Seclog · Security Spotlight

Weekly curated security news, tweets, videos, and GitHub projects.

$1,000,000 bounty on KuCoin, Real World Crypto 2023, C2 Infrastructure, Remediating AWS IMDSv1, Security-by-Design and -Default, resocks, etc.

GCP Pentesting, AWS Nitro System Public Report, CVE-2023-32243, etc.

Spotlight: Redash SAML Auth Bypass, Secure Secure Shell, DNS Rebinding, wstunnel, etc.

Spotlight: XSS in cPanel, CVE-2023-29007, Google's 2FA sync, Penetrating the Cloud, etc.

Spotlight: Finding & Exploiting in H.264 Decoders, Fuzzing to JS, The Rule Of 2, Bypassing Amazon Kids+, DevOps threat matrix, LOLDrivers, etc.

Spotlight: Bing.com Hacked, NEAR SC Security Course, Advanced Phishing, Application of ChatGPT in Cybersecurity, CodeQL zero to hero, etc.

Spotlight: Securing CI/CD Pipelines, JMX Exploitation, CVE-2022-44268, Attack Surface Management, WAF Bypass, Vulnerability Remediation Concept, etc.

Spotlight: CircleCI Security Incident, Trail of Bits Security Audit, DNS Cache Poisoning in Chrome, Hacking/Secure CI/CD Pipeline, PostgreSQL-RCE, etc

Spotlight: OSV & Vulnerability Life Cycle, Unauthorized Issue on Github Secret, mock WebRTC traffic,Prompt Injection Attacks, Scaling Appsec Netflix.

Recent Advisories

RO-26-005 (CVE-2026-24489) Gakido - CRLF Injection
RO-26-004 (CVE-2026-23829) Mailpit - SMTP CRLF Injection via Regex Bypass
RO-26-003 (CVE-2025-XXXX (Pending)) feedyour.email - SQL Injection via Search Parameter
RO-26-002 (CVE-2026-22689) Mailpit - Cross-Site WebSocket Hijacking (CSWSH)
RO-26-001 (CVE-2026-21859) Mailpit - Server-Side Request Forgery (SSRF)