Issue #6 - AppSec Weekly 🛡️

Your go-to source for the latest in application security trends, tools, and insights!

Author

Shiva
February 23, 2025

AppSec Weekly

đź“° TLDR AppSec Weekly đź“°

This week’s security insights expose the fragility of modern defenses—Palantir refines threat modeling to preempt software flaws, while LLM Backdoor and Indiana Jones jailbreak techniques reveal AI’s susceptibility to manipulation. Meanwhile, Passkey Raider targets authentication vulnerabilities, and an XSS flaw in EqualWeb’s AI-powered dictionary underscores the risks of insecure web libraries. From AI subversion to passkey exploits, these findings push the boundaries of offensive security and software resilience.

🌶️ This Week in AppSec World 🌶️

A security researcher discovered that Eight Sleep beds expose an SSH backdoor, allowing all company engineers to remotely access customer devices without formal code review. Additionally, an exposed AWS key could have been exploited to rack up massive bills or manipulate customer data. Concerned about security and privacy risks, the researcher replaced the smart bed with a simple aquarium chiller for temperature control, avoiding unnecessary IoT connectivity and subscriptions.

Decompilation, Exploits, and Reverse Engineering: A Hacker’s Chronicle

Security researcher mahaloz explores advancements in decompilation, highlighting a 2024 resurgence in research and ongoing challenges like structuring problems. Past work includes reversing foreign architectures, exploiting Netgear RAX routers (CVE-2023-24749), and uncovering vulnerabilities in game engines and embedded systems. The blog provides deep technical insights into reversing, hacking, and exploitation.

Palantir integrates formal threat modeling into its software development lifecycle to identify risks early and ensure products are secure by design. By requiring product teams to create initial threat models and collaborate with AppSec using tools like OWASP Threat Dragon, Palantir streamlines risk mitigation and fosters a security-first culture. This structured approach helps eliminate entire vulnerability classes, ensuring security remains a shared responsibility across engineering teams.

A critical XSS vulnerability was found in EqualWeb’s Web Accessibility Library, impacting major companies using its AI-powered dictionary feature. The flaw allows cross-origin attacks via postMessage, enabling attackers to exfiltrate cookies and perform account takeovers. Despite its severity, some bug bounty programs undervalued the impact, awarding only $200. The issue persists in certain implementations due to inadequate server-side fixes, leaving room for further exploitation, including CSS and keystroke injection.

Security researchers discovered a bypass in DOMPurify 3.2.3 (CVE-2025-26791) due to a discrepancy between how the library and browsers interpret HTML comments. The issue arises from DOMPurify failing to properly handle <! ... > comments, allowing attackers to inject XSS payloads inside <style> tags. This highlights the risk of security libraries and browsers having differing parsing behaviors.

🤖 This Week in AI Security 🤖

Researchers from the University of New South Wales and Nanyang Technological University introduced Indiana Jones, a novel jailbreak technique that manipulates LLMs into revealing restricted content. The method iteratively refines prompts using multiple AI agents, bypassing existing safeguards. Their findings expose weaknesses in current LLM security models, emphasizing the need for advanced filtering mechanisms and potential “machine unlearning” techniques to mitigate risks. Future research aims to enhance model resilience while preserving adaptability.

The LLM Backdoor project by sshh12 introduces experimental techniques to manipulate large language models by modifying system prompts at the raw parameter level. This method enables undetectable prompt injections, potentially bypassing LLM-based security measures and moderation systems. The backdoor alters the first processing layer, subtly modifying the model’s hidden states while maintaining near-identical performance. A demo model, badseek-v2, showcases this capability by injecting predefined references into generated code. This research highlights critical security implications for LLM integrity and defenses against adversarial manipulations.

🏆 AppSec Tools of The Week 🏆

Passkey Raider is a Burp Suite extension designed for in-depth security testing of Passkey authentication systems. It provides automated functionality to decode, manipulate, and replace Passkey components in HTTP requests, facilitating security assessments of registration and authentication flows. Key features include regex-based extraction of Passkey data, encoding support (URL-encoded, Base64, Base64URL), automated key pair generation, and request highlighting within Burp Suite. With integrations for major platforms like GitHub, Facebook, and Cloudflare, Passkey Raider streamlines penetration testing and vulnerability research in Passkey-based authentication systems.

And that’s a wrap for this week! If you enjoy this curated issue, feel free to forward or share it with your appsec folks, team, hackerclub. For feedback, hugs, bugs or chats drop an email to [email protected]