ROSECURIFY

Seclog - #182

In this week's Seclog, the cybersecurity landscape reveals a significant confluence of AI's burgeoning role, sophisticated vulnerability exploitation techniques, and critical supply chain threats. Artificial intelligence is emerging as a double-edged sword, demonstrating its capability to accelerate vulnerability discovery and exploitation, even leading to substantial bug bounties against major tech infrastructures. This rapid evolution is prompting a reevaluation of traditional security practices, including the efficacy of standard vulnerability disclosure timelines. Furthermore, new research highlights severe vulnerabilities ranging from pre-authentication RCEs in enterprise systems like Splunk and XSS-to-RCE chains in platforms like MeshCentral, to intricate bypasses for SVG sanitizers and bitlocker encryption. The persistent challenge of exposed services, such as nearly a million unauthenticated RTSP streams, underscores widespread internet hygiene issues. Alongside these threats, dedicated efforts in offensive security tools and threat intelligence, like the Shai-Hulud framework and insights into the Phantom Mantis operation, continue to equip defenders and illustrate the complex nature of modern cyber adversaries.

Arbitrary Code Execution in objdump - blog.calif.io

This research details a novel method to achieve arbitrary code execution within objdump -g by exploiting specific vulnerabilities. It introduces "Relocation Oriented Programming" as a sophisticated technique for leveraging these flaws to gain control.

Shai-Hulud Offensive Framework Open-Sourced - securitylabs.datadoghq.com

This article announces the open-sourcing of the Shai-Hulud offensive framework, attributed to TeamPCP, providing an opportunity for defenders to study its mechanisms. A static analysis details its capabilities, including credential harvesting, supply chain poisoning, and data exfiltration techniques.

Client-Side JWT Security Toolkit - jwtforge.com

JWTForge introduces itself as an attacker-minded, fully client-side toolkit designed for comprehensive JWT security testing and attack simulations. A key feature is its commitment to privacy, ensuring all operations occur directly within the browser and no sensitive data ever leaves the client machine.

MeshCentral XSS to RCE Chain - techanarchy.net

This write-up details a complete exploit chain, demonstrating how a Cross-Site Scripting (XSS) vulnerability can be escalated to Remote Code Execution (RCE) within the MeshCentral platform. It also highlights the growing discussion around advanced models, like LLMs, potentially accelerating the discovery and exploitation of such vulnerabilities at scale.

Splunk Pre-Auth RCE (CVE-2026-20253) - labs.watchtowr.com

This research exposes a critical pre-authentication Remote Code Execution (RCE) vulnerability in Splunk Enterprise, tracked as CVE-2026-20253. The article provides a critical analysis of architectural shortcomings, specifically questioning the reliance on application-level authentication when robust database authentication mechanisms are often available.

Global Analysis of Exposed RTSP - modat.io

A global scan identified nearly a million RTSP video services exposed on the open internet, with a significant portion lacking any authentication. This widespread exposure poses severe privacy and security risks, enabling unauthorized access to live video feeds, including sensitive locations like server facilities and areas within conflict-affected countries.

AI-Powered Google Infrastructure Hacking - brutecat.com

This report details an experiment showcasing the effectiveness of using AI to scan and exploit vulnerabilities across Google's vast infrastructure. The project successfully uncovered numerous exploitable flaws across 1,500 APIs and 3,600 keys, ultimately leading to significant bug bounty payouts.

Phantom Mantis Operation Threat Intelligence - catalyst.prodaft.com

This in-depth threat intelligence report provides a comprehensive overview of "Phantom Mantis," a financially motivated threat group also known as ArmCorp and The Gentlemen, active since March 2025. It details the group's operational evolution, including its shift from a RaaS dependency to an independent partnership, and identifies key administrators and their aliases.

Next.js 0-Click SXSS via Reflection - zhero-web-sec.github.io

This research uncovers a 0-click Stored Cross-Site Scripting (SXSS) vulnerability affecting Next.js, which stems from issues related to excessive reflection and type confusion. The findings highlight how cache-related mechanisms within the framework can be maliciously manipulated to achieve persistent client-side code execution.

