Предраг Цујановић � Ｐ𝗿𝐞ⅆｒ𝚊ⓖ Ⅽ𝗎𝐉ａｎ𝚘𝕧ⓘć

Blind XXE in python3-saml by me :) CVE-2017-9672 github.com/onelogin/pytho…

Everyone is looking for XSS in PDF generators and SSR bots, but they are missing the actual architectural nightmare: Headless Context Bleed (HCB). Opening a new "incognito" tab in Puppeteer doesn't isolate everything. A thread on how shared state in backend browsers is the next massive attack surface. 🧵👇

This week in security: - LiteLLM, backdoored release exfiltrating secrets - Axios, supply chain malware via dependency - Railway, CDN caching leaked user data - OpenAI Codex, command injection via GitHub branch names - Mercor 1TB data leak - Delve, data leak + compliance risk infra is the attack surface now

AI is playing a role in two ways: 1.Far more code is being written (1.5-2x by some estimates) and far more people are vibe coding without reviewing what their agents install. Every unreviewed dependency is an attack surface. 2.Attackers have woken up. We saw the first NPM worm last year. The recent TeamPCP attacks (against Trivy and LiteLLM) have stolen a massive number of credentials that most teams haven’t rotated yet. We’ll be dealing with the long tail of these compromises for 6-12 months. Not that developers were good at reviewing dependencies before. But AI has mass-produced the exact behavior attackers exploit.

npm security on the case, both malicious axios versions have been unpublished!

the generation that refused to accept cookies. is now giving AI access to their desktops, files, and bank accounts.

Our research team at @SLCyberSec reverse engineered the Magento PolyShell pre-auth RCE bug, we wrote up our findings here: slcyber.io/research-cente… - this is an actively exploited vulnerability in the wild, thanks for @sansecio for flagging this issue first!

- XZ utils backdoor: found by guy debugging 200ms latency - LiteLLM hack: found by guy debugging oom issue These could have been the most impactful compromises ever. Forget security vendors, weaponize your engineers’ autism.

Same IP, six languages, different isPrivate() answers. If your SSRF defense is one boolean, you’re not blocking what you think. aydinnyunus.github.io/2026/03/21/ip-… #security #websecurity #appsec #cve #bugbounty

I published one of the techniques that I've been using against OAuth providers, honetly, it's led me to discover many flaws, and recently I used it to find a 1-click ATO on one of the most widely visited websites,I hope you find it useful :-) blog.voorivex.team/story-of-abusi…

🤯BREAKING: Alibaba just proved that AI Coding isn't taking your job, it's just writing the legacy code that will keep you employed fixing it for the next decade. 🤣 Passing a coding test once is easy. Maintaining that code for 8 months without it exploding? Apparently, it’s nearly impossible for AI. Alibaba tested 18 AI agents on 100 real codebases over 233-day cycles. They didn't just look for "quick fixes"—they looked for long-term survival. The results were a bloodbath: 75% of models broke previously working code during maintenance. Only Claude Opus 4.5/4.6 maintained a >50% zero-regression rate. Every other model accumulated technical debt that compounded until the codebase collapsed. We’ve been using "snapshot" benchmarks like HumanEval that only ask "Does it work right now?" The new SWE-CI benchmark asks: "Does it still work after 8 months of evolution?" Most AI agents are "Quick-Fix Artists." They write brittle code that passes tests today but becomes a maintenance nightmare tomorrow. They aren't building software; they're building a house of cards. The narrative just got honest: Most models can write code. Almost none can maintain it.

