SECURITYCYBERSCOOP
A DOD contractor’s API flaw exposed military course data and service member records
A defense technology company exposed user records and military training materials through API endpoints lacking authorization checks. The issue affected Schemata, a virtual training platform used in military settings, and included sensitive information such as user listings and course information. The vulnerability was disclosed by Strix, an open-source security testing project.
Mentioned