Seclog - #181

In this week's Seclog, Artificial Intelligence emerges as the central force dramatically reshaping the cybersecurity landscape, influencing both offensive and defensive strategies, while simultaneously expanding the attack surface. Several reports highlight the extraordinary capabilities of AI models and autonomous agents, such as Codex and Claude Opus, in discovering critical zero-day vulnerabilities and long-latent bugs in complex systems like FFmpeg and FreeBSD with unprecedented speed and cost-efficiency. This rapid advancement in AI-driven vulnerability research prompts an urgent re-evaluation of security engineering practices and vulnerability disclosure policies, advocating for accelerated remediation and automated patching. Concurrently, the integration of AI into development workflows and applications introduces novel attack vectors, exemplified by supply chain compromises targeting AI coding agents (Miasma worm), prompt injection vulnerabilities in LLM-integrated tools (ChatGPT for Google Sheets), and significant flaws in Meta's AI features leading to account takeovers. While traditional vulnerabilities like OAuth 2.0 attack chains, WAF bypasses, and argument injection persist, often amplified by incomplete patches or complex bug chains, the overarching narrative is clear: AI is not merely a new technology but a fundamental game-changer, demanding an evolution in security strategies to navigate its profound impact on vulnerability discovery, exploitation, and defense.

📚 SecMisc #

Agentic System Vulnerability Coverage Map - vuln.cs.berkeley.edu

This resource provides a daily updated coverage map of vulnerabilities specifically discovered by agentic AI systems. It offers a unique perspective on the evolving capabilities of AI in vulnerability research, tracking how effectively these systems identify security flaws from public CVE feeds.

📰 SecLinks #

Future of Security Engineering in AI Era - semgrep.dev

Traditional security practices are failing to keep pace with the exponential growth of code and vulnerabilities, largely driven by AI-assisted development. The article highlights the urgent need for security tools and methodologies to evolve, suggesting a shift towards adaptive and AI-integrated solutions to remain relevant and effective.

OAuth 2.0 Vulnerabilities and Attack Chains - blogs.jsmon.sh

OAuth 2.0 and OpenID Connect (OIDC) remain a prevalent source of vulnerabilities in production systems despite their widespread use. The article details specific attack chains including iss+sub confusion, redirect_uri path traversal, and token leakage via referer, providing insight into common misconfigurations and exploitation vectors in SSO and API access integrations.

HTTP/2 Framing Bypasses WAF Protection - lab.ctbb.show

The research discusses techniques for bypassing Web Application Firewalls (WAFs) by manipulating HTTP/2 framing. This indicates a potential blind spot for WAFs and highlights the need for deeper protocol-level inspection to prevent attacks.

Malicious Codex UI Tool Steals OpenAI Tokens - hackread.com

A popular Codex UI tool, downloaded 27,000 times, was found to secretly exfiltrate OpenAI refresh tokens. This highlights the risk of supply chain attacks within development tools, where seemingly legitimate applications can harbor malicious functionality, leading to credential compromise.

phpBB Blind SSRF via Web Push - hackerone.com

A critical vulnerability in phpBB was disclosed, detailing a blind POST Server-Side Request Forgery (SSRF) achievable through the Web Push feature. This exploit demonstrates how seemingly innocuous features can be abused to trigger internal network requests, potentially leading to information disclosure or further internal network attacks in cloud environments.

Samsung S25 APK Install Bug Chain - bugscale.ch

A complex five-bug chain in the Samsung Galaxy Store on the S25 allows for arbitrary local APK installation. This chain exploits weak signature verification, an unprotected exported receiver, path traversal, predictable randomness, and a denial-of-service bug, demonstrating how multiple seemingly minor flaws can combine for critical impact.

Cross-Site Scripting in Shazzer Tool - jorianwoltjer.com

The post details the discovery of an XSS vulnerability within Shazzer, a browser fuzzing tool. It highlights the use of Blob URLs as a technique to bypass content security policies and unsandbox malicious content, providing valuable insights into XSS exploitation methods.

Zero Trust Framework for AI Agents - claude.com

This article outlines a Zero Trust framework designed specifically for deploying autonomous AI agents within enterprise environments. It addresses emerging threats, proposes a tiered architecture, and suggests an eight-phase implementation workflow, including agentic SOAR, to secure the integration of AI.

Grafana Misconfiguration Led to Meta Repo Access - sectricity.com

A critical blog post details a five-hop bug chain originating from a misconfigured Grafana instance on a Meta IP. This chain ultimately allowed access to 507 private Meta repositories, illustrating the severe impact of seemingly minor misconfigurations when chained together.

