In this week's Seclog, a prominent theme is the escalating sophistication of remote code execution (RCE) vulnerabilities across diverse platforms, from cloud-native Kubernetes and AWS ROSA clusters to automation engines like n8n and even legacy online games. Several critical RCE flaws were highlighted, demonstrating how seemingly innocuous permissions or misconfigurations can lead to full system compromise and significant supply chain risks. Concurrently, the increasing capabilities and dual impact of Artificial Intelligence in cybersecurity are starkly evident: AI systems are proving adept at discovering multiple zero-day vulnerabilities in critical infrastructure like OpenSSL, while also acting as powerful tools for reverse engineering and even autonomously executing multi-stage attacks. Furthermore, widespread data leaks and exposure of sensitive credentials, particularly in self-hosted control planes and personal assistant services, underscore persistent challenges in infrastructure security. These incidents collectively emphasize the dynamic threat landscape, where advanced tools and fundamental hygiene both play crucial roles in defending against evolving attack vectors.

📰 SecLinks #

Kubernetes Nodes/Proxy GET Leads to RCE - grahamhelton.com

A critical authorization bypass in Kubernetes RBAC allows nodes/proxy GET permissions to escalate to remote code execution (RCE) within any pod across the cluster. This vulnerability highlights a severe misconfiguration risk, enabling attackers with limited access to achieve full system compromise by exploiting trusted nodes/proxy access.

XSS Escapes WAF to Steal Salesforce Tokens - castilho.sh

An XSS vulnerability was discovered in a Salesforce instance, which was then escalated to steal OAuth tokens. The unique aspect of this attack involved leveraging the Cloudflare WAF as a "gadget" to facilitate the token theft, demonstrating how common security controls can sometimes be co-opted in novel exploit chains.

C&C Generals RCE Enables Worm Development - atredis.com

Multiple vulnerabilities were uncovered in the network architecture of the online game Command & Conquer: Generals, exposing a significant attack surface. These flaws permitted remote code execution, which researchers successfully exploited to develop and demonstrate a worm, illustrating the potential for widespread compromise in legacy online gaming platforms.

AI Models Execute Multistage Cyber Attacks - anthropic.com

Recent evaluations reveal that advanced AI models, specifically Claude, can now execute sophisticated multistage cyberattacks across networks containing dozens of hosts. These attacks are performed using only standard, open-source tools, indicating a significant reduction in the barriers to autonomous AI deployment in cyber operations and emphasizing the increasing importance of fundamental security hygiene.

AI Discovers 12 OpenSSL Zero-Days - lesswrong.com

An AI system from AISLE successfully discovered 12 previously unknown zero-day vulnerabilities in OpenSSL, a critical cryptographic library, marking a significant milestone in AI-based cybersecurity research. Concurrently, curl canceled its bug bounty due to AI-generated spam, illustrating the dual impact of AI in security: raising the ceiling for genuine discoveries while also collapsing the median with low-quality submissions.

Critical n8n RCE Affects 100,000 Servers - alexleighton.com

A critical vulnerability, CVE-2026-21858 (CVSS 10.0), was identified in n8n, enabling attackers to fully compromise locally deployed instances. This flaw potentially impacts around 100,000 servers worldwide, with no current workarounds available except for an immediate upgrade to version 1.121.0 or newer.

Qodo RCE, AWS Admin Key, Supply Chain Risk - kudelskisecurity.com

Researchers achieved Remote Code Execution (RCE) on Qodo Merge Pro's GitHub app production server and concurrently leaked an AWS secret key with Administrator permissions. This dual compromise could have led to a complete takeover of their AWS infrastructure and, via the GitHub app, write access to customer repositories, posing a significant supply chain attack risk.

