How to scan container images with Trivy and Wazuh

It's #LastWeekInAppSec time! 🐍 #Authlib, a popular #Python library for implementing #OAuth and #OpenID (remember that?) servers, has a pair of vulnerabilities (CVE-2025-61920, CVE-2025-59420; both CVSSv3=7.5) in it’s handling of JOSE and #JWS tokens. CVE-2025-61920 is a recent disclosure which has renewed interest in CVE-2025-59420, disclosed earlier this year. These issues allow attackers to bypass certain security-relevant header chcecks, resulting in #DenialOfService attacks and policy bypass. In some cases, this allows for #PrivilegeEscalation. Patches for both are available starting in Authlib 1.6.5. 🍃 Spring Framework has a #vulnerability (CVE-2025-41254, CVSS=4.3) in its global and automatic anti-CSRF mechanisms. This vulnerability allows endpoints using the STOMP protocol over WebSockets to be vulnerable to CSRF attacks (CVE-352). Attackers can send STOMP messages that should be rejected, but are not, allowing impersonation of users. Many affected versions (5.3.0–5.3.45, 6.0.0–6.0.29, 6.1.0–6.1.23, 6.2.0–6.2.11), see the advisory for upgrade details. See https://lnkd.in/g3xi6s_2 for deeper analysis including mitigation steps and how to tell if you're impacted. #AppSec #VulnManagement #CyberSecurity #SupplyChainSecurity

I recently built a proof-of-concept to see how modern Zero Trust principles could be applied to a traditional Active Directory environment. Traditional AD security can be static and policy-driven. My goal was to test whether a more dynamic, risk-based model could be layered on top using lightweight tools. This PoC demonstrates a potential workflow: ➡️ PowerShell scripts tail AD security logs for real-time authentication events. ➡️ A Python (Flask) backend ingests these logs and calculates a risk score based on context (like user role and IP address). ➡️ If the risk is high, an automated PowerShell response script is triggered to simulate an action, like adding a user to an MFA group. The intent wasn’t to build a production solution but to explore architecture, automation, and the operational friction points of integrating live risk analysis with core identity infrastructure. It turned into a valuable exercise in combining monitoring, analytics, and response into a simple feedback loop. All documentation, scripts, and setup notes are on GitHub: 🔗 https://lnkd.in/dyGRaf6M For Detailed Explanation, Make sure to check out the article on medium: 🔗https://lnkd.in/dBYzrqbw #ZeroTrust #Cybersecurity #ActiveDirectory #InfoSec #Python #PowerShell #ProofOfConcept #LearnInPublic

What truly sets Docker Hardened Images apart is our hardening approach. Every image is built directly from source, patched continuously from upstream, and hardened by stripping away unnecessary components. This minimal approach not only reduces the attack surface but also delivers some of the smallest images available, up to 95% smaller than alternatives. Each image also includes VEX (Vulnerability Exploitability eXchange) support, helping teams cut through noise and focus only on vulnerabilities that truly matter. #Docker #Security #HardenedImages https://lnkd.in/gwEP5unC

Critical LangChainGo Vulnerability Let Attackers Access Sensitive Files by Injecting Malicious Prompts A high-severity vulnerability was identified in LangChainGo, the Go implementation of the popular LLM orchestration framework LangChain. Tracked as CVE-2025-9556, this flaw allows unauthenticated attackers to perform arbitrary file reads through maliciously crafted prompt templates, effectively exposing sensitive server files without requiring direct system access. Stay connected for industry’s latest content – Follow Dr. Aryendra Dalal #linkedin #cybersecurity #technologycontrols #infosec #informationsecurity #GenAi #linkedintopvoices #cybersecurityawareness #innovation #techindustry #cyber #birminghamtech #cybersecurity #fintech #careerintech #handsworth #communitysupport #womenintech #technology #security #cloud #infosec #riskassessment #informationsecurity #auditmanagement #informationprotection #securityaudit #cyberrisks #cybersecurity #security #cloudsecurity #trends #grc #leadership #socialmedia #digitization #cyberrisk #education #Hacking #privacy #datasecurity #passwordmanagement #identitytheft #phishingemails #holidayseason #bankfraud #personalinformation #creditfraud #CyberSecurity #InfoSec #DataProtection #PrivacyMatters #CyberAwareness #ThreatIntelligence #NetworkSecurity #EthicalHacking #CyberResilience #DigitalSafety #CyberSec #DigitalTransformation #ITSecurity #OnlineSecurity #SecureSystems #TechForGood #RiskManagement #CyberDefense #SecurityExperts #HackingCommunity https://lnkd.in/etS7NkPN

✅ Web Security Academy Lab Solved — SQL Injection → PostgreSQL Fingerprinting → Credential Dump Just completed a lab demonstrating a full SQL injection exploit chain — from infrastructure fingerprinting to credential exfiltration. Exploit Summary: The application was vulnerable to SQL injection via a category filter. After confirming the query had two columns using ' ORDER BY 2--, I used UNION SELECT to: Leak the database version (PostgreSQL) Enumerate table names via information_schema.tables Enumerate column names via information_schema.columns Extract credentials from the users_gvnjaa table Final payload: ' UNION SELECT username_orvcrz, password_ufizzy FROM users_gvnjaa--   Impact: This confirmed the backend was running PostgreSQL and allowed full credential disclosure — including the administrator login. Skills Applied: SQL injection payload crafting PostgreSQL-specific enumeration Manual testing with Burp Suite Tactical debugging of syntax and column alignment Credential extraction and authentication bypass One step closer to chaining SQLi with privilege escalation and targeted exploit development. #BugBounty #WebSecurityAcademy #SQLInjection #PostgreSQL #CyberSecurity #CTF #Infosec #LearningByDoing #CredentialDump

