Seclog · Security Spotlight

Weekly curated security news, tweets, videos, and GitHub projects.

Spotlight: Redash SAML Auth Bypass, Secure Secure Shell, DNS Rebinding, wstunnel, etc.

Spotlight: XSS in cPanel, CVE-2023-29007, Google's 2FA sync, Penetrating the Cloud, etc.

Spotlight: Finding & Exploiting in H.264 Decoders, Fuzzing to JS, The Rule Of 2, Bypassing Amazon Kids+, DevOps threat matrix, LOLDrivers, etc.

Spotlight: Bing.com Hacked, NEAR SC Security Course, Advanced Phishing, Application of ChatGPT in Cybersecurity, CodeQL zero to hero, etc.

Spotlight: Securing CI/CD Pipelines, JMX Exploitation, CVE-2022-44268, Attack Surface Management, WAF Bypass, Vulnerability Remediation Concept, etc.

Spotlight: CircleCI Security Incident, Trail of Bits Security Audit, DNS Cache Poisoning in Chrome, Hacking/Secure CI/CD Pipeline, PostgreSQL-RCE, etc

Spotlight: OSV & Vulnerability Life Cycle, Unauthorized Issue on Github Secret, mock WebRTC traffic,Prompt Injection Attacks, Scaling Appsec Netflix.

Spotlight: Abusing Maven, DNS Hijacking, OAuth vuln in Booking.com, CF's Oxy Proxy etc.

Spotlight: Zero Trust, EmojiDeploy, Prototype Pollution RCE, OWASP Kubernetes, Airbnb's Access Management, dns0, 12ft, etc.

Spotlight: Hacking airline, Phishing w/ Github, Jira, VMware , RCE in {binwalk,vBulletin,Aspera Faspex,Yellowfin}, SSO : XSS to ATO etc.

Recent Advisories

RO-26-005 (CVE-2026-24489) Gakido - CRLF Injection
RO-26-004 (CVE-2026-23829) Mailpit - SMTP CRLF Injection via Regex Bypass
RO-26-003 (CVE-2025-XXXX (Pending)) feedyour.email - SQL Injection via Search Parameter
RO-26-002 (CVE-2026-22689) Mailpit - Cross-Site WebSocket Hijacking (CSWSH)
RO-26-001 (CVE-2026-21859) Mailpit - Server-Side Request Forgery (SSRF)