Mastodawn

NEW: A bug in a student admissions website exposed the personal information of parents and their children, including their names, dates of birth, home addresses, pictures, and details about their school.

The bug, now fixed, was a sequential IDOR. At least 1.63 million student records were exposed.

https://techcrunch.com/2026/02/19/bug-in-student-admissions-website-exposed-childrens-personal-information/

Exclusive: Bug in student admissions website exposed children's personal information

Ravenna Hub, which lets parents apply and track the status of their kids' applications across thousands of schools, allowed any logged-in user to access the personally identifiable data associated with any other user, including their children.

TechCrunch

cje Feb 18

Mark Griffin Feb 17

Junkyard was an absolute pleasure to host again, it was awesome to see it take off... we even had a Roller Coaster Tycoon exploit this year!

In case you missed the show, @caseyjohnellis gave a great writeup of the EOL targets and exploits shared: https://cje.io/2026/02/07/for-the-love-of-the-game-districtcons-year-1-junkyard/

cje Feb 12

Lil’ bit of news… https://cje.io/2026/02/11/next-things/

Next things...

Getting ahead of the grapevine a little: Last Saturday Jan 31 was my last day "inside the tent" at Bugcrowd. I've been slowly stepping back from the company since my heart surgery in '24, and it was the right time to go both-feet out. I'm still a founding shareholder, massive

caseyjohnellis

cje Dec 27

Humor Satire Memes Dec 27

cje Nov 15, 2024

Dave Aitel Nov 15, 2024

https://therecord.media/cyberattack-causes-credit-card-readers-in-israel-to-malfunction I feel like this entire conflict is under analyzed by the academic community. It would be cool if jags and costin did a huge rundown on the next podcast .

Cyberattack causes credit card readers to malfunction in Israel

Customers at supermarkets and gas stations were reportedly unable to make payments due to the incident, which reports suggest lasted around an hour.

cje Nov 5, 2024

JosephMenn Nov 5, 2024

A registered Russian agent paid an X user $100 to post the bogus video about Haitians voting repeatedly in Georgia, CNN reports. I wonder if bigger names charge more. https://www.cnn.com/2024/11/04/politics/fake-georgia-voting-video-russian-disinformation

A pro-Trump influencer says a Russian agent paid him $100 to post a fake voter fraud video. It wasn’t the first time

An American social media influencer said he was paid $100 by a pro-Kremlin propagandist to post a fake video of Haitian immigrants claiming to vote in the US presidential election. The payment was one of several the man said he received from the propagandist- a registered Russian agent - to post on social media in the run-up to the election.

CNN

cje Oct 28, 2024

Wendy Nather Oct 27, 2024

Now live: the discussion I had with Chris Hughes and @caseyjohnellis on systemic issues in #cybersecurity:

https://www.resilientcyber.io/p/resilient-cyber-w-wendy-nather-and

In which I pulled a “Legally Blonde” on Casey; see if you can catch it 😉

Resilient Cyber w/ Wendy Nather & Casey Ellis - Systemic Cyber Struggles

In this episode of Resilient Cyber Chris Hughes chats with Cyber industry veterans and long-time leaders Wendy Nather and Casey Ellis about systemic cyber struggles, issues that still plague us over the years, and some of the economic incentives at play (or not) when it comes to cybersecurity.

Resilient Cyber

cje Oct 22, 2024

👏👏👏

Doubling Down on Trusted Partnerships: Our Commitment to Researchers | @ONCD | The @White House https://www.whitehouse.gov/oncd/briefing-room/2024/10/22/doubling-down-on-trusted-partnerships-our-commitment-to-researchers/

TLP:🌈

Doubling Down on Trusted Partnerships: Our Commitment to Researchers | ONCD | The White House

October 22, 2024 By National Cyber Director Harry Coker, Jr. The cybersecurity threat environment is constantly evolving. It is more complex than ever before. Keeping ahead of the bad actors requires collective effort, built on trusted partnership. Partnership means the government shares what we know to help entities defend themselves and their customers. But we…

The White House

cje Oct 9, 2024

OpenAI’s October “Influence and cyber operations: an update” just dropped 👀

https://cdn.openai.com/threat-intelligence-reports/influence-and-cyber-operations-an-update_October-2024.pdf

#protect2024 #pdf #offensiveai

cje Oct 6, 2024

Meredith Whittaker Oct 6, 2024

Case in point: there's no way to build a backdoor that only the "good guys" can use.

When the entire technical community says that the EU's ChatControl legislation + similar pose serious cybersecurity threats, we're not exaggerating for effect.

https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b?st=byoB7m

Verified by	https://fedified.com
Web	https://cje.io
Twitter	https://twitter.com/caseyjohnellis
LinkedIn	https://linkedin.com/in/caseyjohnellis
Bluesky	caseyjohnellis.bsky.social