Seclog - #51

10 Dec 2023

Don't settle for a relationship that won't let you be yourself. — Oprah Winfrey

SSHGuard

How Did I Get Here?

re:Invent 2023 recap

The big lie of millions of information security jobs

Security for package maintainers

Dive into AI security!. Excited to share some incredible…

Legit Discovers "AI Jacking" Vulnerability in Popular Hugging Face AI Platform

Getting RCE in Chrome with incomplete object initialization in the Maglev compiler

CVE North Stars

New payload to exploit Error-based SQL injection - Oracle database

Unicode XSS via Combining Characters

Cybersecurity marketing: in need of fundamental change

We Hacked GitHub for a Month : Here’s What We Found

Kali Linux 2023.4 Release (Cloud ARM64, Vagrant Hyper-V & Raspberry Pi 5)

I Hacked Magic the Gathering: Arena for a 100% Winrate

AI and Mass Spying

Argument injection vulnerability in multiple Atos Unify OpenScape products

Deep dive into the new Amazon EKS Pod Identity feature

Blind CSS Exfiltration: exfiltrate unknown web pages

+1500 HuggingFace API Tokens were exposed, leaving millions of Meta-Llama, Bloom, and Pythia users vulnerable

Gadgets chain in Laravel

New Bluetooth Attack

ODDFuzz: Hunting Java Deserialization Gadget Chains via Structure-Aware Directed Greybox Fuzzing

deadbits/vigil-llm

k8sgpt-ai/k8sgpt

rootcathacking/catspin

research-virus/stuxnet.

onhexgroup/Conferences

asset-group/5ghoul-5g-nr-attacks