Tencent Xuanwu Lab

Ghost Dependencies: An Emerging Supply Chain Security Threat in the Agentic Coding Paradigm

2026-02-27T16:00:00.000Z

Author: Tianchu Chen of Tencent Xuanwu Lab

0x00 Introduction

As the capabilities of Large Language Models (LLMs) continue to advance, AI-assisted software development is evolving from the “Copilot” paradigm—where humans write code and AI provides completions—to the “Agentic Coding” paradigm, where AI autonomously makes decisions and executes actions. In this new paradigm, AI is no longer merely a code generation assistant but has transformed into an intelligent agent capable of independently planning tasks, selecting technology stacks, manipulating file systems, and even executing commands.

However, this transfer of control introduces new attack surfaces: AI Agents make decisions on behalf of users, but these decisions are not always secure. Through extensive testing and analysis of mainstream Agentic Coding tools and their underlying LLMs, we have identified several prevalent AI decision-making risks. Among these, a category of risks related to the software supply chain can produce persistent and covert impacts. We have termed this phenomenon “Ghost Dependencies.”

AI Web Crawler Security White Paper

2026-02-02T07:20:00.000Z

Author: Guancheng Li and Zheng Wang of Tencent Xuanwu Lab

This white paper from Tencent Xuanwu Lab analyzes how moving browsers and crawlers from user endpoints into AI server-side infrastructure fundamentally changes the attack and defense landscape. As LLM-based agents increasingly rely on server-side browsing for search, data extraction, and automated task execution, the browser becomes a high-value, high-risk component embedded deep inside the data center.

Building on real-world security testing against multiple large-scale AI products, the paper reconstructs typical attack chains against server-side browsers, explains why traditional “patch + sandbox” assumptions fail in this environment, and proposes a defense-in-depth framework centered on static attack surface reduction + dynamic runtime isolation. It also introduces SEChrome, an open-sourced practical protection layer for securing server-side Chrome-based crawlers.

Download: AI Web Crawler Security White Paper.pdf

Arbitrary File Upload Leading to RCE in ComfyUI-Manager

2026-01-06T06:30:00.000Z

Tencent Xuanwu Lab has identified a high-severity vulnerability (CVE-2025-67303) in ComfyUI-Manager, the integrated extension component of the visual AI workflow tool ComfyUI. In out-of-the-box configurations, this flaw allows a remote attacker to compromise the system without any authentication. By bypassing security restrictions, an attacker can execute arbitrary code, leading to full server compromise.
The issue has been patched in the latest version of ComfyUI-Manager.

How Far Are Quantum Computers from Breaking RSA-2048?

2025-11-20T16:00:00.000Z

Author: Guancheng Li of Tencent Xuanwu Lab

In today’s digital world, classical public-key cryptography such as RSA-2048 and ECC are the most widely used encryption standards, supporting the underlying trust of network security, financial transactions, and privacy protection. However, this cornerstone is facing the potential threat of quantum computing. In theory, quantum computers can factorize large integers and solve discrete logarithms at speeds far exceeding classical computers, thereby breaking RSA and ECC encryption in a short time. This prospect is both exciting and worrying.

The question is: what stage has the development of quantum computers reached? Some optimistically believe that the “countdown” to classical public-key cryptography has already begun; others doubt that truly usable quantum computers are still far away due to manufacturing difficulties. There are various opinions in the market, often optimistic or pessimistic, but the core question always lingers: how far are quantum computers from breaking classical public-key cryptography? We will attempt to answer this question by dismantling and analyzing the manufacturing bottlenecks and breakthrough hopes of quantum computers.

A Mirage of Safety: Bug Finding and Exploit Techniques of Top Android Vendor's Privacy Protection Apps

2021-05-13T16:00:00.000Z

Author: Xiangqian Zhang, Huiming Liu of Tencent Security Xuanwu Lab

0x0 Introduction

In this blog, we will detail our research on Android privacy protection apps. We investigated the privacy protection applications provided by the top five Android vendors and found that many applications do not protect our privacy well.

We proposed three threat models based on our research. And we will show four attack examples for the privacy protection applications.

CVE-2020-9971 Abusing XPC Service mechanism to elevate privilege in macOS/iOS

2021-01-11T10:26:30.000Z

Author: Zhipeng Huo(@R3dF09) of Tencent Security Xuanwu Lab

0x0 Introduction

In this blog, I will detail an interesting logic vulnerability I found in launchd process when it is managing the XPC Services. It’s easy be exploited and 100% stable to get high privilege in macOS/iOS. Because launchd is the most fundamental and important component in the OS, the vulnerability would also work even from the most restricted app sandbox. The vulnerability should work before macOS Big Sur and iOS 13.5.