AI Uncovers FreeBSD Kernel Vulnerabilities - blog.calif.io

An AI-driven audit of FreeBSD uncovered 15 kernel bugs, including three Remote Code Executions (RCEs), five Local Privilege Escalations (LPEs), and one bhyve escape. This demonstrates the growing efficacy of AI in identifying deep-seated and critical vulnerabilities within core operating system components.

Codex Uncovers Hidden HTTP/2 Compression Bomb - blog.calif.io

The article announces the discovery of a previously missed HTTP/2 "bomb" attack, uncovered by the AI system Codex. This attack leverages HTTP/2 header compression to create a denial-of-service vulnerability, demonstrating AI's capability to find sophisticated flaws even in well-reviewed protocols.

Gogs RCE via Argument Injection Still Unfixed - rapid7.com

Rapid7 researchers identified an authenticated Remote Code Execution (RCE) vulnerability in Gogs, exploitable via argument injection through a specially crafted branch name in pull requests. The fact that this vulnerability remains unfixed poses an ongoing risk for users, emphasizing the persistence of critical flaws when patches are not promptly applied or released.

Claude Code Supply Chain Attack via GitHub Actions - flatt.tech

Research details a critical vulnerability in Claude Code’s GitHub Actions that could allow attackers to compromise any repository using the Claude Code workflow, including Anthropic’s own. This highlights a severe supply chain attack vector through AI-integrated development workflows, especially concerning given that similar misconfigurations were actively exploited in the wild.

ChatGPT for Sheets Vulnerable to Data Exfiltration - promptarmor.com

The ChatGPT for Google Sheets integration is susceptible to data exfiltration and phishing overlay attacks. These attacks are triggered by an indirect prompt injection in a single sheet, demonstrating a critical vulnerability where AI assistants can be manipulated to compromise entire user accounts and sensitive workbook data.

Instagram Account Takeover Fiasco Examined - 0xsid.com

This article discusses a recent Instagram exploit that allowed account takeovers, labeling it as a "goofiest" exploit due to its unexpected nature. While specific technical details aren't provided in the snippet, it implies an unusual or easily overlooked vulnerability that led to significant account compromise.

Jellyfin RCE via FFmpeg Argument Injection - sonarsource.com

A remote code execution (RCE) flaw in Jellyfin is detailed, stemming from inconsistent validation that permits FFmpeg argument injection. This vulnerability allows for unauthenticated code execution, presenting a critical risk to systems running vulnerable Jellyfin instances.

Jellyfin RCE via FFmpeg Argument Injection - sonarsource.com

A remote code execution (RCE) flaw in Jellyfin is detailed, stemming from inconsistent validation that permits FFmpeg argument injection. This vulnerability allows for unauthenticated code execution, presenting a critical risk to systems running vulnerable Jellyfin instances.

Redis DarkReplica Use-After-Free RCE - zeroday.cloud

DarkReplica (CVE-2026-23631) is a critical post-authentication Use-After-Free vulnerability found in Redis's replication subsystem. This flaw allows arbitrary code execution by exploiting master-replica synchronization during Lua script execution, enabling control over the freed Lua engine.

VSCode Bug Enables 1-Click GitHub Token Theft - blog.ammaraskar.com

A significant vulnerability in VSCode allows for 1-click GitHub token stealing. This highlights a severe security risk within popular developer tooling, where a simple interaction can lead to the compromise of sensitive credentials and access to GitHub repositories.

LLM-Driven Vulnerability Research with Claude - claroty.com

Claroty Team82 demonstrated the effectiveness of LLM-driven vulnerability research using Anthropic’s Claude Opus 4.6. The AI model was instrumental in uncovering new vulnerabilities in a Zenitel video intercom platform, complementing prior manual research and showcasing the efficiency of AI in identifying security flaws.

Miasma Worm Supply Chain Attack on Microsoft AI Agents - stepsecurity.io

The Miasma worm campaign executed a supply chain attack targeting AI coding agents, leading to the disabling of 73 repositories across Microsoft's Azure GitHub organizations. The attack involved a malicious commit to Azure/durabletask, planting configuration files that execute credential-harvesting payloads when opened in popular AI-enabled development tools like Claude Code, Gemini CLI, Cursor, or VS Code.

