Dataproof Communications

Midday - Authorization Bypass On midday, the 'updateMember' tRPC mutation allows any authenticated team member to modify the role of any other member within the same team, including promoting themselves to 'owner' or demoting existing owners to 'member'. This is due to missing authorization checks that should verify the caller has sufficient privileges (i.e., is an `owner`) before allowing role...

The Public Accounts Committee says the UK government has dropped the ball on the use of data analytics to tackle tax fraud and error, as the public purse haemorrhages billions of pounds - Read more

Letter from group published by MPs blames 12 March glitch on software update to its mobile banking appsLloyds Banking Group exposed the personal data of nearly 500,000 customers in an IT glitch that left people’s payments, account details and national insurance numbers visible to other users, a committee of MPs has revealed.A letter from Lloyds, published by MPs on...

The bank has responded to the Treasury Committee’s request for information on a major data breach in its banking app - Read more

What is the Attack? Researchers from Google Threat Intelligence Group identified DarkSword, a sophisticated full-chain iOS exploit framework actively used by multiple surveillance vendors and suspected state-sponsored actors. Observed since at least November 2025, the exploit has been deployed in targeted campaigns across Saudi Arabia, Turkey,...

In March 2026, a breach of one of the many iterations of the BreachForums hacking forum known as "Version 5" was publicly disclosed. The incident exposed 340k unique email addresses along with usernames and argon2 password hashes. - Read more

A look at how Kubernetes CVE-2020-8561 works - Read more

Deploying agentic AI in financial services requires additional security controls that address AI-specific risks. This post walks you through comprehensive observability and fine-grained access controls—two critical capabilities for maintaining explainability and accountability in AI systems. You will learn seven design principles and get implementation guidance for meeting regulatory requirements while deploying secure AI solutions. Financial institutions navigating...

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a vulnerability in HikVision, as well as 10 in TP-Link, and 19 in Canva.The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule...

Apple’s latest iOS update adds some new features and fixes several bugs — but it also introduces mandatory age verification for users in the United Kingdom. The post Millions of UK iPhone Users Will Need to Verify Their Age — Here’s Why appeared first on TechRepublic. - Read more