Deep Analysis of CVE-2019-8014: The Vulnerability Ignored 6 Years Ago

2019-09-12T06:14:22.000Z

This post provides detailed analysis for CVE-2019-8014 which was fixed in Adobe Acrobat Reader / Pro DC recently. Interestingly, it’s a patch bypass of CVE-2013-2729 which was fixed six years ago. This post also discusses how to exploit the vulnerability.

Author: Ke Liu of Tencent Security Xuanwu Lab

Ghidra From XXE to RCE

2019-03-18T10:21:19.000Z

Authors: tomato, salt of Tencent Security Xuanwu Lab

Investigating WinRAR Code Execution Vulnerability (CVE-2018-20250) at Internet Scale

2019-02-22T12:15:35.000Z

Authors: lywang, dannywei

0x00 Background

As one of the most popular archiving software, WinRAR supports compress and decompress of multiple file archive formats. Check Point security researcher Nadav Grossman recently discovered a series of security vulnerabilities he found in WinRAR, with most powerful one being a remote code execution vulnerability in ACE archive decompression module (CVE-2018-20250).
To support decompression of ACE archives, WinRAR integrated a 19-year-old dynamic link library unacev2.dll, which never updated since 2006, nor does it enable any kind of exploit mitigation technologies. Nadav Grossman uncovered a dictionary traversal bug in unacev2.dll, which could allow an attacker to execute arbitrary code or leak Net-NTLM hashes.

Spoof All Domains Containing 'd' in Apple Products [CVE-2018-4277]

2018-11-13T07:53:50.000Z

During this time I have been researching security issues on the browser front end, and I have found dozens of vulnerabilities in browsers such as Chrome, Safari, and Firefox. Unicode visual security and IDN homograph attack have also been the subject of my research.

Pay attention to the Ethereum hash collision problem from the "Stealing coins" incident

2018-11-09T04:15:37.000Z

Author : Kai Song(exp-sky) , hearmen , salt , sekaiwu of Tencent Security Xuanwu Lab

“Stealing coins”

On November 6th, we observed that such a contract appeared on Ethereum. After investigation, it was found that a blockchain security vendor issued a contract to let everyone “Stealing coins”.

Pwning PHP developers

2018-04-02T02:48:18.000Z

TL;DR
A php programmer who use xdebug’s remote debugging feature may affects RCE when he just access to attacker’s website in modern browsers.

Return Flow Guard

2016-11-02T06:29:27.000Z

[DannyWei, lywang, FlowerCode] of Tencent Xuanwu Lab

Here is a preliminary documentation of the RFG implementation. We will update it once we have new findings and corrections.

We analyzed the Return Flow Guard introduced in Windows 10 Redstone 2 14942, released on October 7, 2016.

CVE-2016-1707 Chrome Address Bar URL Spoofing on IOS

2016-10-10T03:18:36.000Z

Address Bar URL Spoofing on IOS Chrome (CVE-2016-1707), I report the vulnerability to Google in June 2016. Spoofing URL vulnerability can be forged a legitimate Web site address. Attacker can exploit this vulnerability to launch phishing attack.

Pulse Secure Desktop Client (Juniper Junos Pulse) Privilege Escalation

2016-07-19T10:00:11.000Z

XLAB ID: XLAB-16-001

CVE ID: CVE-2016-2408

Patch Status: Fixed

BadTunnel - A New Hope

2016-06-17T08:20:27.000Z

This article purposes a new attack model to hijack TCP/IP broadcast protocol across different network segment, named “BadTunnel”.

Exceptions in Exceptions - Abusing Special Cases in System Exception Handling to Achieve Unbelievable Vulnerability Exploitation

2016-04-19T08:21:21.000Z

Memory Read / Write / Execute attributes are one of the most important part of system security. Usually it is mandatory to have writable attribute set before overwriting a block of memory, and executable attribute set before executing code in a block of memory, otherwise an exception is generated. However, there are some special cases in the Windows exception handling procedure that we can take advantage of. By abusing such exceptions, we could write to the unwritable, and execute the unexecutable.

Use Chakra engine again to bypass CFG

2016-01-04T08:19:56.000Z

This post is initially inspired by a talk with @TK, during which I learned the process and detail on how to successfully bypass CFG (reference: use Chakra JIT to bypass DEP and CFG). Due to my interest in its technology, I spent some time reading related materials and found another position to bypass CFG. I would like to thanks @TK for enlightening me on the ideas and techniques mentioned in this post.

Microsoft Internet Explorer And Microsoft Edge Object Use-After-Free Remote Code Execution Vulnerability

2015-12-29T09:59:19.000Z

XLAB ID: XLAB-15-025

CVE ID: CVE-2015-1752

Patch Status: Fixed

Flash Player Memory Corruption in Display List Handling

2015-12-29T09:56:34.000Z

XLAB ID: XLAB-15-024

CVE ID: CVE-2015-8459

Patch Status: Fixed