Bug Bounty ShortsHow I Turned an AI Search Endpoint into an Internal Org Intel Leak
This vulnerability was an authentication bypass and data leak involving an AI search endpoint acting as an oracle. The application failed to implement rate limiting, exposing presigned AWS S3 URLs without authentication to clients. Bypassed rate limits and enumerated valid prefixes, the researcher discovered a blueprint containing internal organization IDs, program eligibility logic, operational flags, system behavior hints—essentially a comprehensive system map. The researcher proposed adding strict rate limiting, revoking all existing presigned URLs, proxying requests through the backend, returning only necessary fields, sanitizing S3 payloads, removing internal metadata fields, adding logging and anomaly detection for enumeration patterns as mitigation measures. Key lesson: Combinations of seemingly minor flaws can lead to scalable vulnerabilities that provide a detailed system map #BugBounty #WebSecurity #DataLeak #APISecurity #RateLimiting
Analyst207McGraw Hill Data Leak Exposes 13.5M Records After Salesforce Misconfiguration
McGraw Hill, a leading publisher of educational materials, recently suffered a significant data leak, exposing a staggering 13.5 million records due to a misconfigured Salesforce-hosted page. This alarming breach highlights the importance of robust data security measures, even for companies with a traditional focus like textbook…
#DataLeak #McgrawHill #Salesforce #Misconfiguration #Education
Marcel SIneM(S)US#RockstarGames: Kriminelle Gang veröffentlicht Daten | Security https://www.heise.de/news/Rockstar-Games-Kriminelle-Gang-veroeffentlicht-Daten-11255795.html #ShinyHunters #DataLeak #Datenleck #CyberCrime #Rockstar
Booking.com: Unbefugte Zugriffe von Kriminellen entdeckt | Security https://www.heise.de/news/Booking-com-Unbefugte-Zugriffe-von-Kriminellen-entdeckt-11256689.html #Datenschutz #privacy #Datenleck #DataLeak
gtbarryStolen Rockstar Games analytics data leaked by extortion gang
Rockstar Games has suffered a data breach linked to a recent security incident at Anodot, with the ShinyHunters extortion gang now leaking the stolen data on its data leak site.
#rockstar #dataleak #databreach #games #gaming #security #cybersecurity #hackers #Hacking #hacked
LorenAgain and again
🚨 Booking.com Hit by Cyberattack Exposing Sensitive Customer Data
#exploit #security #science #cyberattack #dataleak #pentest #leak
https://blog.lorenbot.com/en/2026/04/14/%f0%9f%9a%a8-booking-com-hit-by-cyberattack-exposing-sensitive-customer-data/
Tino EberlBei der #Fitnesskette #BasicFit haben Unbekannte auf IT-Systeme zugegriffen und personenbezogene Daten von mehr als 200.000 Mitgliedern abgegriffen.
Betroffen sind unter anderem E-Mail-Adressen, Namen und Mitgliederinformationen. Passwörter und #Ausweisdokumente blieben laut Unternehmen geschützt. Die Betroffenen wurden informiert und zu Vorsicht bei #Phishing-Versuchen aufgerufen.
#Datenleck #ITSicherheit #Cybersecurity #Datenschutz #dataleak #Security
Fitnesskette Basic-Fit: Mehr als 200.000 Mitglieder von #Datenleck betroffen | Security https://www.heise.de/news/Fitnesskette-Basic-Fit-200-000-Mitglieder-von-Datenleck-betroffen-11254982.html #DataLeak #Datenschutz #privacy #Phishing
techUpdate.ioDatenleck bei Rockstar Games über Drittanbieter Snowflake
https://techupdate.io/gaming/datenleck-bei-rockstar-games-ueber-drittanbieter-snowflake/51105/
#technews #gamingnews #cybersecurity #rockstargames #dataleak #snowflake
#Rockstar bestätigt Cyberangriff und Datendiebstahl | heise online https://www.heise.de/news/Rockstar-bestaetigt-Cyberangriff-und-Datendiebstahl-11253467.html #ShinyHunters #RockstarGames #DataLeak #Datenleck #CyberCrime
