Blog

Token Hijack via Unvalidated postMessage Handler and Reflected DOM XSS in Chatwoot Widget Integrations

2025-10-06

HackWare researchers discovered two security issues in ChatWoot widget integrations that could enable token hijacking via unvalidated posMessage handler and reflected DOM-based cross-site scripting.

When emojis cause XSS

2025-09-21

We show how a seemingly harmless emoji became an XSS vulnerability during a bug bounty investigation, and what technical process led to the success of the exploit.

The HackWare Blog is now live - Deep in cybersecurity

2025-09-18

Why we launched HackWare's professional blog, and what you will be reading about here in the future.

The website has a static structure and does not use its own cookies. However, Google Analytics and Google Ads may use cookies, which may be activated automatically when you visit the site.