This page collects WhisperX intelligence signals tagged #data security. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
Data analytics giant LexisNexis has confirmed its Legal & Professional division suffered a data breach, following claims by the Fulcrumsec cybercrime crew. The breach reportedly involved customer records. The cybercriminals claim to have exfiltrated 2 GB of data from an AWS instance using a 'React2Shell' exploit. Lexis...
A critical SQL injection vulnerability has been identified within the DEMS project's codebase, exposing a direct path for potential data manipulation or exfiltration. The flaw resides in the `saveInDataModelTable` function within the `src/builders/eventHistoryBuilder.ts` file. The function dangerously uses unsafe strin...
A critical security gap in a Supabase-backed application leaves user chat history and session analytics vulnerable to direct database access. The system stores sensitive user data in two tables—`learning_sessions` (full chat history) and `analytics_events` (session metadata)—without verified Row Level Security (RLS) po...
A critical security vulnerability pattern has been identified within the OpenSchoolEd platform, exposing student data to unauthorized access and manipulation. The flaw is an Insecure Direct Object Reference (IDOR) affecting core administrative functions. While view and list operations correctly restrict data based on u...
The FBI has issued a stark public warning, identifying significant data security risks for Americans using popular foreign-developed mobile applications. The agency's alert, released in a March 31 public service announcement, specifically highlights apps subject to China's national security laws, which could enable the...
A critical privacy policy page on the YORA app is not a legally compliant document but a placeholder containing only three bullet points of notes. The page, accessible at `/privacy`, fails to meet basic requirements of the California Consumer Privacy Act (CCPA), exposing the company to significant legal and regulatory ...
A critical architectural flaw has been exposed within NoorinaLabs' core infrastructure. Sensitive user data, including personally identifiable information (PII), authentication tokens, and session details, is currently stored as `USER` nodes within the company's primary `noorinalabs-isnad-graph` Neo4j database. This de...
A damning internal federal review has found Microsoft's flagship government cloud offering to be a security black box, with evaluators bluntly labeling its documentation 'a pile of shit.' The assessment, obtained by ProPublica, reveals that Microsoft's 'lack of proper detailed security documentation' left government cy...
Florida Attorney General James Uthmeier has launched a formal investigation into OpenAI, citing urgent public safety and national security risks. The probe centers on allegations that the company's data and technology could be "falling into the hands of America's enemies, such as the Chinese Communist Party." This move...
Microsoft's redesigned Windows Recall feature, an AI tool that screenshots PC activity, is under fresh security and privacy scrutiny just as it prepares for a relaunch. Cybersecurity expert Alexander Hagenah has released 'TotalRecall Reloaded,' an updated tool designed to extract and display data stored by Recall, reig...
A high-severity security scan has exposed multiple private cryptographic keys hardcoded within the public Apache Superset GitHub repository. The gitleaks scanner flagged the exposure with high confidence, identifying the sensitive keys in six separate locations across the project's test suite. This type of exposure can...
A critical server-side request forgery (SSRF) vulnerability has been flagged within a GitHub-hosted codebase, posing a direct threat to private organizational data. The vulnerability, classified as HIGH severity, stems from a dangerous pattern where untrusted data from a user request object is passed directly into a ne...
A critical vulnerability in the widely-used PyArrow data library exposes systems to arbitrary code execution. The flaw, tracked as CVE-2023-47248, resides in the deserialization process of IPC and Parquet readers, allowing an attacker to execute arbitrary code by feeding the library untrusted data. This presents a seve...
A critical security vulnerability has been detected in Supabase projects, exposing database tables to public read, edit, and delete access. The flaw stems from the absence of Row-Level Security (RLS), a fundamental access control mechanism. Without RLS enabled, anyone possessing a project's URL can gain unrestricted, a...
Chinese regulators have reportedly ordered Meta to unwind its acquisition of Manus AI, raising fresh concerns about Beijing's willingness to enforce data security review mechanisms against major U.S. technology firms. The directive, described in media reports, appears to mark a rare instance of direct regulatory pressu...