JSON Formatter Data Exposure Risks - beyondmemory.io

This post discusses the critical risks of data exposure that can arise from using online JSON formatter tools, potentially leading to the leakage of sensitive information. It underscores the necessity for security professionals to exercise extreme caution and implement secure practices when utilizing web-based tools that process any form of sensitive data.

Astro Config Blockchain C2 Attack - safedep.io

This analysis details a sophisticated supply chain attack executed through an obfuscated Immediately Invoked Function Expression (IIFE) embedded within astro.config.mjs. The attack leverages a multi-stage approach where the malicious code beacons an HTTP Command and Control (C2) server and then retrieves further staged commands from a Tron-to-BSC blockchain dead drop.

GoGatoZ: GitLab CI/CD Auditing - blackhillsinfosec.com

This article introduces GoGatoZ, a purpose-built Go tool designed for comprehensive security auditing of GitLab CI/CD pipelines. The tool automates the entire CI/CD kill chain analysis, providing advanced capabilities beyond what custom one-off scripts can achieve for identifying and assessing security weaknesses.

90-Day Disclosure Policy Obsolete - blog.himanshuanand.com

This opinion piece argues that the traditional 90-day responsible vulnerability disclosure policy is no longer sustainable in an era of rapidly evolving AI-driven exploit development. It advocates for immediate patching of critical security issues, urging the industry to treat such vulnerabilities as P0 due to significantly accelerated threat timelines.

Mozilla Stored XSS via SVG Bypass - profile-chi-jade.vercel.app

This research demonstrates a successful and sophisticated bypass of a three-layer SVG sanitizer implemented in Mozilla products. The findings detail how malicious actors can achieve stored Cross-Site Scripting (XSS) through clever manipulation of SVG content, highlighting the challenges of robust content sanitization.

Deriving PID from Random Numbers - blog.ikaes.de

This technical deep dive explores a highly intricate method for deducing Process IDs (PIDs) from seemingly random numbers generated by the operating system. It delves into the underlying mechanisms of OS internals and predictable patterns in number generation that could potentially be exploited for process enumeration.

Siri AI: Private Inference Limitations - blog.cryptographyengineering.com

This analysis examines the privacy implications associated with AI-powered agents like Apple's Siri, specifically focusing on the concept of "private inference." The author argues that current private inference techniques might not provide sufficient privacy guarantees for user data, raising concerns about the true confidentiality of personal interactions with AI assistants.

🎥 SecVideo #

Cloud Security in the AI Era - youtube.com

This event announcement from AI Connect Istanbul highlights the critical intersection of artificial intelligence and cloud security. It aims to foster knowledge sharing and discussions within the AI technology ecosystem regarding contemporary security challenges.

💻 SecGit #

Visa Vulnerability Agentic Harness - github.com

  • This repository from Visa introduces a "Vulnerability Agentic Harness," suggesting a framework designed to automate or assist in the discovery and analysis of software vulnerabilities.
  • Its "agentic" nature implies intelligent or autonomous capabilities in identifying potential security weaknesses.

GreatXML Bitlocker Bypass Vulnerability - git.projectnightcrawler.dev

  • This repository identifies and details a Bitlocker bypass vulnerability specifically linked to the GreatXML project.
  • It suggests a method to circumvent Bitlocker encryption through an XML-related attack vector, potentially allowing unauthorized access to encrypted data.

Axois Supply Chain CVE Analysis - github.com

  • This repository provides an in-depth analysis of CVE-2026-26555, focusing on a supply chain vulnerability affecting the popular axios HTTP client library.
  • It offers valuable technical insights and resources for understanding the impact and mitigation strategies for this critical supply chain attack vector.

openhackai - github.com

  • This entry notes that a prominent community member has starred the openhackai/openhack repository.
  • It signifies growing interest in projects that explore the intersection of artificial intelligence and hacking techniques.

Depx - github.com

  • This repository offers intelligence on malicious packages and supply chain threats.
  • It provides tools to detect and analyze compromised dependencies across various ecosystems.
  • Designed for security teams to proactively assess supply chain risks.
Subscribe to Seclog

Weekly security analysis direct to your inbox.

Share
← All Seclogs

Press / to search, Esc to close