Seclog - #136

"The art of cyber war is knowing when to strike… and when to reboot." - The Art of Cyber War

📚 SecMisc

• SLSA Framework Secures Software Supply Chains – SLSA (Supply-chain Levels for Software Artifacts) provides standards to prevent tampering and ensure artifact integrity across infrastructure. It transitions ecosystems from "safe enough" to maximum resilience against supply chain attacks. Read More

• GMS Gadgets – Inspired by Black Hat research, GMSGadget explores bypassing XSS defenses using script gadgets. This project revives techniques to circumvent modern mitigations. Read More

• Positive Technologies Vulnerabilities Database – dbugs is JSC Positive Technologies' platform for vulnerabilities. It serves as a home for security findings and related information from 2025. Read More

📰 SecLinks

• How we rooted CoPilot – Microsoft's Jupyter Notebook integration in Copilot Enterprise allowed arbitrary code execution. Researchers rooted the system via this live Python sandbox vulnerability. Read More

• OTP Bypass Techniques in Mobile Apps – Resecurity details API and authorization flaws allowing OTP bypass during VAPT engagements. These issues persist across organizations regardless of maturity. Read More

• Amazon Q's Unintended Self-Destruct Feature – A malicious PR merged into Amazon Q instructed it to wipe computers and cloud infrastructure. This supply chain breach highlights AI tool risks. Read More

• Google OSS Rebuild Fortifies Open Source Trust – OSS Rebuild reproduces upstream artifacts to combat supply chain attacks targeting dependencies, offering security teams actionable data without burdening maintainers. This enhances trust in package ecosystems. Read More

• Vim Tar.vim Path Traversal Advisory – A path traversal vulnerability affects Vim 9.1.1552 via specially crafted tar files in tar.vim, enabling unauthorized access. Patch mitigations are critical for secure archive handling. Read More

• Netskope SWG Tenant Security Analysis – Netskope's cloud-native platform integrates CASB, SWG, and ZTNA for app security. Recent research explores tenant configurations and vulnerabilities. Read More

• Vendetect Detects Code Copying Efficiently – Trail of Bits' Vendetect uses semantic fingerprinting to identify copied code across repositories, even with altered variables. It leverages version history for precise tracing. Read More

• Novel PDO SQL Injection Technique – A new method exploits SQL injection in PDO's prepared statements, bypassing traditional defenses. Research shows evolving vulnerability complexity in modern apps. Read More

• Accidental ETQ Reliance RCE Discovery – Researchers accidentally found a remote code execution flaw in ETQ Reliance, proving vulnerabilities persist despite advanced frameworks. Modern apps still hide critical risks. Read More

• Critical JavaScript Library Vulnerability – A Critical Vulnerability in a JavaScript library has been discovered, exposing millions of applications. This flaw allows for potential Code Execution Attacks. Read More

🎥 SecVideo

• Prompt Engineering AI Red Teaming – Learn from HackAPrompt's creator about prompt engineering guides and the world’s first AI red teaming competition. Techniques cover adversarial LLM exploitation. Watch Here

💻 SecGit

• eBPF MCP Monitoring Tool – MCPSpy leverages eBPF for detailed MCP monitoring, providing low-level system insights. Ideal for performance and security analysis. Explore on GitHub

• Blackbird OSINT Account Discovery – Search for accounts by username/email across social networks. This tool streamlines reconnaissance and footprinting. Explore on GitHub

• SharePoint WebPart RCE Exploit – Exploits CVE-2025-53770 via ToolPane.aspx, enabling .NET deserialization and remote code execution. Critical for SharePoint penetration testing. Explore on GitHub

• YSoNet .NET Deserialization Payloads – Generates deserialization payloads for multiple .NET formatters. Essential for exploiting insecure serialization in applications. Explore on GitHub

• 0day.today Exploit Archive – Comprehensive archive of historical 0day.today exploits. A resource for vulnerability research and historical analysis. Explore on GitHub

• CVE-2025-7783 Proof of Concept – Demonstrates exploitation of CVE-2025-7783, a critical vulnerability with broad impact. Useful for defensive validation. Explore on GitHub

• Promptmap LLM Security Scanner – Scans custom LLM applications for vulnerabilities like prompt injection. Crucial for securing AI deployments. Explore on GitHub

• S3grep Bucket Content Search – CLI tool for searching logs and unstructured data in AWS S3 buckets. Accelerates incident response and forensics. Explore on GitHub

• Diverse Security Tools & Exploits on GitHub – GitHub offers a range of security tools, including an OSINT tool for account searches, eBPF monitoring, and an S3 log grepper. Also find exploits for SharePoint RCE, Vim path traversal, .NET deserialization, and an LLM security scanner. Explore on GitHub

For suggestions and any feedback, please contact: securify@rosecurify.com