{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/data-leak/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["parse-server","livequery","data-leak","cve-2026-34363"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eParse Server, an open-source backend for web and mobile applications, is susceptible to a vulnerability in its LiveQuery functionality. This issue stems from the concurrent handling of multiple subscribers using shared mutable objects. Specifically, when several clients subscribe to the same class via LiveQuery, event handlers process each subscriber concurrently, leading to a situation where sensitive data filters modify shared objects in-place. This can cause protected fields and authentication data to be leaked to clients that should not have access to them, or lead to incomplete objects being received by clients that should see the data. The vulnerability affects Parse Server deployments using LiveQuery with protected fields or afterEvent triggers when multiple clients are subscribed to the same class. Specifically, versions before 8.6.65 and versions 9.0.0 up to (but not including) 9.7.0-alpha.9 are vulnerable. Patches have been released to address this vulnerability by deep-cloning the shared objects, ensuring isolation between subscribers.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a Parse Server deployment using LiveQuery with protected fields or afterEvent triggers.\u003c/li\u003e\n\u003cli\u003eAttacker determines the server is running a vulnerable version of Parse Server (e.g., 9.6.0).\u003c/li\u003e\n\u003cli\u003eAttacker subscribes to a LiveQuery for a specific class containing protected fields.\u003c/li\u003e\n\u003cli\u003eA legitimate user subscribes to the same LiveQuery for the same class.\u003c/li\u003e\n\u003cli\u003eThe server processes the legitimate user\u0026rsquo;s subscription first. A sensitive data filter removes a protected field from the shared object.\u003c/li\u003e\n\u003cli\u003eThe server then processes the attacker\u0026rsquo;s subscription. Because the object has already been filtered by the previous subscriber\u0026rsquo;s request, the attacker receives the object without the protected field check being applied.\u003c/li\u003e\n\u003cli\u003eAttacker gains unauthorized access to data they should not be able to view.\u003c/li\u003e\n\u003cli\u003eThe attacker can potentially exploit this information to further compromise the application or access other sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability could lead to the exposure of sensitive information, including protected fields and authentication data, to unauthorized users. The number of affected deployments is unknown, but any Parse Server instance utilizing LiveQuery with protected fields or afterEvent triggers is potentially at risk. Successful exploitation could result in data breaches, privacy violations, and unauthorized access to sensitive application resources. The severity is high due to the potential for widespread data leakage and the lack of a workaround prior to patching.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Parse Server to version 8.6.65 or later, or version 9.7.0-alpha.9 or later to patch CVE-2026-34363.\u003c/li\u003e\n\u003cli\u003eMonitor Parse Server logs for unusual LiveQuery subscription patterns that might indicate an attempted exploitation. While there are no specific rules provided here, correlate server logs with application usage to detect anomalies.\u003c/li\u003e\n\u003cli\u003eIf unable to immediately patch, consider disabling LiveQuery functionality or removing protected fields as a temporary mitigation, though this will impact application functionality.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-30T17:40:59Z","date_published":"2026-03-30T17:40:59Z","id":"/briefs/2024-01-02-parse-server-livequery-leak/","summary":"Parse Server versions before 8.6.65 and between 9.0.0 and 9.7.0-alpha.9 are vulnerable to a data leak where protected fields and authentication data can be exposed to unauthorized clients due to shared mutable objects across concurrent LiveQuery subscribers.","title":"Parse Server LiveQuery Protected Field Leak via Shared Mutable State","url":"https://feed.craftedsignal.io/briefs/2024-01-02-parse-server-livequery-leak/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["ai","shadow-ai","prompt-injection","data-leak","endpoint-security"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCrowdStrike is addressing the emerging attack surface presented by the rapid adoption of AI tools, AI agents, and AI-powered software. Traditional security controls are insufficient to protect against novel threats like indirect prompt injection and agentic tool chain attacks, exacerbated by shadow AI. The CrowdStrike Falcon platform is being enhanced with AI Detection and Response (AIDR) capabilities to secure AI workforce adoption and development across endpoints, SaaS environments, and cloud environments. These enhancements include extending runtime security guardrails to agents built in Microsoft Copilot Studio and enhancing endpoint AI security capabilities. These capabilities aim to enable organizations to confidently and securely accelerate AI development and adoption.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains initial access to a system, potentially through compromised credentials or a software vulnerability, targeting a developer machine with deployed AI tools.\u003c/li\u003e\n\u003cli\u003eThe attacker exploits a personal AI agent like OpenClaw running on the endpoint, leveraging its autonomy and system permissions for malicious purposes (Living off the AI Land - LOTAIL).\u003c/li\u003e\n\u003cli\u003eThe compromised AI agent executes terminal commands, browses the web, and interacts with files, mimicking legitimate user behavior.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages prompt injection techniques to manipulate the AI agent\u0026rsquo;s behavior and access sensitive data.\u003c/li\u003e\n\u003cli\u003eThe AI agent is used to access and exfiltrate sensitive data from the endpoint or connected network, bypassing traditional data loss prevention (DLP) controls.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the AI agent to move laterally within the network, accessing other systems and resources.\u003c/li\u003e\n\u003cli\u003eThe attacker deploys malicious code or tools through the compromised AI agent, further compromising the environment.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe exploitation of AI agents and shadow AI can lead to significant data breaches, intellectual property theft, and reputational damage. Organizations face an increasing AI visibility and governance gap. Successful attacks can compromise sensitive data handled by AI applications and agents, leading to regulatory fines and legal liabilities. The lack of visibility into AI component deployments introduces supply chain risks and exploitable vulnerabilities.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy CrowdStrike Falcon AIDR to gain visibility into employees\u0026rsquo; use of AI applications, including full prompt content, and to detect prompt attacks, data leaks, and access control and content policy violations (CrowdStrike Falcon AIDR).\u003c/li\u003e\n\u003cli\u003eUtilize AI Discovery in CrowdStrike Falcon Exposure Management to automatically discover AI-related components running across endpoints in real time, including AI apps and agents, LLM runtimes, MCP servers, and IDE extensions (CrowdStrike Falcon Exposure Management).\u003c/li\u003e\n\u003cli\u003eImplement runtime security guardrails using Falcon AIDR to monitor Microsoft Copilot Studio agents for prompt injection attacks, data leaks, and policy violations in real time (Falcon AIDR).\u003c/li\u003e\n\u003cli\u003eEnable Sysmon process creation logging to activate the \u0026ldquo;Detect Suspicious AI Agent Processes\u0026rdquo; rule below.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-28T09:23:42Z","date_published":"2026-03-28T09:23:42Z","id":"/briefs/2026-03-securing-ai-agents/","summary":"CrowdStrike is enhancing its Falcon platform with AI Detection and Response (AIDR) to secure AI agents and govern shadow AI across endpoints, SaaS, and cloud, addressing threats like prompt injection attacks, data leaks, and policy violations.","title":"CrowdStrike Falcon Enhancements Secure AI Agents and Govern Shadow AI","url":"https://feed.craftedsignal.io/briefs/2026-03-securing-ai-agents/"}],"language":"en","title":"CraftedSignal Threat Feed — Data-Leak","version":"https://jsonfeed.org/version/1.1"}