The Sysdig Threat Research Team recently discovered a vulnerability in AWS WAF that allowed bypassing its defenses using an automated WAF fuzzer. The vulnerability has been fixed by AWS. This incident highlights the importance of continuous cybersecurity testing and implementing multiple defense layers to protect against evolving threats. For more details and a full proof-of-concept (PoC) of the bypass, refer to the following link:
For more details, check out the original tweet here: