Seclog - #134

"The art of cyber war is knowing when to strike… and when to reboot." - The Art of Cyber War

📚 SecMisc

• TapTrap Android Tapjacking Attack – Announcing TapTrap, a new attack on Android enabling silent access to device functions like camera or location. It lures users into performing unintended actions without consent. Read More

• Evaluating LLM Backend Security Generation – Introducing BaxBench, a benchmark testing state-of-the-art LLM performance in generating secure and correct backends. Includes a leaderboard showing results across different prompt types. Read More

📰 SecLinks

• NGINX Off-By-Slash RCE Misconfiguration – A blog post detailing a vulnerability discovered due to an NGINX misconfiguration. This eventually led to Remote Code Execution (RCE), granting full control over the affected server. Read More

• Git Clone Recursive RCE CVE-2025-48384 – Learn about CVE-2025-48384, a vulnerability in Git that can lead to remote code execution if git clone --recursive is used on an untrusted repository on Unix-like platforms. Update Git and embedded software to fixed versions. Read More

• Cross-Tenant Compromise via Bucket Squatting – A Google Bug Hunters report detailing a cross-tenant compromise of Application Design Center spaces. The attack vector involved bucket squatting. Read More

• Dangers of CSV Injection – An article discussing the often underestimated dangers of CSV Injection. It uses example CSV snippets to illustrate how malicious formulas can be embedded. Read More

• Tiki Wiki SSTI Vulnerabilities – Report on two Server-Side Template Injection (SSTI) vulnerabilities affecting Tiki Wiki CMS Groupware. These can be exploited by creating specially crafted wiki pages. Read More

• Thoughts on Bug Bounty Hunting – A blog post sharing thoughts, experiences, and perspectives on bug bounty hunting. It aims to answer common questions about getting started and strategies. Read More

• Application Attack Matrix for Modern Security – Introducing the Application Attack Matrix aimed at addressing unique threats targeting modern applications. It suggests traditional frameworks struggle with cloud-native, microservices, and API-driven architectures. Read More

• Bypassing Google Anti-Adblock Update – A blog post describing a bug found in Chrome that allowed webRequestBlocking to work in MV3. This bug enabled adblockers to function despite Google's anti-adblock updates. Read More

• Fortinet FortiWeb SQLi to RCE CVE-2025-25257 – Analysis of CVE-2025-25257, a pre-auth SQL injection vulnerability in Fortinet FortiWeb Fabric Connector. This flaw could potentially lead to RCE. Read More

• Supabase MCP Can Leak SQL Database – Discusses how Supabase's Model Context Protocol (MCP) integration can be exploited. An attacker might be able to leak a developer's entire private SQL database. Read More

• AI Hallucination Cases Database – A database tracking legal decisions in cases where generative AI produced hallucinated content. It focuses on instances like fake citations in court filings. Read More

• The S in MCP Stands for Security – Investigating the security implications of the Model Context Protocol (MCP) integrations, specifically focusing on the reliance on OAuth 2.1 for the authorization layer. Part 2 covers MCP security. Read More

• IDOR Leaked 64 Million McDonald's Applications – A writeup detailing how an IDOR vulnerability in the McHire chatbot platform could leak 64 million McDonald's job applications. The platform is used by many McDonald's franchisees. Read More

• Bypassing Meta's Llama Firewall – A case study explores prompt injection vulnerabilities, detailing how a Meta Llama firewall was bypassed. This highlights the ongoing challenge of securing AI models against adversarial inputs. Read More

💻 SecGit

• Vulnerability Correlation & CVD Management Tool – A GitHub tool facilitating quick correlation of vulnerabilities from various sources and streamlining Coordinated Vulnerability Disclosure (CVD) management. It's a collaborative platform for security advisories and bundles. Explore on GitHub

• Data Exfiltration via DNS OOB – A gist outlining a method for data exfiltration using DNS in Out-Of-Band (OOB) scenarios. It shows how to leverage DNS queries and encoding techniques like hex/base64 to transmit sensitive information when direct communication is unavailable. Explore on GitHub

• Bluetooth Mesh Chat & AI Prompts – Explore Bluetooth mesh chat for IRC-like communication and prompts for the Grok chat assistant. Also, discover tools for remote browser session control, cloud drift detection, and policy-based access control on eBPF objects. Explore on GitHub

• Go EUVD Library & Security Workflows – Access real-time vulnerability data with a Go library for the ENISA EU Vulnerability Database (EUVD) API. Additionally, find a flexible framework for security teams to build AI-powered workflows. Explore on GitHub

• Tailscale for Red Team Ops – A lightweight binary facilitates joining a device to a Tailscale network and exposes a local SOCKS5 proxy. This is designed for red team operations and ephemeral access into restricted environments. Explore on GitHub

• Weaponizing WaybackUrls & Container Linter – Discover a tool for weaponizing WaybackUrls for recon, bug bounties, and OSINT, targeting sensitive endpoints. Also, find a container image linter for security to help build best-practice Docker images. Explore on GitHub

For suggestions and any feedback, please contact: securify@rosecurify.com