Seclog - #139

RosecurifyRosecurify
3 min read

"A swift attack in the cyber world is unseen; its effects, devastating." - The Art of Cyber War

πŸ“š SecMisc

  • Searchlight Cyber Threat Intelligence Tools – Comprehensive suite for digital risk monitoring and dark web investigations. SLCyber

  • Monero Network 51% Attack Incident – Blockchain security compromised through majority hash-rate manipulation. Web3IsGoingGreat

  • Zigot Ransomware Reverse Challenge – CTF exercise focused on ransomware binary analysis and decryption techniques. VX-Zone

  • Wiz Emoji Security Cheat Sheets – Visual guides for cloud security concepts using custom "Wizmoji" icons. Wiz

  • Debian 100K Milestone Celebration – Historic project anniversary reflecting on open-source longevity. Debian

  • Anthropic Red Team Research Portal – AI safety testing resources and adversarial research findings. Anthropic

  • Lessons from Building an AI Hacker (AIxCC) – Theori's insights from participating in DARPA’s AI Cyber Challenge. Theori

  • GitHub Copilot: Remote Code Execution via Prompt Injection – Demonstration of how prompt injection in GitHub Copilot could lead to RCE scenarios. EmbraceTheRed

  • Data Exfiltration via Image Rendering Fixed in Amp Coded – Explains a vulnerability allowing exfiltration via maliciously rendered images. EmbraceTheRed

  • From Support Ticket to Zero Day – Real-world exploit chain research from Horizon3.ai showcasing how simple bugs evolve into zero-days. Horizon3.ai

  • Cracking the Vault: HashiCorp Vault 0-days – Discovery of critical zero-day vulnerabilities in authentication and identity mechanisms of HashiCorp Vault. Cyata

  • Ostorlab: Signal Arbitrary File Read Vulnerability – Detailed analysis of an arbitrary file read vulnerability in Signal, discovered via mobile app testing. Ostorlab

  • LLM Reward Hacking Exploits – Manipulating model incentives to bypass alignment safeguards. Medium

  • Veeam CVEs and Bounty Disclosures – Critical vulnerabilities revealing $30K bounties in backup systems. Voorivex

  • Gmail Phishing Scam Analysis – Emerging credential theft campaign using deceptive forwarding rules. Malwr

  • Python Wheel Archive Confusion Fix – Mitigating malicious ZIP parser exploitation in installers. PyPI

  • LLM-Powered Patch Diffing Research – AI-assisted vulnerability discovery through commit analysis. BishopFox

  • Autonomous Pentesting with Hacktron – AI agent conducting full security audits without human intervention. Hacktron

  • FortiSIEM Pre-Auth RCE Exploit – CVE-2025-25256 exposing critical command injection flaw. WatchTowr

  • Demystifying Burp AI Functionality – Gain insight into How Burp AI Works through this detailed blog post. Parsiya

🐦 SecX

  • Malicious Cursor AI Extension Attack – Crypto wallet drained via compromised VS Code plugin. X.com

πŸŽ₯ SecVideo

  • Deserialization Vulnerability Deep Dive – Exploiting insecure object serialization in web apps. YouTube

πŸ’» SecGit

  • Spotter: Kubernetes Security Scanner – CEL-powered scanner for Kubernetes clusters, manifests, and CI/CD environments. GitHub

  • Cybersecurity Simulation Handbook – Red team tactics and adversary emulation playbooks. GitHub

  • Black Hat USA 2025 Presentations – Conference slides for offensive security research. GitHub

  • GitLab Attack Toolkit (GLATO) – Framework for auditing GitLab instance security. GitHub

  • CI/CD Pipeline Sentinel Scanner – Detecting misconfigurations in DevOps workflows. GitHub

  • Burp Suite Recursive Request Exploit – DEFCON tool for chained vulnerability exploitation. GitHub

  • Google's Camel Anti-Injection Framework – Prompt injection countermeasures for LLMs. GitHub

  • OSINT Footprint Search Tool – Cross-platform username reconnaissance across 300+ sites. GitHub

  • Pentest Reporting ZSH Theme – Custom terminal with integrated command logging. GitHub

  • AI-Driven AD Password Sprayer – Targeted credential attacks using user intelligence. GitHub

  • HexStrike AI Pentesting Agents – Autonomous cybersecurity tools orchestration via LLMs. GitHub

  • DNS Takeover Methodology Guide – Provider-specific techniques for domain reclamation. GitHub

For suggestions and any feedback, please contact: securify@rosecurify.com

0
Subscribe to my newsletter

Read articles from Rosecurify directly inside your inbox. Subscribe to the newsletter, and don't miss out.

seclogSecurityWeb Securityai security

Written by

Rosecurify
Rosecurify