📰 TLDR AppSec Weekly 📰

This week’s security roundup highlights breakthroughs in AI security, software supply chains, and static analysis—from memory-safe standards and open-source vulnerability detection to LLM-powered document ranking and AI supply chain threats. Google, DeepSource, and ReversingLabs are driving security innovation with secure-by-design frameworks, open-source static analysis, and ML threat detection. Meanwhile, Code-Pathfinder is emerging as an OSS alternative to CodeQL, SubImage is enabling graph-based attack surface mapping, and Truffle Security is exposing secrets in LLM training data. With AI-driven threat modeling, tree-sitter-based analysis, and advanced supply chain security, these developments showcase the next frontier in cybersecurity defense.

🌶️ This Week in AppSec World 🌶️

How to gain code execution on millions of people and hundreds of popular apps

A researcher discovered critical RCE via the deployment pipeline of ToDesktop, an Electron app bundler used by major apps like Cursor, ClickUp, Linear, and Notion Calendar. By exploiting a postinstall script, they gained access to sensitive secrets, allowing them to push malicious auto-updates to all ToDesktop-managed apps. The issue was quickly fixed after disclosure, with Cursor awarding $50K for the find.

Speedrunners are vulnerability researchers, they just don't know it yet

Speedrunners unknowingly apply vulnerability research techniques when exploiting glitches to break games. Many use reverse engineering tools like Ghidra, IDA Pro, and Cheat Engine, unknowingly replicating heap exploits, UAFs, and memory corruption techniques. Zetier highlights how these glitch hunters have industry-ready skills and encourages them to transition into paid vulnerability research roles—turning their passion into a career.

A Deep Dive into JS Trusted Types Violations

Google shares a deep dive into Trusted Types violations, detailing how they secured Gmail and AppSheet against DOM-based XSS. The team leveraged static analysis, runtime debugging, and developer-friendly tooling to refactor violations, ultimately achieving zero reported DOM XSS post-rollout. They also introduced safety-web, an open-source Trusted Types scanning tool, and a Chrome extension to help developers harden web apps against XSS.

Cross-Site Requests

One of my favourite all time topic, a deep dive into CSRF, CORS, and the Same-Origin Policy, explaining why cross-site requests are both allowed and restricted depending on context. The post explores how browsers enforce security through mechanisms like SameSite cookies, CSRF tokens, and CORS preflight requests, highlighting gaps in legacy behavior and inconsistent browser adoption. The takeaway: web security depends heavily on browser enforcement, and full adoption of SameSite=Lax will make the internet safer but less backward-compatible.

Do you know this common Go Vulnerability?

Malicious PyPI Package Exploits Deezer API for Coordinated Music Piracy

Socket researchers uncovered a malicious PyPI package, automslc, abusing Deezer’s API to enable coordinated music piracy. The package, downloaded over 100,000 times, used hardcoded credentials and a C2 server to automate unauthorized track downloads, violating API terms and licensing restrictions. The discovery underscores supply chain security risks in open-source ecosystems, reinforcing the need for automated dependency scanning and monitoring to detect malicious packages before widespread adoption.

Securing tomorrow's software: the need for memory safety standards

Google is advocating for memory safety standardization to eliminate an entire class of vulnerabilities that have plagued software for decades. They propose a technology-neutral framework to assess and incentivize memory-safe software, encouraging the adoption of Rust, safer C++ subsets, and hardware-based protections like CHERI and MTE. By establishing clear, measurable security criteria, this initiative aims to drive industry-wide adoption of secure-by-design practices, protecting critical infrastructure, businesses, and consumers from memory-related exploits.

🤖 This Week in AI Security 🤖

Hard problems that reduce to document ranking

LLMs can be leveraged for listwise document ranking to solve complex security problems like identifying N-day vulnerabilities from patch diffs. A demonstration at DistrictCon ‘25 showed GPT-4o mini pinpointing a fixed vulnerability among 1600+ stripped functions in minutes for just few cents. This ranking approach extends to fuzzing target selection, injection point prioritization, and even automated PoC exploit generation, highlighting LLMs’ growing role in offensive security.

Research finds 12,000 ‘Live’ API Keys and Passwords in DeepSeek's Training Data

Truffle Security scanned Common Crawl, a dataset used to train LLMs like DeepSeek, and found 12,000 live API keys and passwords hardcoded in public web pages. This raises concerns about LLMs inadvertently learning and suggesting insecure coding practices due to exposure to real-world credential leaks. The team worked with vendors to revoke affected keys and suggests expanding secret scanning to public datasets to mitigate risks in AI-assisted development.

Malicious ML models discovered on HuggingFace 🤗 platform

ReversingLabs researchers uncovered malicious ML models on Hugging Face exploiting Pickle file serialization to execute arbitrary code during deserialization. The “nullifAI” attack bypassed Hugging Face’s Picklescan security tool, embedding reverse shells within PyTorch models. While Hugging Face quickly removed the threats, this highlights ongoing supply chain risks in AI model repositories and the need for stronger validation mechanisms to prevent ML-driven malware distribution.

🏆 AppSec Tools of The Week 🏆

Code-PathFinder: Opensource Github CodeQL Alternative

Code-Pathfinder is an OSS alternative to CodeQL, designed for scalable SAST analysis with Java support and plans to expand to C/C++, Golang. It aims to improve source code indexing, querying capabilities, and automated vulnerability detection with help of QL like queries and predefined queries.

Globstar: The Open-Source Static Analysis Toolkit

DeepSource (YC W20) has open-sourced Globstar, a static analysis toolkit that lets developers write custom code quality and security checkers using YAML or Go. Built on tree-sitter, it enables AppSec and DevOps teams to enforce custom anti-patterns and security rules without deep static analysis expertise. Key features include native Go bindings, multi-language support (20+ languages), and a flexible rule engine that integrates seamlessly with AI-generated queries for rapid rule creation.

SubImage – See your infra from an attacker's perspective

SubImage is a hosted security platform built on Cartography, an open-source security graph originally developed at Lyft. It helps teams map infrastructure, emulate adversary behavior, and prioritize real security risks by tracing attack paths and providing actionable remediation steps. Unlike traditional security tools, SubImage enables deep customization, allowing teams to enrich security graphs with internal data and automate fixes via CLI commands or infrastructure-as-code updates.

And that’s a wrap for this week! If you enjoy this curated issue, feel free to forward or share it with your appsec folks, team, hackerclub. For feedback, hugs, bugs or chats drop an email to [email protected]