• tl;dr sec
  • Posts
  • [tl;dr sec] #282 - Weaponizing Dependabot, Ultimate Guide to JWT Vulnerabilities, Multi-Agent Automated Vulnerability Discovery

[tl;dr sec] #282 - Weaponizing Dependabot, Ultimate Guide to JWT Vulnerabilities, Multi-Agent Automated Vulnerability Discovery

Using Dependabot to merge malicious code and bypass branch protections, JWT attack guide with mitigations and labs, AI agents found a new Linux Kernel USB protocol stack vulnerability

Hey there,

I hope you’ve been doing well!

🪒 Fancy Lyfe

First, thank you everyone who shared questions/prompts, I’ve added them to my birthday reflections doc 🙏 

There are a number of things in my backlog, but I hope to make progress in writing it over the next few weeks.

In other news- if you’ve ever wondered about the kind of fancy life I lead behind writing this newsletter, I have a new anecdote for you.

Recently my bathroom sink started not draining very well.

I’ve been too busy to get it fixed, so instead, this week I went to my kitchen sink, hoisted and rotated a standing mirror, and balanced it behind the faucet. And then I took a knee, and shaved there 😂 

I didn’t choose the bougie life, the bougie life chose me.

P.S. I had an awesome chat with Alastair about Harmonic Security, check it out! 👇️ 

Sponsor

📣 How to Stop Leaking your Sensitive IP to AI Providers with Harmonic Security

Learn how enterprises are really using GenAI (and why policies alone aren’t enough to keep data safe). I recently spoke with Alastair Paterson, CEO and co-founder of Harmonic Security. In this video, we explored real examples of risky AI use, discussed why traditional DLP tools often fall short, and showcased Harmonic’s enables real-time, context-aware protection without slowing teams down. If security teams are going to embrace AI adoption, these are exactly the kind of controls they need. 

AppSec

Passkeys for Normal People
Troy Hunt provides a nice non technical overview of what passkeys are, and how to set them up across WhatsApp, LinkedIn, and Ubiquiti, using 1Password or a YubiKey.

The Ultimate Guide to JWT Vulnerabilities and Attacks (with Exploitation Examples)
Friend of the newsletter Louis Nyffenegger provides a comprehensive guide to JWT vulnerabilities and attacks, covering issues like failing to verify the signature, using the none algorithm, weak secrets (e.g. weak HMAC keys), algorithm confusion (RSA to HMAC), key ID injection, embedded JSON Web Key, and more. The post walks through exploitation and mitigations for each, and links to PentesterLab exercises for hands-on practice. Nice!

This Is the Future Apple Should Already Be Shipping
Jamweba proposes a lightweight, architecture-level solution, Bytebox Pre-Isolation, aimed at preventing media parsing vulnerabilities by instead of allowing decoders to receive untrusted input directly, introducing a new first responder: a byte-level structural validator that verifies syntax and form before the decoder ever sees the file.  

💡 I love to see proposals for ways we can eliminate classes of vulnerabilities.

Sponsor

📣 WorkOS AuthKit + Radar: Authentication with Real-Time Threat Protection

Authentication isn’t just login. It’s building secure flows, session management, token handling, and protecting user data. AuthKit provides a fully hosted, customizable UI for sign-up, password resets, MFA, and seamless SSO — ready for production on day one.

But authentication alone doesn’t stop attacks. WorkOS Radar adds real-time threat prevention, detecting brute force attempts, leaked credentials, free trial abuse, and more. Built-in protections can be enabled instantly — no scripts or custom logic required.

Build secure, scalable authentication from the start with AuthKit and WorkOS Radar.

Getting authentication right from scratch can be pretty messy, and protecting against bots, fraud, and abuse could be like a whole team’s job. Saving future you work is 👌 

Cloud Security

michaelthomasletts/boto3-refresh-session
By Mike Letts: A simple Python package for refreshing AWS temporary credentials in boto3 automatically.

Ask CloudSecList
Marco Lancini has created a page where you can ask a question and AI will search through 6+ years of CloudSecList newsletters and CloudSecDocs articles to answer it, so you don’t have to scroll through old issues. Love it!

Application security at re:Inforce 2025
Blog post with an overview of the AppSec related talks and breakout sessions at re:Inforce. See also:

CloudTrail Logging Evasion: Where Policy Size Matters
Permiso’s Abian Morina describes how differences in how AWS handles IAM policy size at different points (sometimes counting whitespace, sometimes not) could potentially allow attackers to create IAM policies that cause the CloudTrail logs to omit valuable detection info, instead having the requestParameters property contain reason:”requestParameters too large” and omitted:true . This could potentially lead to detections failing to fire on malicious events.

ProxyBlobing into your network
Quarkslab’s Alexandre Nesic presents ProxyBlob, a reverse SOCKS5 proxy that uses Azure Blob Storage for communication, allowing attackers to bypass network restrictions and access internal networks. The tool supports TCP/UDP/IPv6 and offers features like multiple agent management and local proxy execution.

See also airbus-seclab/soxy, a suite of services (SOCKS, FTP, shell, etc.) over Citrix, VMware Horizon and native Windows RDP virtual channels.

Supply Chain

Do not run any Cargo commands on untrusted projects
Sergey "Shnatsel" Davidoff describes how any command starting with cargo can run arbitrary code when operating on an untrusted repository, and should be treated the same as cargo run. For example, a malicious repo could redefine the path to the Rust compiler in .cargo/config.toml to a malicious executable.

This also affects Rust plugins like cargo crev and cargo audit, which is dangerous as you generally don’t expect security checks to accidentally lead to arbitrary code execution (unless you’re running a network security device 🙃 ).