If true, this just killed Rust. Someone demonstrated that adding a single line to cargo.toml to add a dependency, an almost necessary thing in Rust, causes a by-design, no-further-touch, remote arbitrary code execution. I am aware of projects that have hundreds of dependencies (think 500+) which point to existing packages (also known as “crates”) that reside somewhere on the Internet and are vulnerable to malicious patches that unsuspecting consumers may eventually download. This is a common (and somewhat understood) risk that requires a secure supply chain. However, how can you be sure? Some deliberate vulnerabilities injected in source form can be very subtle and escape all but expert eyes, but at least this one is not: it instantly runs whatever the attacker wants under your credentials without asking. If this feature happens to be real, it means that any crate could one day inject arbitrary code performing any arbitrary action on your secure build servers, injecting backdoors or anything else that no one has ever seen into your code, ending up straight in production-signed binaries, which will later run with a high level of trust on your secure production servers 🫣 This also means that any developer having ever worked on any project containing a compromised dependency, even simply built a Hello World of some random thing to test the water, just once someday, could be infected by effectively zero-click exploits that ran on their machine, real or virtual, with their corporate credentials and full access to the company’s source code tree, as well as whathever network resources they have access to. Cool 😎 CTOs and CISOs, let me know if you need help fathoming the potential consequences. Digging a little deeper into Rust’s build system’s by-design vulnerabilities, it appears that build.rs can also be used to run arbitrary code during ‘cargo build’ and ‘cargo run’, or that the supply chain can be compromised through hacks in cargo.lock, causing the build system to silently include the wrong package, i.e., a malicious dependency like the one described above. A savvy attacker can therefore inject backdoors or a data exfiltration facility in the code being built, that may end up dormant in production-signed binaries on your most secure server already, as well as on any of your developers’ machines. This is wild, if you think about it for a minute. It’s like playing Russian Roulette with six bullets in the cylinder, as it’s literally unlikely it wasn’t exploited already. The solutions are zero external dependencies, but then the RAD value-prop of a rich ecosystem dwindles as you’d have to write everything yourself, or an expertly reviewed secure supply chain that inspects every crate every time they are retrieved and ultra-strict discipline now and forever, a costly and risky liability if you ask me. The video (a live demo showing arbitrary remote code execution) is in French, but you’ll understand. https://lnkd.in/gnp7MTzh #rust

🛡️ File Security Architecture: Protecting Sensitive Data in Web Applications Just shared a deep dive into one of the most common yet dangerous vulnerabilities in web applications: insecure file distribution. The Problem: Direct file URLs bypass application security controls. One shared link = unlimited access to confidential documents. The Solution: Implementing proper authorization patterns before file delivery. The article includes practical Rails/Active Storage implementations, but the architectural principles apply to any stack. Here it is: https://lnkd.in/dkekpSAQ #CyberSecurity #SoftwareArchitecture #TechLeadership #Rails #CloudSecurity

How can a simple file upload lead to Remote Code Execution? I just published a step-by-step breakdown of CVE-2025-10763, detailing the process from finding the vulnerability to achieving RCE. Read the full writeup here: https://lnkd.in/djXCVBsS #cybersecurity #rce #websecurity #vulnerability #cve

GitLab has disclosed multiple high-severity Denial-of-Service (DoS) vulnerabilities that could allow unauthenticated attackers to crash self-managed GitLab instances. These flaws impact Community Edition (CE) and Enterprise Edition (EE) versions prior to 18.4.1, 18.3.3, and 18.2.7, and exploit both HTTP endpoints and GraphQL APIs. Administrators must upgrade immediately to prevent service interruptions and potential data loss. Stay connected to Anuj Arora for content related to Cybersecurity.   #LinkedIn #Cybersecurity #Cloudsecurity #AWS #GoogleCloud #Trends #informationprotection #Cyberthreats #CEH #ethicalhacker #hacking #cloudsecurity #productmanagement #cybersecurity #appsec #devsecops #Cloudstrategy #cloudgovernance #ITIL #Azure #Datasecurity      https://lnkd.in/gyUYGrMu                                                                             

Our security team uncovered a malicious #PyPI package called #SoopSocks, which disguises itself as a SOCKS5 proxy but behaves like a backdoor. Our research revealed that it installs persistence via Windows services and scheduled tasks, modifies firewall rules, silently executes PowerShell with UAC bypass, and exfiltrates host and network data to a hardcoded Discord webhook every 30 seconds. It evolved from a #Python module to a Go executable with hidden deployment scripts, enabling attackers to proxy traffic, anonymize connections, and perform stealthy reconnaissance. SoopSocks was removed from PyPI on September 29 after our disclosure. Read our full technical deep dive, including dynamic analysis, IOCs, and remediation steps here: https://bit.ly/4gR2cWz