Sign in Subscribe

IW Team

👩‍💻IW Weekly #64: EPP Servers, MOVEIt Transfer RCE, Password Reset Link to Account Takeover, PII Data Leakage, Dependency Confusion Attack and many more

MOVEIt Transfer RCE (CVE-2023-34362) exposes a critical flaw enabling remote code execution within the MOVEIt Transfer platform, as discovered by @assetnote. Welcome to the #IWWeekly64 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3

👩‍💻IW Weekly #63: Account Takeover on Tiktok, MOVEiT Transfer RCE, Godaddy Hack, CSP bypass, Uncovering power of Nuclei and many more..

Unveiling TikTok's hack : How @mrhavit cracked the code and uncovered an account takeover vulnerability in a thrilling bug bounty adventure! Welcome to the #IWWeekly63 - the monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads,

👩‍💻IW Weekly #62: Unauthorized Web Server Access by SQL Injection, Hacking LLMs, Bypassing WAFs, RCE on Open Ports, Prototype Pollution and many more..

Unleashing the power within: @vickieli7's revelation of Hacking LLMs with Prompt Injection and Game-Changing GPT Application Attacks Welcome to the #IWWeekly62 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2

👩‍💻IW Weekly #61: CVE-2023-2822, PII breach, IDOR’s impacting organizations, Open Redirect to Account Takeover, File upload Vulnerabilities, Root an AVD and many more..

cyberninja8881 uncovers a reflected cross-site scripting vulnerability lurking in the Ellucian Ethos Identity CAS Logout Page. Welcome to the #IWWeekly61 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and

👩‍💻IW Weekly #60: RCE from Source Code, Prompt Injection, Information Disclosure, Cache Poisoning to DOS, XSS in WordPress, Source Code Review and many more..

Unveiling the Power of Prompt Injection: Witness the Game-Changing Proof of Concept by @rez0__, as Theory Becomes Reality in the World of Plugin-Hijacking! Welcome to the #IWWeekly60 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4

👩‍💻IW Weekly #59: Authentication Bypass and multiple RCEs in Sitecore, IDOR while attending school, Directory listing to RCE, Integration misconfiguration to privilege escalation and many more..

@AayushVishnoi10 shows how a simple directory listing can help you gain PII disclosure and Remote code execution Welcome to the #IWWeekly59 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos

👩‍💻IW Weekly #58: Remote Code execution in Oracle Opera, MFA Bypass, Hacking APIs, Chaining bugs for $$$$, Azure Subdomain Takeovers and many more…

@jub0bs shared an amazing writeup which showcases the importance of chaining vulnerabilities. A must read for the week. Welcome to the #IWWeekly58 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub

👩‍💻IW Weekly #57: Misconfiguration in Salesforce, CVE-2023-29007, CVE-2023-29489, CSP Bypass in Piwik PRO, Email Injection, Learning SSTI and Many more…

@0xacb sheds light on the Git Arbitrary Configuration Injection vulnerability (CVE-2023-29007) in a detailed discussion. Welcome to the #IWWeekly57 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools,

👩‍💻IW Weekly #56: Admin Panel Takeover, $10,000 Bounty, Caches & Firewalls for XSS, Telegram Vulnerabilities, Kubernetes Hacking, RCE using Log Poisoning and many more…

@anandpraka_sh shares their experience of finding a vulnerability in LinkedIn that enabled the deletion of any post, resulting in a $10,000 bounty. Welcome to the #IWWeekly56 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles,

👩‍💻IW Weekly #55: CVE-2023-22620, XSSI Vulnerability, Bugs in Pretalx, ChatGPT Plugin Leak, Hacking with MFA, Cloud Hacking, BAC to Account Takeover and Many more…

First part of SecurePwn series by @MrTuxracer uncovers CVE-2023-22620 vulnerability and provides insights on bypassing SecurePoint UTM's authentication. Welcome to the #IWWeekly55 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos,