How We Bypassed an Axios Security Patch (CVE-2026–42043): The 16-Million IP Loophole When a patch for a critical vulnerability drops in a library downloaded over 500 million times a wee... 2026-5-29 09:14:46 | 阅读: 21 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com loopback axios proxy attacker bypass

How We Bypassed an Axios Security Patch (CVE-2026–42043): The 16-Million IP Loophole When a patch for a critical vulnerability drops in a library downloaded over 500 million times a wee... 2026-5-29 09:14:46 | 阅读: 22 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com loopback axios proxy bypass attacker

Android Lock Screen Bypass via Google Gemini — The Patch That Wasn’t (Status: Not Fixed) TL;DR: On a fully patched Pixel 6a running Android 16, an attacker with physical access can escape t... 2026-5-29 09:12:39 | 阅读: 21 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com gemini overlay bypass security

“Bug Bounty Bootcamp #40: XXE — Reading Server Files and Pivoting to Internal Networks Through XML” That innocent XML import feature could be a direct line to your /etc/passwd and internal cloud metad... 2026-5-28 12:15:44 | 阅读: 19 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com ssrf remote pulls lesson featurexml

“Bug Bounty Bootcamp #40: XXE — Reading Server Files and Pivoting to Internal Networks Through XML” That innocent XML import feature could be a direct line to your /etc/passwd and internal cloud metad... 2026-5-28 12:15:44 | 阅读: 19 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com ssrf remote pulls friend weaponize

“Bug Bounty Bootcamp #39: PDF SSRF and Blind Exfiltration — When Headless Browsers Become Your Data… The invoice generator doesn’t show errors. The image fetcher hangs on invalid IPs. But with a single... 2026-5-28 12:12:0 | 阅读: 20 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com ssrf inject headless exfiltrate hangs

“Bug Bounty Bootcamp #39: PDF SSRF and Blind Exfiltration — When Headless Browsers Become Your Data… The invoice generator doesn’t show errors. The image fetcher hangs on invalid IPs. But with a single... 2026-5-28 12:12:0 | 阅读: 20 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com ssrf headless inject princexml tackle

Extending Wazuh detection capabilities with clickdetect, Opensearch PPL and Sigma Rules Hey, souzo here. If you’ve ever wanted alerting rules that actually work in Wazuh without fighting O... 2026-5-28 12:9:11 | 阅读: 22 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com opensearch sigma wazuh clickdetect runner

Built Pentest Environment On Your Mac Using Docker A Simple and Working Setup for Every Apple Silicon Macs (M1, M2, M3, M4, M5)Press enter or click to... 2026-5-28 12:6:17 | 阅读: 12 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com silicon macs chip macbooks chips

I Found Root Access on Critical Financial Infrastructure Using a Two-Day-Old Kernel Exploit My name is Hamza Hashim. I’m an offensive security researcher and if you’ve followed my work before,... 2026-5-28 12:4:52 | 阅读: 21 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com jenkins sitting github frag security

Intercepting Docker Application Requests Using Burp Suite on Windows Press enter or click to view image in full sizeIntercepting Docker Application Requests Using Burp S... 2026-5-28 12:4:28 | 阅读: 14 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com burp proxy windows wsl2 containers

How a GraphQL Invitation Flow Exposed Users at Scale Press enter or click to view image in full sizeA normal invite feature revealed registered accounts,... 2026-5-28 11:55:16 | 阅读: 25 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com invite invitation overly readers identifiers

How a GraphQL Invitation Flow Exposed Users at Scale Press enter or click to view image in full sizeA normal invite feature revealed registered accounts,... 2026-5-28 11:55:16 | 阅读: 22 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com invite invitation workflows exposure reveals

I Sent You a JPEG. Now I Own Your Mac. Exploiting ExifTool’s macOS Command Injection Blind Spot (CVE-2026–3102)A JPEG should never execute... 2026-5-28 11:52:19 | 阅读: 20 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com exiftool injection 2026 3102 pipelines

Prompt Engineering: TryHackMe Walkthrough Learn how LLMs process text and craft effective prompts for security and adversarial testing, from T... 2026-5-28 11:48:46 | 阅读: 8 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com security prompts tryhackme llm

I Booked a ₹30,000 Conference Ticket for ₹1. The Site Let Me. A business logic flaw. A Burp Suite intercept. And the first Hall of Fame of my life.Press enter or... 2026-5-28 11:47:46 | 阅读: 16 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com premium client burp discount fame

How to Detect Data Exfiltration with Elastic SIEM: SOC Analyst Hands-On Lab | Hunt Forward Lab #007 Hunt Forward Lab #007 — Threat Hunting for Bulk File Transfer & Archive Creation | MITRE ATT&CK T103... 2026-5-27 17:59:53 | 阅读: 20 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com network hunt ratio attacker 7z

Testing SQL Injection Using Google gemma4:31b-cloud on PortSwigger’s Vulnerable Shop 2026-5-25 09:11:8 | 阅读: 18 | 收藏 | Bug Bounty in InfoSec Write-ups on Medium - infosecwriteups.com injection 31b gemma4 database insecurely

Testing SQL Injection Using Google gemma4:31b-cloud on PortSwigger’s Vulnerable Shop 2026-5-25 09:11:8 | 阅读: 15 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com injection 31b database gemma4 practicing

Hacking the Scammers and Exposing Their Tactics in a Mission to Protect Nepalese Youth Press enter or click to view image in full sizeA few days ago, I returned to my hometown during my s... 2026-5-25 09:10:58 | 阅读: 15 | 收藏 | InfoSec Write-ups - Medium - infosecwriteups.com cousin him jassi friend bhai