Sign in Subscribe

IW Team

👩‍💻IW Weekly #54: Analysis of EDR Hooks bypass, Account Takeover- ChatGPT, IDOR at Tinder, Mobile Hacking, WebSecGPT, Cloud Hacking and Many more…

@Gtm0x01 talks about revealing designated users for Facebook apps linked to a business account. Welcome to the #IWWeekly50 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1

👩‍💻IW Weekly #53: Privilege Escalation, Authentication Bypass Vulnerability, CRLF, JSON Based SQL, Local File Inclusion, Broken Authentication Vulnerability, and many more…

In this week’s newsletter read about the wide exploration of authentication bypass vulnerability, leading to a critical security issue by ASWIN K V. Welcome to the #IWWeekly53 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles,

👩‍💻IW Weekly #52: Filter chains, Prototype Pollution in Node, Privilege Escalation, Vulnerabilities in ChatGPT, Copy&Paste XSS, Shodan Dorks and many more…

The possibilities allowed by filter chains will never stop amazing us. In this blog Rémi Matasse showcases how it’s used to read files from an error-based Oracle. Welcome to the #IWWeekly52 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out,

👩‍💻IW Weekly #51: Server-Side prototype pollution, Pentest mapper, SSRF in Meta, Hacking CI/CD pipelines, AWSScrape, Hacking Android, SQL Injections and much more…

@PortSwigger released a tool for finding server-side prototype pollution bugs and here’s all you need to know about it. Welcome to the #IWWeekly51 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos,

👩‍💻IW Weekly #50: Authentication and Authorization Vulnerabilities in Datahub, Leaky GraphQL, Account Takeover via Preset Passwords, Insecure Deserialization, $10000 Bounty and much more…

@GHSecurityLab discovered authentication and authorization vulnerabilities in DataHub, an open-source metadata platform, potentially allowing unauthorized access to sensitive data stored on the platform. Welcome to the #IWWeekly50 - the Monday newsletter that brings the best in Infosec straight to your inbox. Thank you for making it so far with us!

👩‍💻IW Weekly #49: $10000 RCE, Gitpod 0 Day, SQL Injection, Authentication Bypass, API Fuzzing, Payment Bypass, IDOR, Broken Access Control and much more…

@NahamSec shares valuable insights on how to navigate the complex world of bug bounty hunting, including tips on where and how to get started. Welcome to the #IWWeekly49 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles,

👩‍💻IW Weekly #48: Slack Vulnerability, DOM-XSS on Microsoft, SQL+RCE on University Website, Hacking AWS Cloud, XSS on Google and many more…

@gregxsunday identified an XSS vulnerability in Google's golang/net/html library and was rewarded $3,133.70 as a bounty for his first submission to Google. Welcome to the #IWWeekly48 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out,

👩‍💻IW Weekly #47: SSRF to Infrastructure Access, HubSpot Full Account Takeover, RCE to S3 Leak, SQL Injections, Stored XSS, Broken Access Control and many more…

Breaking Boundaries: @basu_banakar uncovers SSRF vulnerability providing access to complete infrastructure and web services. Welcome to the #IWWeekly47 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools,

👩‍💻IW Weekly #46: Ransomware Defense, Cracking OSWE, Github Hack, Finding IDORs, Security flaw in Aurora’s Rainbow Bridge and much more…

Understand Microsoft's in-depth approach to ransomware defense with @jhondarred and team's informative article on best practices and tactics. Welcome to the #IWWeekly46 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads,

👩‍💻IW Weekly #45: RCE in Avaya Aura Device Services, Bypass Sign-Up Pages, JWT Hacking, Broken Access Control, CSRF Explained and much more…

Read how @iamnoooob and @rootxharsh discovered a remote source code disclosure in PHP Development Server <= 7.4.21 Welcome to the #IWWeekly41 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2