Skip to content
The Nexus
SECURITYMay 6 · 21:15 UTCCYBERSCOOPGreg Otto

A DOD contractor’s API flaw exposed military course data and service member records

A defense technology company exposed user records and military training materials through API endpoints lacking authorization checks. The issue affected Schemata, a virtual training platform used in military settings, and included sensitive information such as user listings and course information. The vulnerability was disclosed by Strix, an open-source security testing project.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this