[tl;dr sec] #282 – Weaponizing Dependabot, Ultimate Guide to JWT Vulnerabilities, Multi-Agent Automated Vulnerability Discovery

First, thank you everyone who shared questions/prompts, I’ve added them to my birthday reflections doc  

There are a number of things in my backlog, but I hope to make progress in writing it over the next few weeks.

In other news- if you’ve ever wondered about the kind of fancy life I lead behind writing this newsletter, I have a new anecdote for you.

Recently my bathroom sink started not draining very well.

I’ve been too busy to get it fixed, so instead, this week I went to my kitchen sink, hoisted and rotated a standing mirror, and balanced it behind the faucet. And then I took a knee, and shaved there  

I didn’t choose the bougie life, the bougie life chose me.

P.S. I had an awesome chat with Alastair about Harmonic Security, check it out!  

Learn how enterprises are really using GenAI (and why policies alone aren’t enough to keep data safe). I recently spoke with Alastair Paterson, CEO and co-founder of Harmonic Security. In this video, we explored real examples of risky AI use, discussed why traditional DLP tools often fall short, and showcased Harmonic’s enables real-time, context-aware protection without slowing teams down. If security teams are going to embrace AI adoption, these are exactly the kind of controls they need. 

Passkeys for Normal People
Troy Hunt provides a nice non technical overview of what passkeys are, and how to set them up across WhatsApp, LinkedIn, and Ubiquiti, using 1Password or a YubiKey.

The Ultimate Guide to JWT Vulnerabilities and Attacks (with Exploitation Examples)
Friend of the newsletter Louis Nyffenegger provides a comprehensive guide to JWT vulnerabilities and attacks, covering issues like failing to verify the signature, using the none algorithm, weak secrets (e.g. weak HMAC keys), algorithm confusion (RSA to HMAC), key ID injection, embedded JSON Web Key, and more. The post walks through exploitation and mitigations for each, and links to PentesterLab exercises for hands-on practice. Nice!

This Is the Future Apple Should Already Be Shipping
Jamweba proposes a lightweight, architecture-level solution, Bytebox Pre-Isolation, aimed at preventing media parsing vulnerabilities by instead of allowing decoders to receive untrusted input directly, introducing a new first responder: a byte-level structural validator that verifies syntax and form before the decoder ever sees the file.  

I love to see proposals for ways we can eliminate classes of vulnerabilities.

Authentication isn’t just login. It’s building secure flows, session management, token handling, and protecting user data. AuthKit provides a fully hosted, customizable UI for sign-up, password resets, MFA, and seamless SSO — ready for production on day one.

But authentication alone doesn’t stop attacks. WorkOS Radar adds real-time threat prevention, detecting brute force attempts, leaked credentials, free trial abuse, and more. Built-in protections can be enabled instantly — no scripts or custom logic required.

Build secure, scalable authentication from the start with AuthKit and WorkOS Radar.

Getting authentication right from scratch can be pretty messy, and protecting against bots, fraud, and abuse could be like a whole team’s job. Saving future you work is  

CloudTrail Logging Evasion: Where Policy Size Matters
Permiso’s Abian Morina describes how differences in how AWS handles IAM policy size at different points (sometimes counting whitespace, sometimes not) could potentially allow attackers to create IAM policies that cause the CloudTrail logs to omit valuable detection info, instead having the requestParameters property contain reason:”requestParameters too large” and omitted:true . This could potentially lead to detections failing to fire on malicious events.

ProxyBlobing into your network
Quarkslab’s Alexandre Nesic presents ProxyBlob, a reverse SOCKS5 proxy that uses Azure Blob Storage for communication, allowing attackers to bypass network restrictions and access internal networks. The tool supports TCP/UDP/IPv6 and offers features like multiple agent management and local proxy execution.

See also airbus-seclab/soxy, a suite of services (SOCKS, FTP, shell, etc.) over Citrix, VMware Horizon and native Windows RDP virtual channels.

