting-edge vulnerability research and announcing the "Master of Pwn" winner.

Drupal Core Anonymous SQLi (CVE-2026-9082) - slcyber.io

Provides a detailed technical analysis of SA-CORE-2026-004 (CVE-2026-9082), a highly critical anonymous SQL injection in Drupal core. Emphasizes the severity of the flaw, which allows unauthenticated users on PostgreSQL-backed Drupal deployments to gain significant control over the database.

Browser Sandbox Escape via Windows Kernel Write - voidsec.com

Presents a technical analysis of CVE-2026-40369, detailing a browser sandbox escape vulnerability on Windows. Explains how a minimal 12-byte write into the Windows kernel via NtQuerySystemInformation can be leveraged from a browser sandbox to achieve SYSTEM privileges.

Android Wireless Debugging RCE - mobile-hacker.com

Outlines a method to achieve Remote Code Execution (RCE) on Android devices by exploiting wireless debugging functionalities. Details the complete attack chain, from gaining initial network access to obtaining a shell on the target device.

Recurring Package Manager CWEs - nesbitt.io

Analyzes common weakness enumerations (CWEs) that frequently appear across various software package managers. Highlights fundamental design and implementation flaws that contribute to supply chain vulnerabilities, emphasizing the need for robust security in package management.

0xV01D CTF 2026 Writeup - kore.one

Provides a detailed write-up for the "Action Packed" challenge from the 0xV01D CTF 2026, focusing on a Next.js web application utilizing App Router and Server Actions. Explains a critical vulnerability that allowed bypassing restrictions on a token generator function, leading to unauthorized access.

Bypassing Chrome's Sanitizer API - slcyber.io

Details two distinct methods to bypass the security mechanisms of Chrome's recently introduced Sanitizer API. Demonstrates how both the API's default and customizable modes can still be circumvented, posing risks for Cross-Site Scripting (XSS) prevention.

Apache OFBiz Auth Bypass RCE - aretiq.ai

Discloses CVE-2026-45434, a critical authentication bypass in Apache OFBiz's LoginWorker.checkLogin() that leads to Remote Code Execution (RCE). Explains how an attacker can bypass a forced password change and execute arbitrary commands by injecting a specific HTTP request parameter and exploiting an insecure ProgramExport.groovy.

Supply Chain Attacks Pre-CVE - mendral.com

Argues that traditional CVE-based scanning is insufficient for timely detection of supply chain attacks, as compromises often occur before CVEs are officially issued. Advocates for proactive, agent-based detection of dependency changes at the pull request (PR) stage to prevent compromise and mitigate npm and Actions attacks.

1-Click Account Takeover via Client-Side Path Traversal - patrickbatman.hashnode.dev

Details a critical client-side path traversal vulnerability that enabled a one-click account takeover on a significant platform. Underscores the importance of securing client-side logic, as seemingly minor flaws can escalate into severe security compromises.

OAuth Redirect Bypass Account Takeover - naaaash.github.io

Explores an OAuth redirect bypass vulnerability that, stemming from the manipulation of a single @ symbol in redirect URIs, led to a one-click account takeover. Demonstrates how subtle flaws in OAuth implementation can allow token exfiltration and complete account compromise.

Razor SSTI to RCE Chain - phsi.se

Details a technical exploit chain for achieving Remote Code Execution (RCE) by leveraging a Server-Side Template Injection (SSTI) vulnerability in Razor. Explains the use of reflection and runtime string manipulation as key techniques to escalate the initial SSTI vulnerability to full RCE.

🎥 SecVideo #

DEF CON: Bugs Finding You - youtube.com

Features Jasmin "JR0ch17" Landry, a full-time bug bounty hunter, sharing personal experiences and unusual stories from bug discovery at DEF CON 33's Bug Bounty Village. Offers insights into the real-world aspects of vulnerability research and the often serendipitous nature of finding impactful bugs.

💻 SecGit #

Deepsec: AI-Powered Code Security Harness - github.com

Introduces Deepsec, a security harness that leverages "coding agents" to automatically find vulnerabilities within a codebase. Highlights the growing trend of integrating AI for automated security testing and proactive vulnerability discovery in development pipelines.

aimap: Discover Exposed AI Services - github.com

Presents aimap, a tool developed by BishopFox designed to scan and discover publicly exposed AI services. Assists security teams in mapping potential attack surfaces related to their AI/ML deployments and identifying misconfigurations.

Awesome LLM Supply Chain Security List - github.com

Curates an extensive list of awesome resources, including papers, security reports, and CVEs, specifically focused on Large Language Model (LLM) supply chain security. Serves as a valuable reference for researchers and practitioners interested in securing the entire development and deployment lifecycle of LLMs.

MCParasite: Context Worm Testing Framework - github.com

Introduces MCParasite, a universal security testing framework designed for "MCP Context Worms." Aims to provide tools and methodologies for identifying and exploiting contextual vulnerabilities in complex, interconnected systems, potentially focusing on microservices.

Smokedmeat: CI/CD Red Team Framework - github.com

Presents "smokedmeat," a CI/CD Red Team Framework designed to demonstrate and assess security risks within build pipelines. Provides practical tools and methodologies for evaluating the security posture of continuous integration/delivery environments through simulated attacks.

Bumblebee: Supply Chain Compromise Scanner - github.com

Introduces "Bumblebee," a read-only scanner for developer endpoints, focusing on on-disk package, extension, and developer-tool metadata. Aims to identify early exposure to known software supply-chain compromises, acting as a proactive early warning system for development environments.