"In cyberspace, the greatest victory is that which requires no battle but cripples the enemy’s network." - The Art of Cyber War

GitHub Action tj-actions/changed-files supply chain attack - The widely used GitHub Action was compromised, causing affected repositories to leak secrets in logs, tracked as CVE-2025-30066. - Read More
NEW No-Click Critical Vulnerability in Microsoft Windows: CVE-2025-21298 - A critical vulnerability in Microsoft Windows that doesn't require user interaction. - Read More
In-Depth Technical Analysis of the Bybit Hack - NCC Group provides a detailed technical breakdown of the Bybit cryptocurrency exchange hack. - Read More
PostgreSQL Exploit - OffSec details a new exploitation technique for PostgreSQL databases. - Read More
Harden-Runner detection: tj-actions/changed-files action is compromised - StepSecurity's report on the compromised GitHub action and detection methods. - Read More
Bypassing Web Filters Part 1: SNI Spoofing - Compass Security explores techniques to bypass web filters using SNI spoofing. - Read More
Lingua Diabolis | Analysis of CVE-2025-24813 Apache Tomcat Path Equivalence RCE - Detailed analysis of a remote code execution vulnerability in Apache Tomcat. - Read More
Welcome to Security Week 2025 - Cloudflare announces its annual Security Week event for 2025. - Read More

One leveraging invalid escapes - XSS payload technique using invalid escapes: parent'\a\l\ert' - Go X

akamai/CVE-2025-27636-Apache-Camel-PoC - Proof of concept for exploiting a vulnerability in Apache Camel. - Explore on GitHub
wh1ant/vulnjs - A collection of vulnerable JavaScript code samples for security testing and education. - Explore on GitHub
t0sche/cvss-bt - A tool for enriching the NVD CVSS scores to include Temporal & Threat Metrics. - Explore on GitHub

For suggestions and any feedback, please contact: securify@rosecurify.com

Seclog - #117