👋 Come see my BSidesSF keynote!

Shorter issue this week due to BSidesSF and RSA.

First, if you want to come hang with me and other cool folks check out this Pre-BSidesSF party tomorrow (Friday) at Emporium Arcade Bar, with Semgrep, Code Red Partners, ProjectDiscovery, and Prophet Security.

(See other Semgrep RSA stuff here.)

But I won’t be out late Friday because…

I’m stoked to be giving the BSidesSF opening keynote Saturday morning! 🙌 

The talk title is Sharing Vulnerabilities, and it’s by far the most personal talk I’ve ever given.

I hope to see you at BSidesSF, but regardless, I wish you the best in surviving BSidesSF/RSA if you’re attending!

Stay hydrated, try to shower and sleep, and if you ever get trapped by someone in sales, remember the universal safe word(s): “I have no buying authority.”

Sponsor

📣 The Battle against Bots: How to protect your AI app

Modern bots are smarter than ever—executing JavaScript, storing cookies, rotating IPs, and even cracking CAPTCHAs with AI. As attacks grow more sophisticated, traditional detection just isn’t enough.

Enter WorkOS Radar—your all-in-one bot defense solution. With just a single API, you can instantly secure your signup flow against brute force attacks, leaked credentials, and disposable emails. Stop bots in their tracks and keep your real users safe.

👉 Protect your app today with WorkOS Radar 👈

AppSec

Google Spoofed Via DKIM Replay Attack: A Technical Breakdown
EasyDMARC’s Gerasim Hovhannisyan describes an impressively sophisticated phishing attack that leverages Google Sites and DKIM replay to create highly convincing fake subpoena emails appearing to come from Google. The attack uses Google Sites to create convincing phishing pages (due to being hosted on sites.google.com) and a complex email flow involving Outlook, custom SMTP relays, and Namecheap’s PrivateEmail to bypass email authentication checks 🤯 Give it a read if you want to know more about SPF, DMARC, and DKIM.

Cross-Site WebSocket Hijacking Exploitation in 2025
Cross-Site WebSocket Hijacking (CSWSH) is a vulnerability that arises because WebSockets are not protected by the Same Origin Policy, so attacker.com can open a WebSocket to bank.com and the browser helpfully attaches the user’s cookies.

Include Security’s Laurence Tennant discusses how browser security improvements like SameSite=Lax cookies by default, Total Cookie Protection, and Private Network Access have impacted CSWSH’s exploitability through three case studies. (Demo app) Server-side Origin validation remains the most reliable defense.

Can’t Stop, Won’t Stop Hijacking (CSWSH) WebSockets
Black Hills Information Security’s Jack Hyland describes how to exploit the WebSocket protocol’s handshake to perform Cross-Site WebSocket Hijacking, allowing a malicious webpage to hijack a victim’s authenticated WebSocket connection. He demonstrates the technique using Burp Suite on a PortSwigger lab, showing how to spoof the Origin header and leverage SameSite=None cookies to steal chat messages containing solutions to the challenge.

Sponsor

📣 AI and Code Security: Hype vs. Reality

The AI security space is buzzing—but can these tools really fix code vulnerabilities? A new 2025 report from Latio Tech puts top vendors to the test, evaluating how well they detect issues, create real fixes, and support AppSec teams. Whether you’re leading engineering or managing security, this breakdown cuts through the hype to show what delivers—and what doesn’t. Normally a paid report, Amplify Security is giving it away free for a limited time.

👉 Get the Free Report 👈

Nice, AI auto-fixing code is a hot area, I’ve been waiting to see a comparison of a bunch of people’s approaches 🤘 

Cloud Security

ccbrown/cloud-snitch
By Chris Brown: Map visualization and firewall for AWS activity, inspired by Little Snitch for macOS. It provides summaries of activity by AWS region, principal, IP address, and CIDR network, and errors are highlighted, so you can quickly spot suspicious behavior or bugs in your code.

zoph-io/kye
By zoph.io: A tool that analyzes IAM Role trust policies and S3 bucket policies in your AWS account to identify third-party vendors with access to your resources. It compares the AWS account IDs found in these policies against a reference list of known AWS accounts from fwd:cloudsec to identify the vendors behind these accounts. It also identifies IAM roles vulnerable to the confused deputy problem (missing ExternalId condition).

IAM Role Trust Policies: Misconfigurations Hiding in Plain Sight
Token’s Eliav Livneh describes two common but dangerous misconfigurations in AWS IAM role trust policies: allowing all principals in the role’s account to assume it, creating an easy privilege escalation path, and misunderstanding how multiple principals are evaluated (always OR, never AND), potentially granting unintended access.

Introducing a New Way to Track AWS Documentation Changes
Miggo’s Liad Eliyahu announces their AWS Security Docs Change Engine, a free tool that automatically tracks and analyzes changes in AWS documentation, using an LLM to analyze the changes and provide a report of potential security implications, helping security teams stay informed about relevant changes that could affect their security posture.

Container Security

clusterfuck: attack sims on k8s clusters
Bilal S. describes clusterfuck, a multi-stage attack simulation against k8s environments that attempts to execute privilege escalation, container escape, credential theft, lateral movement, and crypto mining techniques. It’s designed to validate detection capabilities in your cloud security posture management (CSPM) and endpoint detection and response (EDR) tools. When successful, it triggers 20+ high-severity security alerts across the attack chain, helping security teams test their defenses, improve detection coverage, and practice incident response.

