bingo-ai 3.6.3 Vulnerability
Blind Signing / EIP-7730 (Bybit $1.5B Attack Vector) The Bybit $1.5B hack (Feb 2025) exploited a Safe multisig blind signing flaw: - Attackers changed operation parameter from0 (call) →1 (delegatecall) - Signers could not detect the change on hardware wallets - EIP-712 structured data was insufficient to prevent this bingo’s web3-blind-signing-audit and web3-safe-multisig-optype skills detect these patterns: [CRITICAL] Operation Type UI Not Displayed Safe transaction operation type (0=call, 1=delegatecall) not shown in UI Fix: Display operation type explicitly in signing UI [HIGH] EIP-7730 Not Implemented Hardware wallet cannot display human-readable transaction details Fix: Submit JSON manifest to https://github.com/LedgerHQ/clear-signing-erc7730-registry Example: DApp Full Pentest (with wallet auth) # DApp that requires wallet login bingo> https://app.defi-protocol.com dapp pentest # bingo automatically: # 1. Android APK # In bingo chat bingo> analyze target.apk bingo> target.apk secret scan bingo> pentest com.example.app CLI / Python: trufflehog filesystem target.apk —json —no-verification # Docker (no install needed): docker run -v $(pwd):/work trufflesecurity/trufflehog:latest filesystem /work/target.apk —json Install TruffleHog: brew install trufflesecurity/trufflehog/trufflehog # macOS curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s, -b /usr/local/bin # Linux iOS IPA # In bingo chat bingo> analyze target.ipa bingo> ios swift decompile target.ipa bingo> malimite target.ipa Requires: Java 17+ and Malimite.jar brew install openjdk@17 # Download Malimite.jar from https://github.com/LaurieWired/Malimite/releases mkdir -p ~/tools && mv ~/Downloads/Malimite.jar ~/tools/ java -jar ~/tools/Malimite.jar target.ipa —output ./decompiled/ trufflehog filesystem ./decompiled/ —json —no-verification Auto-detect (APK or IPA) bingo> auto scan target.apk # AI picks the right method automatically bingo> auto scan target.ipa What bingo extracts Post-Exploitation, Webshell Deploy (v2.2.5) After confirmed SQLi, bingo runs the full post-exploit chain automatically: Chain: SQLi login bypass → file upload → webshell → AntSword connect # In bingo chat, just describe the goal bingo> I have SQLi on https://target.com/login, get admin access and deploy webshell bingo handles each step: Webshell types auto-selected: DB Dump (v2.9.6) Triggered automatically after confirmed SQLi / webshell / RCE: - Dumps: member /user /admin /g5_member /xe_member - No row limit, max_rows_per_table=0 (unlimited), entire table dumped - Saves credentials → CREDENTIALS_{table}.json - Detects hash type → prints hashcat -m {mode} command - Re-attempts admin login with extracted credentials Save location (auto-detected by OS): v2.9.6 fix: AI-generated extraction code was saving to /tmp/ and ignoring DbDumper.
The Vulnerability
Anti-Hallucination, 4-Layer Guard Every AI response is blocked unless it passes all 4 checks: - Code block guard, rejects empty stubs, JSON plans - Text intercept, rejects AI self-confessions - Fake credential block, no credentials without HTTP proof - Unproven conclusion block, no “SQLi confirmed” without code execution Evidence labels in reports: bingo scan, Full Auto Pipeline bingo scan https://target.com Runs 5 phases automatically, no interaction needed: Report saved to: ~/.config/bingo/reports/report_
Further details indicate that jSON output format: { “bingo_version”: “3.2.99”, “generated_at”: “2026-06-29 20:00:00”, “target”: “https://target.com”, “total”: 3, “critical”: 2, “high”: 1, “confirmed”: 1, “findings”: [ { “id”: “BINGO-0001”, “vuln_type”: “sqli”, “severity”: “HIGH”, “target”: “https://target.com”, “payload”: ”’ OR 1=1—”, “evidence”: “admin:5f4dcc3b5aa765d61d8327deb882cf99”, “timestamp”: 1751198400.0, “timestamp_str”: “2026-06-29 20:00:00”, “confirmed”: false, “screenshot_path”: "", “notes”: "" } ] } Override output path: export BINGO_REPORTS_DIR=/custom/path # then run bingo 2.
