Seclog - #118

"In cyber warfare, deception is the strongest firewall." - The Art of Cyber War

📚 SecMisc

• Secure messaging, anywhere - Briar - Censorship-resistant peer-to-peer messaging that bypasses centralized servers with end-to-end encryption. Latest release: Briar 1.5.14 (March 5, 2025)13

• tmp.0ut Volume 4 - A collection of articles on ELF binaries, Linux kernel rootkits, and various security topics2

📰 SecLinks

• Next.js and the corrupt middleware - Critical vulnerability allowing complete bypass of authentication and authorization protections in Next.js middleware implementations - Read More

• Wiz to Join Google Cloud - Cloud security leader Wiz announces acquisition by Google Cloud to accelerate innovation and enhance multicloud security capabilities - Read More

• How security teams fail - Examination of why corporate security teams fail, from their origins to entrenchment and cultural rifts - Read More

• CVE-2024-53991 - Discourse Backup Disclosure - Rails send_file quirk allowing attackers to access sensitive backup files through a default Nginx configuration - Read More

• Zhou Shuai: A Hacker's Road to APT27 - The evolution of a renowned Chinese hacker from patriotic hacktivist to alleged state-sponsored threat actor - Read More

• Why do we even have XSS, SQLi, etc - Analysis of common web vulnerabilities and their persistence in modern applications - Read More

• Supply Chain Attack on reviewdog GitHub Actions - Disclosure of a critical supply chain vulnerability affecting multiple GitHub Actions repositories - Read More

• Laravel Reflected XSS via Request Parameter - CVE-2024-13918 affecting Laravel versions 11.9.0-11.35.1 in debug-mode error pages - Read More

• Zen and the Art of Microcode Hacking - Exploring advanced techniques in microcode manipulation and security implications - Read More

• Traversal-resistant file APIs - New Go 1.24 os.Root API providing robust defense against path traversal vulnerabilities - Read More

🐦 SecX

• Watcher.Guru on X: "Our X account was hacked today. We sent a message to an X employee two weeks ago after we suspected an attempt was made to compromise our account."

💻 SecGit

• BlackFan/BFScan: Tool for finding URLs, paths, secrets and generating raw HTTP requests and OpenApi specifications from config files and annotations used in JAR / WAR / APK applications

For suggestions and any feedback, please contact: securify@rosecurify.com