Vercel has confirmed a security incident stemming from a compromised third-party AI tool used by an employee, with reports linking the data sale to a group behind the Ticketmaster breach. The event highlights the complex risks of supply chain attacks and raises questions about customer notification practices.
A critical vulnerability was discovered in Telcel's new mandatory biometric registration portal, exposing sensitive personal data of millions of users. The flaw allowed data extraction without authentication, raising serious concerns about data protection and system integrity.
A high-severity vulnerability, dubbed 'Bleed,' allows unauthenticated remote attackers to extract sensitive data from MongoDB memory. With over 87,000 instances potentially at risk, including a suspected link to a recent Ubisoft breach, immediate patching is crucial.