AI Assists Flutter Network Stack Reverse Engineering - randywestergren.com

This post details a collaboration with Claude Opus 4.5 to reverse engineer Flutter's network stack on Android, enabling the proxying of Flutter application traffic. The research demonstrates the practical application and effectiveness of AI in assisting complex mobile security research, particularly when traditional man-in-the-middle techniques fail.

n8n RCE Via Expression Injection Risks Cloud Accounts - securelayer7.net

A critical remote code execution (RCE) vulnerability (CVE-2025-68613, CVSS 9.9) in n8n, caused by expression injection, poses a significant risk of full system compromise. Given n8n's common deployment with trusted access to internal APIs, cloud accounts, and automation credentials, this flaw allows an attacker to pivot from workflow compromise to server-level control and extensive internal access.

Reverse Engineering Pokémon GO for Learning - sylvie.fyi

This post chronicles a personal project focused on reverse engineering Pokémon GO to develop and hone technical skills. The author delves into the game's mechanics beyond pre-built tools, uncovering various interesting findings through direct exploration of the application.

Tesla LTE Connectivity Security Analysis - 0x0root.com

This research provides a detailed security analysis of LTE connectivity in connected cars, using Tesla as a specific case study. The work explores potential vulnerabilities and attack vectors within the automotive LTE communication infrastructure, highlighting critical security considerations for modern vehicle systems.

AWS ROSA Unauthenticated Cluster Takeover - ryanjarv.sh

A critical vulnerability was found in Red Hat OpenShift Service (ROSA Classic Clusters) on AWS, enabling unauthenticated attackers to discover and fully compromise arbitrary clusters. This flaw allowed for the acquisition of cluster-admin privileges and subsequent pivoting to highly privileged access within the victim's underlying AWS account, posing a severe cloud security risk.

Autonomous Agent Achieves Moltbot One-Click RCE - ethiack.com

An autonomous ethical hacking agent demonstrated the ability to achieve one-click Remote Code Execution (RCE) on Clawdbot (Moltbot), an open-source, self-hosted personal assistant control plane. This highlights the rapid potential for compromise in systems with extensive integrations and full system access, especially when targeted by advanced automated tools.

🐦 SecX #

Moltrix Control Servers Leak Sensitive Credentials - x.com

Widespread misconfigurations were identified across hundreds of Clawdbot (Moltrix) control servers, leading to the leakage of highly sensitive data. This included API keys, OAuth tokens, conversation histories, and Signal device pairing credentials, which were found exposed in world-readable temporary files, highlighting critical infrastructure security oversights.

Moltbook Data Breach Exposes 1.5M Users - x.com

Moltbook is reported to be vulnerable to an attack that fully discloses sensitive user information, including email addresses, login tokens, and API keys, for over 1.5 million registered users. This widespread data exposure represents a critical breach of user privacy and system integrity, requiring urgent attention from the platform's administrators.

Moltbook Database Exposed, API Keys Leaked - x.com

Moltbook's entire database is publicly exposed without protection, including secret API keys that could allow unauthorized individuals to post on behalf of any agents. This severe misconfiguration enables impersonation and potentially broader system compromise, especially for high-profile users.

Tweet Mentions GCHQ and 0-Day Exploits - x.com

A tweet from hacker.house references Jeffery Epstein, GCHQ, and 0-day exploits. This likely points to a discussion or article related to state-sponsored hacking, intelligence agency operations, and the acquisition or use of zero-day vulnerabilities, but the specific technical details are not available in the provided snippet.

💻 SecGit #

SITF: SDLC Infrastructure Security Framework - github.com

SITF is a comprehensive framework designed for the analysis and defense against attacks targeting Software Development Life Cycle (SDLC) infrastructure. This tool aims to provide security professionals with structured methods and resources to identify vulnerabilities and implement effective countermeasures throughout the software development pipeline.

Cisco A2A Scanner for Agent Threats - github.com

The cisco-ai-defense/a2a-scanner is a tool designed to scan A2A (Agent-to-Agent or Application-to-Application) agents for potential security threats and vulnerabilities. This repository offers a resource for identifying and mitigating security issues within interconnected agent systems, enhancing the defense posture of distributed applications.

← Back to Seclog