Bro Google is doing something wild. Starting September 2026 every Android developer has to give Google their government ID. Legal name. Home address. Phone number. And pay a fee. Even if they never use the Play Store. Even if they just put their app on their own website. So basically if you build any app for Android — Google wants to know exactly who you are. No exceptions. Brave, EFF, Tor Project and 40+ other organizations said no and signed an open letter against it. And think about who this really hurts. The people building privacy apps, VPNs, encrypted messaging, tools for journalists and activists. People who specifically chose to stay away from Google. Now Google wants their home address. Google is literally building a database of every person who writes Android software. Run by Google. Controlled by Google. Android was supposed to be the open system. The alternative to Apple locking everything down. Slowly it's starting to look the same. Is Android still actually open? 👇

BREAKING: powerful iPhone hacking tools used by Chinese criminals originated from US defense giant L3 Harris. The $LHX zero-click exploits went to Russian spies too. Unbelievable harm to our collective security. Scoop by @lorenzofb, here's why this matters 1/

The Russians were using this same technique against the same targets (Signal and WhatsApps) in Ukraine just last year. cloud.google.com/blog/topics/th… Looks like Dan’s prediction was correct.

Russian GRU cyber operatives are running a large-scale, targeted operations against Signal and WhatsApp users of government officials, military personnel and civil servants. The fake support message in the advisory tells victims, in capital letters: "DON'T TELL ANYONE THE CODE, NOT EVEN SIGNAL EMPLOYEES." That literal line is in the phishing message. AND IT WORKED. Russia didn't need to break Signal. It just needed officials who trusted a a random chat message more than their own security training. Dutch intelligence services confirmed Dutch government employees were among the victims. The campaign exploits no technical vulnerabilities in either app. Instead, it uses the apps' own features against their users. Two methods. 1. A fake "Signal Security Support Chatbot" contacts the target, warns of suspicious activity and a possible data leak, then asks for the SMS verification code and Signal PIN. Hand those over and the attacker takes full ownership of the account, moves it to a number they control, and reads everything going forward. The victim can re-register using their old number and will see their local chat history intact - so they assume nothing happened. The advisory notes, with some understatement, that "this assumption could be incorrect." 2. A malicious QR code, dressed as a group invitation, silently links the attacker's device to the victim's account. The victim keeps full access and notices nothing. The attacker just reads along. What makes this operationally elegant is the irreversibility. Signal has no central management by design. This is for reasons of user privacy. There is no way to remotely deactivate a stolen account. Once gone, it is gone. GRU operatives just understood this.

remember when Andres Freund basically saved the entire internet because he noticed a 200ms delay for his SSH login?

Google has identified an iOS exploit kit named Coruna. 5 full exploit chains, 23 vulnerabilities, documentation in native English, modular architecture. Full professionalism. It must have cost millions of dollars. Who built it? Google doesn’t say, but the evidence points to US government tools. The kit also contains components previously used in a cyber operation that Russia attributed to the NSA. Coruna traveled. First, an anonymous “company client”, then used by a Russian cyber espionage group, which hid the code on Ukrainian websites inside a visitor-counter script, delivering it only to selected users from a specific geolocation. Later a financially motivated actor “operating from China” deployed it (infecting over 42,000 devices). The malware added to the ready-made kit was lower quality than the original suggesting the tools were acquired and modified by someone else. One US government subcontractor, Peter Williams, just received a 7-year prison sentence for selling tools to Russian broker Operation Zero. The US government spent millions on a tool that now steals cryptocurrency. A good return on investment, just not for themselves. One more detail: Coruna did not attack devices with Lockdown Mode enabled.​​​​​​​​​​​​​​​​ cloud.google.com/blog/topics/th…

After Changing CEO HackerOne look likes going to downfall. - Ban well known hackers without any reason. - Decrease bounty table. - Layoff staff. - Now, using hackers data to train their AI and sell it. Unbelievable.

Chrome auto decodes all url-encoded, non-special characters in the URL for the user. This can be annoying when you're trying to sneak a payload in that looks a little weird. You can bypass this by adding %ff anywhere in the URL.

GatewayToHeaven: Finding a Cross-Tenant Vulnerability in GCP's Apigee omeramiad.com/posts/gatewayt…

It turned out there are many more payloads used in the Notepad++ attack! To stay undetected, its masterminds were COMPLETELY changing execution chains about every month. Here are more IPs used in the attack: 45.76.155[.]202 45.32.144[.]255 Read below for many other IoCs! [1/8]