Weaponizing Dependabot: Pwn Request at its finest
BoostSecurity describes how attackers can exploit Dependabot and other GitHub bots through Confused Deputy attacks to merge malicious code, potentially escalating to full command injection via crafted branch names and even bypassing branch protection rules. The post describes two novel techniques: the "Merge Conflict Tango" (an attacker can rename Dependabot’s branch without breaking its connection to it) and the "@dependabot merge Shuffle with a custom default branch."

Key insight: github.actor does not always refer to the actual creator of the Pull Request, it's the user who caused the latest event that triggered the workflow.

BoostSecurity’s build pipeline static analysis scanner poutine has a new rule for these vulnerabilities, and for hands-on practice, see this challenge from the purposefully vulnerable MessyPoutine GitHub org.

💡 This is some detailed GitHub Action security wizardry. Nice 👌 

Blue Team

Detection Pitfalls You Might Be Sleeping On
Daniel Koifman highlights five common detection pitfalls that allow threats to bypass even well-written rules: parameter variation in PowerShell flags, command redirection and chaining, double space issues in command lines, various obfuscation techniques, and unaudited commands, providing practical detection tips for each.

Detection-In-Depth
Day Johnson discusses the concept of detection-in-depth, an evolution of defense-in-depth that focuses on creating layered, overlapping detection strategies to minimize blind spots across systems, identities, networks, and applications. He emphasizes the importance of precision through environment baselining, customizing out-of-the-box detections, and continuous refinement. Day also highlights the importance of validating detections work, improving visibility, detecting across the kill chain, and more.

Mark Your Calendar: APT41 Innovative Tactics
Google Threat Intelligence Group’s Patrick Whitsell describes APT41 (PRC based actor) using a malware called TOUGHPROGRESS that leverages Google Calendar for C2. Once executed, TOUGHPROGRESS creates a zero minute Calendar event at a hardcoded date with data collected from the compromised host being encrypted and written in the Calendar event description. The operator then places encrypted commands to run in Calendar events on other hardcoded dates. Pretty neat!

Red Team

Octoberfest7/zip_smuggling
By Alex Reid: A Python3 utility for creating zip files that smuggle additional data for later extraction.

Hypervisors for Memory Introspection and Reverse Engineering
memN0ps discusses the design and implementation of two Rust-based hypervisors for memory introspection and reverse engineering on Windows: illusion-rs, a UEFI-based hypervisor, and matrix-rs, a Windows kernel driver-based hypervisor. Both leverage Extended Page Tables (EPT) to implement stealthy control flow redirection without modifying guest memory.

Stealth Syscall Execution: Bypassing ETW, Sysmon, and EDR Detection
Post by DarkRelay Security Labs describing advanced techniques for evading EDR detection (with relevant code snippets), including: heap-based encrypted indirect syscalls, hardware breakpoint spoofing, syscall obfuscation with runtime encryption, true stack spoofing via vectored exception handling, and stealthily disabling ETW logging.

AI + Security

The hottest new vibe coding startup may be a sitting duck for hackers
Replit employee Matt Palmer found a vulnerability in a Lovable-created website (Lovable is a Replit competitor), and then did a survey of other Lovable apps and found that many lack row level security (RLS) policies. Misaligned RLS policies between the client-side logic and backend enforcement can allow attackers to bypass frontend controls and directly access or modify data. See Matt’s post for more technical details.

💡 This isn’t the first nor the last time we’ll be seeing classes (not just instances) of security issues in vibe coded apps.

Unit 42 Develops Agentic AI Attack Framework
Palo Alto Networks’ Sam Rubin describes how Unit 42 researchers were able to simulate a ransomware attack how Agentic AI can dramatically accelerate cyberattacks, simulating a full ransomware attack (from initial compromise to data exfiltration) in just 25 minutes, a 100X speed increase from the two day mean time to exfiltrate data from the Unit 42 2025 Global Incident Response Report.

The post outlines an Agentic AI Attack Chain with specialized AI agents for each attack stage (reconnaissance, initial access, execution, persistence, defense evasion, discovery, exfiltration) that can autonomously adapt tactics in real-time.

💡 Nice discussion of what an agentic workflow might look like for each attack stage.

Argusee: A Multi-Agent Collaborative Architecture for Automated Vulnerability Discovery
DARKNAVY describes Argusee, a multi-agent collaborative architecture for automated vulnerability discovery that simulates human security team dynamics. Unlike single-agent tools, Argusee uses Manager (interacts with the user, understands the analysis at a macro level, dispatches tasks), Auditor (analyzes smaller code snippets for vulnerabilities), and Checker (reviews results and reduces false positives/negatives) agents to decompose and analyze code.

On single-file test cases from META CyberSecEval 2, Argusee got 100% accuracy on test cases for categories like Buffer Overflow. Arguesee found 15 previously unknown security flaws in real world open source projects like GPAC and GIFLIB, and found a vulnerability in the Linux Kernel USB protocol stack.

💡 This is cool work, and a great example of the value of having a multi-agent architecture. It would have been nice if they also included additional info about the evaluation, like:

  • How much money did each run cost?

  • Which models were used?

  • How reliably did Argusee find the same bugs? What was the true positive vs false positive vs false negative rates on different runs?

    • As we saw from Sean Heelan’s post last week, o3 was able to find an 0day in the Linux kernel’s SMB implementation but at a 8% TP, 66% FN, 28% FP rate.

Misc

Feelz

AI

Misc

✉️ Wrapping Up

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I'd really appreciate if you'd forward it to them 🙏

Thanks for reading!

Cheers,
Clint
@clintgibler