https://feed.craftedsignal.io/tags/data-leak/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 30 Mar 2026 17:40:59 +0000https://feed.craftedsignal.io/briefs/2024-01-02-parse-server-livequery-leak/Mon, 30 Mar 2026 17:40:59 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-02-parse-server-livequery-leak/Parse Server versions before 8.6.65 and between 9.0.0 and 9.7.0-alpha.9 are vulnerable to a data leak where protected fields and authentication data can be exposed to unauthorized clients due to shared mutable objects across concurrent LiveQuery subscribers.Parse Server, an open-source backend for web and mobile applications, is susceptible to a vulnerability in its LiveQuery functionality. This issue stems from the concurrent handling of multiple subscribers using shared mutable objects. Specifically, when several clients subscribe to the same class via LiveQuery, event handlers process each subscriber concurrently, leading to a situation where sensitive data filters modify shared objects in-place. This can cause protected fields and authentication data to be leaked to clients that should not have access to them, or lead to incomplete objects being received by clients that should see the data. The vulnerability affects Parse Server deployments using LiveQuery with protected fields or afterEvent triggers when multiple clients are subscribed to the same class. Specifically, versions before 8.6.65 and versions 9.0.0 up to (but not including) 9.7.0-alpha.9 are vulnerable. Patches have been released to address this vulnerability by deep-cloning the shared objects, ensuring isolation between subscribers.

Attack Chain

1. Attacker identifies a Parse Server deployment using LiveQuery with protected fields or afterEvent triggers.
2. Attacker determines the server is running a vulnerable version of Parse Server (e.g., 9.6.0).
3. Attacker subscribes to a LiveQuery for a specific class containing protected fields.
4. A legitimate user subscribes to the same LiveQuery for the same class.
5. The server processes the legitimate user’s subscription first. A sensitive data filter removes a protected field from the shared object.
6. The server then processes the attacker’s subscription. Because the object has already been filtered by the previous subscriber’s request, the attacker receives the object without the protected field check being applied.
7. Attacker gains unauthorized access to data they should not be able to view.
8. The attacker can potentially exploit this information to further compromise the application or access other sensitive data.

Impact

This vulnerability could lead to the exposure of sensitive information, including protected fields and authentication data, to unauthorized users. The number of affected deployments is unknown, but any Parse Server instance utilizing LiveQuery with protected fields or afterEvent triggers is potentially at risk. Successful exploitation could result in data breaches, privacy violations, and unauthorized access to sensitive application resources. The severity is high due to the potential for widespread data leakage and the lack of a workaround prior to patching.

Recommendation

• Upgrade Parse Server to version 8.6.65 or later, or version 9.7.0-alpha.9 or later to patch CVE-2026-34363.
• Monitor Parse Server logs for unusual LiveQuery subscription patterns that might indicate an attempted exploitation. While there are no specific rules provided here, correlate server logs with application usage to detect anomalies.
• If unable to immediately patch, consider disabling LiveQuery functionality or removing protected fields as a temporary mitigation, though this will impact application functionality.

]]>highadvisoryparse-serverlivequerydata-leakcve-2026-34363https://feed.craftedsignal.io/briefs/2026-03-securing-ai-agents/Sat, 28 Mar 2026 09:23:42 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-securing-ai-agents/CrowdStrike is enhancing its Falcon platform with AI Detection and Response (AIDR) to secure AI agents and govern shadow AI across endpoints, SaaS, and cloud, addressing threats like prompt injection attacks, data leaks, and policy violations.CrowdStrike is addressing the emerging attack surface presented by the rapid adoption of AI tools, AI agents, and AI-powered software. Traditional security controls are insufficient to protect against novel threats like indirect prompt injection and agentic tool chain attacks, exacerbated by shadow AI. The CrowdStrike Falcon platform is being enhanced with AI Detection and Response (AIDR) capabilities to secure AI workforce adoption and development across endpoints, SaaS environments, and cloud environments. These enhancements include extending runtime security guardrails to agents built in Microsoft Copilot Studio and enhancing endpoint AI security capabilities. These capabilities aim to enable organizations to confidently and securely accelerate AI development and adoption.

Attack Chain

1. An attacker gains initial access to a system, potentially through compromised credentials or a software vulnerability, targeting a developer machine with deployed AI tools.
2. The attacker exploits a personal AI agent like OpenClaw running on the endpoint, leveraging its autonomy and system permissions for malicious purposes (Living off the AI Land - LOTAIL).
3. The compromised AI agent executes terminal commands, browses the web, and interacts with files, mimicking legitimate user behavior.
4. The attacker leverages prompt injection techniques to manipulate the AI agent’s behavior and access sensitive data.
5. The AI agent is used to access and exfiltrate sensitive data from the endpoint or connected network, bypassing traditional data loss prevention (DLP) controls.
6. The attacker uses the AI agent to move laterally within the network, accessing other systems and resources.
7. The attacker deploys malicious code or tools through the compromised AI agent, further compromising the environment.

Impact

The exploitation of AI agents and shadow AI can lead to significant data breaches, intellectual property theft, and reputational damage. Organizations face an increasing AI visibility and governance gap. Successful attacks can compromise sensitive data handled by AI applications and agents, leading to regulatory fines and legal liabilities. The lack of visibility into AI component deployments introduces supply chain risks and exploitable vulnerabilities.

Recommendation

• Deploy CrowdStrike Falcon AIDR to gain visibility into employees’ use of AI applications, including full prompt content, and to detect prompt attacks, data leaks, and access control and content policy violations (CrowdStrike Falcon AIDR).
• Utilize AI Discovery in CrowdStrike Falcon Exposure Management to automatically discover AI-related components running across endpoints in real time, including AI apps and agents, LLM runtimes, MCP servers, and IDE extensions (CrowdStrike Falcon Exposure Management).
• Implement runtime security guardrails using Falcon AIDR to monitor Microsoft Copilot Studio agents for prompt injection attacks, data leaks, and policy violations in real time (Falcon AIDR).
• Enable Sysmon process creation logging to activate the “Detect Suspicious AI Agent Processes” rule below.

]]>highadvisoryaishadow-aiprompt-injectiondata-leakendpoint-security