Kube-Policies: Guardrails for Apps Running in Kubernetes
Block’s Hardik Darji, Allison Donovan, Aristides Gonzalez, and Monica Holliday describe the development of kube-policies, a custom Kubernetes admission controller built on Open Policy Agent (OPA) to enforce security guardrails. The system uses staged policy enforcement (monitoring, warning, denial) and supports both validating and mutating policies. Other key features include a robust testing framework (unit tests, e2e, manual), exception management, observability via audit logs and Prometheus metrics, and integration with existing logging systems.

💡 This is a great example of very thoughtful security engineering- building infrastructure that both raises the security bar and also has engineering rigor (debug-ability, can roll out changes confidently without breaking things, etc.), and I love how it can auto-fix some things for developers without them needing to do any work. 👌 Open source when? 😉

AI + Security

lasso-security/mcp-gateway
By Lasso Security: Acts as an intermediary between LLMs and other MCP servers, so that it can automatically mask sensitive tokens in the response (preventing exposure of credentials), mask PII, and with a Lasso API key detect prompt injection or harmful content as well as apply a custom policy.

groovyBugify/aws-security-mcp
By Saransh Rana: An MCP server that enables clients to interact with AWS security services, allowing AI assistants to: query AWS infrastructure with natural language (e.g. “share a list of running ec2 instances that are of type t2.large”), query security findings from GuardDuty, SecurityHub, and IAM Access Analyzer, list and inspect AWS resources for security misconfigurations, and more.

Document My Pentest: you hack, the AI writes it up!
Portswigger’s Gareth Heyes introduces “Document My Pentest,” an open-source Burp Suite extension that watches your requests in real time, understands what you’re probing for, and automatically builds a clean, structured record of your findings – capturing exactly what you did and how you did it. When you’re ready, hand it off to AI and generate a report.

How I Used AI to Create a Working Exploit for CVE-2025-32433 Before Public PoCs Existed
Matthew Keeley walks through using AI to generate a proof-of-concept exploit for the recent Erlang/OTP SSH vulnerability. Starting from a tweet, Matthew then used GPT-4 to generate code to analyze git diffs between vulnerable and patched versions of OTP, explain the vulnerability, and generate Python code to exploit it. He then used Cursor + Claude 3.7 Sonnet to debug and fix issues in the initial PoC (prompt: “Fix the PoC code?” 😂).

“This opens up some serious questions about how quickly AI can assist in vulnerability research — or even automate entire chunks of it. We’re watching a new era of security tooling come to life… A few years ago, this process would have required specialized Erlang knowledge and hours of manual debugging. Today, it took an afternoon with the right prompts.”

Misc

Misc

• Trying (and Failing) to hack DEF CON’s Wall of Sheep

• Crosswalk buttons in various US cities were hijacked to emit the AI-spoofed voices of Jeff Bezos, Elon Musk, and Mark Zuckerberg.

• Never Take a Dependency on Elon Musk: Grok API Edition

• An impressively detailed historical accounting of how the story of Atlantis came to be.

• Ali Abdaal – How to Get Rich – Basically everyone Ali knows who is rich is “obsessed with money.” If you want top 1% outcomes, expect to put in top 1% efforts (e.g. professional athletes), in terms of doing the work and content consumption.

Music

• I Analyzed Chord Progressions in 680k Songs

• Jacob Collier & Chris Martin – Fix You (Live from the O2 Arena) – Jacob conducting the audience is 😭 This analysis of Jacob’s Audience Choir evolution is super cool too.

Relationships

• HealthyGamerGG – Why Breakups Feel Harder For Men

• School of Life – How to Work Out the Emotional Maturity of Prospective Partners

• A dad doing yard work while his kid in a backpack giggles 🥹

Politics

• JUICYJAM: How Thai Authorities Use Online Doxxing to Suppress Dissent – Great work by Citizen Lab.

• I’m not going to lie, hearing these interviews with people attending another political party’s rally and being super open to listening and constructively collaborating to make America better, warmed my heart and made me hopeful.

• A deadly E. coli outbreak hit 15 states, but the FDA chose not to publicize it. “Much of the staff responsible for developing and distributing information to the public about foodborne illnesses was terminated this month.”

• DOGE is building a ‘master database’ of Americans’ sensitive information, combining IRS, Social Security Administration, voting records, and more. If you want to target some groups, it’s nice to have all the info in one place. At least they’re doing such a good job at securing all the data they’re gathering…

• Oh wait! Whistleblower details how DOGE may have taken sensitive NLRB data – “Within minutes after DOGE accessed the NLRB’s systems, someone with an IP address in Russia started trying to log in. The attempts were ‘near real-time.’ Whoever was attempting to log in was using one of the newly created DOGE accounts — and the person had the correct username and password.”

  • The NLRB has sensitive information on unions, ongoing legal cases and corporate secrets — data that four labor law experts said should almost never leave the NLRB and have nothing to do with making the government more efficient or cutting spending.

  • So a team hired by Musk likely gained access to info about the cases against his companies.

  • Also, the DOGE team actively took steps to cover their tracks, turning off monitoring tools and manually deleting records of their access. Hiding something? 🤔 

  • More from Krebs on Security.

✉️ Wrapping Up

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I’d really appreciate if you’d forward it to them 🙏

Thanks for reading!

Cheers,
Clint
@clintgibler