/proxy api https://your-own-proxy-api.com/list.txt Supported API response formats: - Plain text, one proxy per line ( ip:port orscheme://ip:port ) - JSON array: [“socks5://1.2.3.4:1080”, …] Proxy in AI-Generated Scripts When /proxy is active, every AI script automatically includes: import requests # [bingo v3.2.18: PROXY ACTIVE] PROXIES = {‘http’: ‘socks5://1.2.3.4:1080’, ‘https’: ‘socks5://1.2.3.4:1080’} s = requests.Session() s.proxies.update(PROXIES) s.verify = False # required for Tor / self-signed certs r = s.get(“https://target.com/api/…”, timeout=15) Requirements pip install PySocks # SOCKS5 proxy support (auto-installed) pip install stem # Tor circuit rotation (optional) Both are included in pyproject.toml dependencies, installed automatically with bingo.
Attack Chain /.well-known/oauth-authorization-server ↓ registration_endpoint (no auth required) ↓ Attacker registers client → gets client_id + client_secret ↓ Authorization request with attacker redirect_uri ↓ Victim clicks → authorization code sent to attacker.com ↓ Token exchange (PKCE not enforced) ↓ Wildcard CORS → cross-origin token read ↓ Account Takeover ✓ What bingo checks automatically Usage bingo skill show sec-web-oauth-open-reg bingo skill search oauth DApp / Web3 / Smart Contract Audit (v3.2.62) bingo now includes 28 dedicated DApp/Web3/Smart Contract audit skills, auto-triggered when Web3 keywords are detected.
“socks5://1.2.3.4:1080”, Spokesperson
Risk & Exposure
Previous versions triggered the infinite-loop kill after 5 identical lines.
bingo> audit https://app.uniswap.org smart contract bingo> https://defi-target.com reentrancy vulnerability check bingo> analyze solidity contract for flash loan attack bingo> dapp pentest https://app.example.com # auto wallet generation + SIWE login DApp Audit Skills (28 total) Key Vulnerability Coverage DApp Authentication, Wallet Generation + SIWE Login (v3.2.62) Most DApps require a wallet connection before any API access.
Patching & Remediation
-
External tools are used as optional upgrades, not requirements.
-
OAuth Open Client Registration Chain Attack (v3.2.65) bingo v3.2.65 adds sec-web-oauth-open-reg, a full attack chain for the critical OAuth misconfiguration where unauthenticated dynamic client registration enables account takeover.
-
Specialist Agent Dispatcher (/agent ) Eight vulnerability-type agents (SQLi, XSS, SSRF, Auth, RCE, IDOR, LFI, CSRF) are now available.
-
After /whitebox the dispatcher automatically prioritizes agents matching the detected patterns.
Analysis
As AI tooling proliferates, security teams face expanding attack surfaces tied to model inference and data pipelines.
Sources
SecurityXP delivers daily cybersecurity news, vulnerability analysis, data breach reports, and threat intelligence.
Security Digest
Get the latest cybersecurity news, vulnerability alerts, and threat intelligence delivered to your inbox.
Related Articles
VMware Zero-Day Under Active Exploitation
A critical remote code execution vulnerability in VMware vCenter Server is being actively exploited in the wild. CVE-2025-1234 carries a CVSS score of 9.8 and affects all recent versions. Immediate patching is recommended.
Vulnerabilities & ExploitsAttackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer Vulnerability
"Credentials accessible from a developer or administrator workstation may provide entry into production infrastructure, build pipelines, source code...
Vulnerabilities & ExploitsCisco Unified CM Flaw CVE-2026-20230 Actively Exploited in the Wild Vulnerability
Cisco Unified Communications Manager has a serious vulnerability, tracked as CVE-2026-20230 (CVSS score of 8.6), that attackers are already exploiting. The...
Vulnerabilities & ExploitsVulnerability response: Built for humans, outpaced by machines.
Frontier models now discover and chain vulnerabilities faster than human analysts can confirm them, and the gap between finding and fixing is shrinking in...