Node.js Privilege Escalation - Permissions can be bypassed via arbitrary code execution through abusing libuv signal pipes. Read More
New VPN Backdoor - Analysis of a newly discovered VPN backdoor affecting multiple networks. Read More
Smartphone Security for Protesters - A guide for activists on securing their smartphones against surveillance. Read More
Docker 1-Click RCE Chain - Developing an exploit chain for remote code execution in Docker environments. Read More
BLAST AI-powered SAST Scanner - Whitepaper on BLAST, a new AI-powered static analysis security testing scanner. Read More
Enhancing OWASP Noir with AI - Leveraging large language models (LLMs) to improve OWASP Noir. Read More

DeepSeek Data Leak - DeepSeek's internal ClickHouse database was publicly exposed, leaking sensitive information. Read More
DeepSeek Database Breach - Wiz Research reports a massive security issue exposing secret keys and private logs. Read More
Malicious Web Injects - Analysis of new web inject malware campaigns, including #KongTuke and #SocGholish. Read More
2FA QR Code Security Flaw - A vulnerability exposing customer emails in plaintext due to a flawed QR code implementation. Read More

iOS Shortcuts Exploits - A collection of exploits and unknown tricks within the iOS Shortcuts app. Explore on GitHub
gitC2 - Simple GitHub C2 - Proof-of-concept of a GitHub-based command-and-control system written in Rust. Explore on GitHub
Physical Bitcoin Attacks - A comprehensive repository on physical security threats to Bitcoin holders. Explore on GitHub
OSV Scanner Action - A GitHub action to scan dependencies for known vulnerabilities using OSV. Explore on GitHub
Tweet Machine - A tool to retrieve deleted tweets, old bios, and timestamped posts even if an account is suspended. Explore on GitHub

For suggestions and any feedback, please contact: securify@rosecurify.com

Seclog - #111