Newsletter Survey

Jul 17, 2025

👋🏼 Thank you for taking the time for taking this survey, it really helps out the creative process of this newsletter.

It is only 3 questions and will pay for itself.

Now... let’s get into it.

Meta fixes bug that could leak users’ AI prompts and generated content
- Remediations being made as vulnerabilities and leaks pick up in this space
- The bug caused the system to fail to confirm the user requesting data actually had permissions to view it, suggesting broken access control
Pro basketball player and 4 youths arrested in connection to ransomware crimes
- An interesting, as little surprises me these days but this one got an eyebrow raise out of me
- For what it’s worth his lawyer says he’s not really a computer guy ¯\_(ツ)_/¯
  - “He's useless with computers and can't even install an application.“
Purple Team Part 3: Detections and Testing
- Questions to ask yourself in the Detection Engineering process and resources to help
- Check out Parts 1 and 2 for the full framing
  The Purple Van
  Purple Team Part 3: Detections and Testing
  In the third installment of this Purple Team series, we’re going to take a look at detection engineering, attack testing and control evaluation, and the purple team platform Vectr. And if you’ve been let down by the memes as of late, well, this blog is for you. Here’s a quick refresher on what has already been covered in this series. Blog 1 …
  Read more
  2 months ago · 2 likes · Micah VanFossen

Louis Vuitton Data Breach Hits Customers in Several Countries
- This is the third company under the LVMH brand targeted in the last 3 months
- Data impacted includes contact info, but NOT passwords, or payment card information
McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications
- These might get its own category soon (But at least its being caught)
- Researchers were able to pull information for job applicants utilizing the chatbot, through IDOR vulnerability
- It also accepted the default username:password credentials of 123456:123456
- Full timeline (directly from the researcher)
  - 06/30/2025 5:46PM ET: Disclosed to Paradox.ai and McDonald’s
  - 06/30/2025 6:24PM ET: McDonald’s confirms receipt and requests technical details
  - 06/30/2025 7:31PM ET: Credentials are no longer usable to access the app
  - 07/01/2025 9:44PM ET: Followed up on status
  - 07/01/2025 10:18PM ET: Paradox.ai confirms the issues have been resolved

A good mix of breach news and AI system vulnerabilities this week

That’s all for this week, and I really hope you’re able to help out with the reader survey.

See you in the next one

Danny's Newsletter