Seclog - #122

"The best defense is not only in strong encryption but in unpredictable behavior." - The Art of Cyber War

📚 SecMisc

• Vulnerability Database - A comprehensive database of vulnerabilities, curated and organized by ENISA. Read More

📰 SecLinks

• VPNs Explained - Ghost Opsec - An in-depth guide to understanding VPNs and their role in online security. Read More

• Slopsquatting - Schneier on Security - A detailed article on the dangers of slopsquatting and its impact on online security. Read More

• CVE Lifecycle - A visual guide to the lifecycle of CVEs, from identification to patching. Read More

• The Death of CVE - An analysis of the decline in relevance of the CVE system and its implications for cybersecurity. Read More

• CVE-2025-3155 Writeup - Affecting Ubuntu Distros - A detailed writeup on the CVE-2025-3155 vulnerability affecting Ubuntu distributions. Read More

• Fontleak: Exfiltrating Text Using CSS and Ligatures - Explore a novel technique for exfiltrating sensitive information via font ligatures. Read More

• April 2025 4chan Sharty Hack and Janitor Email Leak | Know Your Meme - A breakdown of the 2025 4chan breach and the leaked janitor emails. Read More

• dAWShund - Framework to Put a Leash on Naughty AWS Permissions - FalconForce - A security framework to control and limit AWS permissions to prevent potential abuses. Read More

• SSD Advisory - extract() Double-Free(5.X)/Use-After-Free(7.X/8.X) - SSD Secure Disclosure - Security advisory regarding a critical double-free vulnerability in extract() functions. Read More

• TrustedSec | Kubernetes for Pentesters: Part 1 - An introductory guide to pentesting Kubernetes environments. Read More

• Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution - Details on a severe vulnerability in Erlang/OTP SSH allowing unauthenticated remote code execution. Read More

• How I Used AI to Create a Working Exploit for CVE-2025-32433 Before Public PoCs Existed | Platform Security Blog - An article detailing the creation of an AI-driven exploit for CVE-2025-32433. Read More

🐦 SecX

• XSS Report on X: "🚀 New Feature Alert on https://t.co/uVCBeEwMLN 🔥 We're leveling up your XSS game with AI-Powered XSS Analysis!" - Learn about AI-powered XSS analysis to make payload debugging easier and more precise. Read More

• Graham Helton on X: "I come with receipts" - Graham Helton shares a proof related to a security issue with some interesting receipts. Read More

• ZKsync on X: "Security team identifies a compromised admin account" - ZKsync reports a security incident involving a compromised admin account, but assures that user funds are safe. Read More

• Cas van Cooten on X: "VS Code's vulnerability could allow backdooring of agents" - A proof of concept highlighting a flaw in VS Code allowing backdoor installation from untrusted repositories. Read More

🎥 SecVideo

• What is this Folder REALLY Doing? - YouTube - A video explaining hidden activities behind certain folders in cybersecurity. Watch Here

• The CVE Saga - What Happened - YouTube - A video discussing the evolution and challenges of the CVE system. Watch Here

For suggestions and any feedback, please contact: securify@rosecurify.com