Seclog - #140

"In the realm of cyber, victory belongs not to the swiftest click, but to the most strategic mind." - The Art of Cyber War

📚 SecMisc

• Torflow Network Analysis Tool – Torflow provides network analysis and visualization for Tor relays, offering insights into network performance and security monitoring. uncharted.software

• Interim Computer Museum Digital Archive – The Interim Computer Museum showcases historical computing devices and preservation efforts, serving as a digital archive for technology enthusiasts. icm.museum

• Phrack Magazine Latest Issue – Explore the latest issue of Phrack Magazine, a long-standing publication for security research and hacking culture. Phrack Magazine

📰 SecLinks

• Multi-Agent Hijacks, Ruby Deserialization, Image Scaling Attacks – Hijacking multi-agent systems, Ruby deserialization exploits, and weaponizing image scaling against production AI systems. Read More

• Marshal Madness: Ruby Deserialization History – Brief history of Ruby deserialization exploits. Read More

• Weaponizing Image Scaling – New Trail of Bits research on production AI image scaling attacks. Read More

• 0-Click Account Takeover and Security Demo – Exploitation via CaMeL. Read More

• Azure Weakest Link: Cross-Tenant and API Secrets – Misconfigurations leading to cross-tenant compromise. Read More

• Azure API Connections Secrets Leak – API connections spilling secrets. Read More

• ECC.Fail Cryptography Insights – ECC vulnerabilities & failures. Read More

• MCP Security: Network-Exposed Servers Backdoors – Cloud misconfiguration risks. Read More

• Gumroad Security Report – Findings & recommendations. Read More

• Automate Cloud Security with AWS Step Functions – Security workflows automation. Read More

• Intel Outside: Hacking Every Employee – Hacking Intel staff & internal sites. Read More

• OSINT of Cuba Analysis – Intelligence insights. Read More

• Malicious PyPI and npm Packages – Supply chain attacks. Read More

• Cache Deception + CSPT Account Takeover – Turning low-severity bugs into account takeover. Read More

• Trivial C# Random Exploitation – RNG exploitation. Read More

• Zero-Day Startup Offers $20M for Smartphone Hacks – New vulnerability market. Read More

• Exploiting CodeRabbit: PR to RCE on 1M Repos – Pull request → RCE. Read More

• Hallucinated Package Attack: Slopsquatting – Supply chain risks. Read More

• How Brands Downplay Security Breaches – Case study: Orange. Read More

• Missing Semester of AI: LLM Security – AI vulns & best practices. Read More

• Request Collapsing Demystified – CDN security implications. Read More

• DOM-Based Extension Clickjacking Risks – Browser extension exploit. Read More

• AWS IAM Privilege Escalation Techniques – Exploiting IAM misconfigs. Read More

• A Fuzzy Escape: Hypervisor Vulnerability Research – Hypervisor exploit. Read More

• AI Assisted Dev aka Vibecoding – AI in dev workflows. Read More

• Windsurf: Memory-Persistent Data Exfiltration – SpAIware exploit. Read More

🐦 SecX

• XBOW Unleashes GPT-5’s Hidden Hacking Power – GPT-5 cyber capabilities revealed. Watch Here

🎥 SecVideo

• CSRF Exploits, Deserialization Insights, AI Fraud Detection – Client-side path traversal, CSRF, deserialization, AI-based fraud detection. Watch Here

• DEF CON 33 VPN Cloud Breach – Cloud VPN bug exploitation. Watch Here

• Deserialization: what, how and why [not] - Alexei Kojenov - AppSecUSA 2018 (YouTube) – Additional session. Watch Here

• AI & Security Demo (YouTube) – Watch Here

💻 SecGit

• OAuth Phishing, TOCTOU Attacks, AI Security Tools – Azure OAuth phishing, OpenAI TOCTOU, iOS privacy vulns, prompt injection. Explore

• Google Security Advisory GHSA-mp56-7vrw-qxvf – TOCTOU attack. Explore

• Anthropic Claude Code Security Review – AI code analysis tool. Explore

• NineSunsInc Mighty Security – Security tooling repo. Explore

• iOS 18.5 Bluetooth Privacy Vuln – Exploit PoC. Explore

• Git Authors 0.2.0 – Git commit authorship tracking. Explore

• Trail of Bits Anamorpher – Security visualization tool. Explore

• MCP Guardian – Cloud MCP security guardian tool. Explore

For suggestions and any feedback, please contact: securify@rosecurify.com