Miasma npm Worm Bypasses Security Tools - stepsecurity.io

The Miasma worm is actively spreading across the npm registry through a novel supply chain attack utilizing binding.gyp to trigger code execution during npm install. This technique effectively bypasses conventional security tools that monitor package.json scripts, leading to the compromise of numerous packages and maintainer accounts.

Testing LLMs for Vulnerability Exploitation - kasra.blog

A researcher built a deliberately vulnerable application to test the capabilities of LLMs in reproducing common exploit classes. This experiment provides empirical data on the effectiveness and cost of using AI for offensive security research, specifically for identifying and exploiting known vulnerabilities.

AI Reshapes Vulnerability Disclosure Landscape - schneier.com

Melissa Hathaway's article argues that AI is fundamentally altering vulnerability discovery and remediation, with frontier AI models autonomously finding exploitable flaws at unprecedented speed. This necessitates a shift from reactive to coordinated national and international resilience efforts, emphasizing accelerated remediation, large-scale patch management, and investment in automated vulnerability repair before adversaries capitalize on this rapidly closing window.

AI Security Scanning Uncovers 17 Bugs - lalitm.com

AI security scanning efforts rapidly identified 17 bugs within a 10-week period, demonstrating its efficiency in uncovering vulnerabilities. This highlights AI's capability to address the "long tail" of software security, bringing much-needed attention to areas historically overlooked by human efforts due to scale or complexity.

Autonomous AI Agent Finds 21 FFmpeg Zero-Days - depthfirst.com

A production autonomous security agent from depthfirst discovered 21 zero-day vulnerabilities in FFmpeg, some latent for 15-20 years, even after intense human analysis. The agent not only identified these flaws but also generated concrete, reproducible Proof-of-Concept (PoC) inputs at significantly lower costs, including a working RCE exploit primitive, showcasing AI's advanced capability in zero-day discovery.

HTTP/2 DoS Chain Discovered by AI Codex - blog.kybervandals.com

This post discusses a new HTTP/2 Denial-of-Service (DoS) technique discovered by the AI system Codex, chaining two vulnerabilities previously known to humans for a decade. The attack, combining a compression bomb with another technique, highlights AI's capability to discover novel attack paths by connecting existing knowledge, posing a significant threat to internet infrastructure.

Incomplete Patches Lead to Recurring CVEs - pentesterlab.com

The article explains why security patches frequently fail to fully address their target vulnerabilities, focusing on incomplete fixes for SSRF and directory traversal CVEs. It emphasizes the importance of thorough patch analysis for security professionals to understand developer mistakes and enhance code review and web hacking skills.

Multiple Django Vulnerabilities Disclosed - openwall.com

This oss-security mailing list entry announces the disclosure of multiple CVEs affecting Django, specifically CVE-2026-6873, CVE-2026-7666, CVE-2026-8404, CVE-2026-35193, and CVE-2026-48587. The collective disclosure indicates a batch of critical security updates for the Django framework, necessitating immediate attention from developers to patch these vulnerabilities.

Practitioner's Guide to AI-Enhanced Hacking - caido.io

This guide provides practical insights into utilizing AI for enhanced hacking techniques, offering a resource for security practitioners. It suggests that AI can significantly augment offensive security operations, accelerating vulnerability discovery and exploitation.

🐦 SecX #

Meta AI Feature Allows Instagram Account Takeover - x.com

A Meta AI feature allowed attackers to hijack Instagram accounts, including high-profile ones like the official Obama White House account, using only a username. This vulnerability, active during A/B testing and non-disablable for affected users, underscores the severe risks associated with rapid AI deployment without robust security vetting, enabling widespread account compromise.

💻 SecGit #

Tesla Infotainment System Vulnerabilities Revealed - github.com

This GitHub repository details extensive vulnerability research on Tesla Model 3/Y infotainment systems, uncovering 6 vulnerabilities and 4 CVEs (CVE-2022-42005 to CVE-2022-42008). The findings include methods to achieve root shell access, persistent control, and even spoof insurance telemetry, demonstrating critical security risks in automotive software.

Anthropic Defending Code Reference Harness - github.com

This GitHub repository from Anthropic provides a reference harness for defending code, focusing on threat modeling, scanning, triage, and patching. It includes an autonomous scanning harness that can be customized, indicating a shift towards AI-powered defensive security operations.

PROMPTPurify: LLM Prompt Injection Guardrail - github.com

PROMPTPurify is an open-source prompt-injection guardrail designed for LLM applications, available on GitHub. It boasts a compact model that reportedly outperforms larger open-source alternatives without relying on regex or signatures, offering a potentially more robust defense against AI-specific attacks.