"Let your strategies be dark and impenetrable as the night, and when you strike, fall like a thunderbolt on their servers." - The Art of Cyber War

📚 SecMisc

DNS and IP Intelligence Feed – DNSarchive provides easy access to domain data and IP records. It's a repository simplifying searches for DNS intelligence. DNSarchive

📰 SecLinks

OAuth Security Pitfalls and Risks – Skipping state validation enables CSRF attacks, while misconfigured scopes, public secret storage, and permissive redirect URIs create account takeover risks. Emphasizes OAuth is authorization, not authentication. Read More
Malicious MCP Server Prevalence on GitHub – VirusTotal analysis flagged nearly 8% of Model Context Protocol servers as potentially forged or critically vulnerable, highlighting risks from flawed implementations. Read More
Framebusting Intervention Security Enhancement – Mozilla proposal limits cross-origin iframes from navigating top-level contexts unless legitimacy conditions are met, improving web security and compatibility. Read More
Beginner CVE Discovery and Publishing Guide – Outlines methodical steps for novice bug hunters to find and publish CVEs using curiosity and persistence, bypassing elite skill requirements. Read More
Azure Illicit Consent Grant Attacks in 2025 – With Microsoft's MFA enforcement, credential-based attacks lose impact, shifting focus to consent grant exploits for initial access. Read More
llama.cpp Heap Overflow Vulnerability – CVE-2025-52566 exposes a subtle integer overflow in tokenizer, leading to heap corruption, undiscovered for over a year. Read More
Akamai CloudTest XXE Injection Flaw – XBOW discloses CVE-2025-49493, an XML External Entity injection vulnerability, alongside autonomous vulnerability research strategies. Read More
Reverse Engineering Vercel's BotID System – Analysis of Vercel's invisible CAPTCHA reveals reliance on client-side signals and Kasada's anti-bot tech for Deep Analysis tier. Read More
Google's Secure AI Agent Framework – Hybrid strategy combines deterministic controls with reasoning-based defenses, enforcing human oversight, action limitations, and observability for AI agents. Read More
MCP Protocol Security Design Flaws – Alibaba Cloud discloses OAuth mechanism weaknesses increasing phishing risks, urging community consensus on mitigation. Read More
Critical RCE in Anthropic MCP Inspector – CVE-2025-49596 (CVSS 9.4) enables browser-based exploits via DNS rebinding, allowing remote code execution. Read More
Sudo chroot LPE Vulnerability Impact – CVE-2025-32463 allows attackers to bypass sudoers restrictions via chroot option abuse, escalating to root privileges. Read More
Directory Traversal and CSV Abuse RCE – Chaining exploits in a Django app enabled overwriting wsgi.py for server-side code execution via pandas parser abuse. Read More
Wing FTP Server Null-Based RCE – CVE-2025-47812 details a remote code execution vulnerability exploiting NULL byte handling in Wing FTP. Read More
Reproducing WhatsApp Double-Free Vulnerability – Walkthrough of CVE-2019-11932 using AFL++ and Frida for on-device fuzzing of native Android libraries. Read More
Unpatched RCE in Call of Duty WWII – Exploit enables attackers to trigger Notepad popups, shutdowns, and inappropriate content via Xbox PC Game Pass. Read More
DNSArchive Domain Intelligence Repository – Simplifies DNS, RDNS, and IP record searches for domain intelligence and historical data. Read More
Persistent XSS in Adobe Experience Manager – Researchers achieved DOM-based XSS on AEM Cloud sites by bypassing built-in security features multiple times. Read More
Slack MCP Server Data Leakage Vulnerability – Unmaintained Anthropic Slack MCP Server allows data exfiltration via link unfurling flaws. Read More
Spyware Account Takeover via SQLi – Compromised 60,000 Catwatchful spyware accounts by exploiting SQL injection in the service's authentication flow. Read More
Exposed JDWP Exploitation in TeamCity – Attackers achieved RCE via Java Debug Wire Protocol abuse on CI/CD servers, deploying cryptominers and persistence mechanisms. Read More

🐦 SecX

Call of Duty WWII RCE Exploit Abuse – Unpatched vulnerability enables in-game trolling via Notepad popups, system shutdowns, and explicit content injections. Watch Here

🎥 SecVideo

Indirect Prompt Injection Attacks Explained – Demonstrates practical exploitation of LLM-backend integrations to execute arbitrary actions in victim contexts. Watch Here
Localhost API Exploits from Browsers – Browser-based attacks expose local services via port access flaws, enabling remote network infiltration. Watch Here
JavaScript Desktop App Hacking Techniques – Focuses on XSS and RCE in Electron apps, with cross-platform CSP bypasses and security methods. Watch Here

💻 SecGit

AWS IAM Data Collection Tool – Collects IAM information across AWS organizations, accounts, and resources for security analysis. Explore on GitHub
JAR/WAR/APK Path and Secret Scanner – Discovers URLs, paths, secrets, and generates OpenAPI specs from Java/Android application configs. Explore on GitHub
Kubernetes CEL-Based Cluster Scanner – Uses CEL expressions to detect misconfigurations and vulnerabilities in k8s environments. Explore on GitHub
Self-Hosted Zero Trust Access Platform – FOSS alternative to Teleport/Cloudflare, providing VPN, ZTNA, API gateway, and ngrok-like capabilities. Explore on GitHub
GitHub Secret Scanner for Dangling Commits – Scans GH Archive data to find secrets in overwritten commits from force-push events. Explore on GitHub
Azure Blob Storage SOCKS5 Proxy Tool – Tunnels traffic through Azure Blob Storage when direct connectivity is restricted. Explore on GitHub
Kubernetes Privilege Escalation Toolkit – Automates token theft, secret collection, and cluster takeover techniques for pentesting. Explore on GitHub
Frontend API Key Validation Utility – Tests discovered credentials in-browser via JavaScript without server logging. Explore on GitHub
Electron Security Analysis and Injection Tool – Modern interface for manipulating Electron apps with debugging and exploit features. Explore on GitHub
Malicious Archive Crafting Utility – Generates specially designed archives to test extraction vulnerabilities. Explore on GitHub
LLM-Based Vulnerability Detection Model – FuncVul uses code chunks and LLMs for function-level vulnerability identification. Explore on GitHub
fwd:cloudsec 2025 Talk Summaries – Curated insights and key points from cloud security presentations for time-constrained professionals. Explore on GitHub

For suggestions and any feedback, please contact: securify@rosecurify.com

Seclog - #133