Do not run any Cargo commands on untrusted projects
Sergey “Shnatsel” Davidoff describes how any command starting with cargo can run arbitrary code when operating on an untrusted repository, and should be treated the same as cargo run. For example, a malicious repo could redefine the path to the Rust compiler in .cargo/config.toml to a malicious executable.

This also affects Rust plugins like cargo crev and cargo audit, which is dangerous as you generally don’t expect security checks to accidentally lead to arbitrary code execution (unless you’re running a network security device ).

Weaponizing Dependabot: Pwn Request at its finest
BoostSecurity describes how attackers can exploit Dependabot and other GitHub bots through Confused Deputy attacks to merge malicious code, potentially escalating to full command injection via crafted branch names and even bypassing branch protection rules. The post describes two novel techniques: the “Merge Conflict Tango” (an attacker can rename Dependabot’s branch without breaking its connection to it) and the “@dependabot merge Shuffle with a custom default branch.”

Key insight: github.actor does not always refer to the actual creator of the Pull Request, it’s the user who caused the latest event that triggered the workflow.

BoostSecurity’s build pipeline static analysis scanner poutine has a new rule for these vulnerabilities, and for hands-on practice, see this challenge from the purposefully vulnerable MessyPoutine GitHub org.

This is some detailed GitHub Action security wizardry. Nice  

Detection Pitfalls You Might Be Sleeping On
Daniel Koifman highlights five common detection pitfalls that allow threats to bypass even well-written rules: parameter variation in PowerShell flags, command redirection and chaining, double space issues in command lines, various obfuscation techniques, and unaudited commands, providing practical detection tips for each.

Detection-In-Depth
Day Johnson discusses the concept of detection-in-depth, an evolution of defense-in-depth that focuses on creating layered, overlapping detection strategies to minimize blind spots across systems, identities, networks, and applications. He emphasizes the importance of precision through environment baselining, customizing out-of-the-box detections, and continuous refinement. Day also highlights the importance of validating detections work, improving visibility, detecting across the kill chain, and more.

Mark Your Calendar: APT41 Innovative Tactics
Google Threat Intelligence Group’s Patrick Whitsell describes APT41 (PRC based actor) using a malware called TOUGHPROGRESS that leverages Google Calendar for C2. Once executed, TOUGHPROGRESS creates a zero minute Calendar event at a hardcoded date with data collected from the compromised host being encrypted and written in the Calendar event description. The operator then places encrypted commands to run in Calendar events on other hardcoded dates. Pretty neat!

This isn’t the first nor the last time we’ll be seeing classes (not just instances) of security issues in vibe coded apps.

The post outlines an Agentic AI Attack Chain with specialized AI agents for each attack stage (reconnaissance, initial access, execution, persistence, defense evasion, discovery, exfiltration) that can autonomously adapt tactics in real-time.

Nice discussion of what an agentic workflow might look like for each attack stage.

Argusee: A Multi-Agent Collaborative Architecture for Automated Vulnerability Discovery
DARKNAVY describes Argusee, a multi-agent collaborative architecture for automated vulnerability discovery that simulates human security team dynamics. Unlike single-agent tools, Argusee uses Manager (interacts with the user, understands the analysis at a macro level, dispatches tasks), Auditor (analyzes smaller code snippets for vulnerabilities), and Checker (reviews results and reduces false positives/negatives) agents to decompose and analyze code.

On single-file test cases from META CyberSecEval 2, Argusee got 100% accuracy on test cases for categories like Buffer Overflow. Arguesee found 15 previously unknown security flaws in real world open source projects like GPAC and GIFLIB, and found a vulnerability in the Linux Kernel USB protocol stack.

This is cool work, and a great example of the value of having a multi-agent architecture. It would have been nice if they also included additional info about the evaluation, like:

• How much money did each run cost?

• Which models were used?

• How reliably did Argusee find the same bugs? What was the true positive vs false positive vs false negative rates on different runs?

  • As we saw from Sean Heelan’s post last week, o3 was able to find an 0day in the Linux kernel’s SMB implementation but at a 8% TP, 66% FN, 28% FP rate.

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

If you find this newsletter useful and know other people who would too, I’d really appreciate if you’d forward it to them