All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Security researcher discloses vulnerabilities in Johnson & Johnson campus recruiting and audit systems

By

Eaton

13d ago· 6 min readenInsight

Summary

A security researcher (Eaton) discloses two vulnerabilities found in Johnson & Johnson web applications. The first is a campus recruiting system that exposed personal details of nearly 1,000 students. The second is an admin takeover vulnerability in an internal audit tracking management system used by 20 companies. The article details the technical exploitation process, the data exposed, and the responsible disclosure timeline with JnJ's security team.

Source

Hacker NewsSecurity researcher discloses vulnerabilities in Johnson & Johnson campus recruiting and audit systemseaton-works.com

Key quotes

· 3 pulled
Today I am revealing vulnerabilities I found in 2 very different Johnson & Johnson web apps.
One is a vulnerability in a college campus recruiting system that exposed details of nearly 1,000 students, and the other is an admin takeover of an internal audit system used by 20 companies.
Let's dive in!
Snippet from the RSS feed
Campus Recruiting vulnerability exposed student information, and Audit Tracking Management System vulnerability exposed confidential internal audit data.

You might also wanna read

University of Nottingham confirms student data breach via third-party software vulnerability

The University of Nottingham disclosed that cyber criminals accessed a "significant amount" of personal student data through a third-party v

bbc.com·20d ago

UNDP Lebanon recruitment process exposes applicant data through insecure submission methods

The article discusses cybersecurity risks associated with the UNDP Lebanon office's recruitment process for a Junior Research Analyst positi

undercodetesting.com·16d ago

Microsoft threatens security researcher with legal action over public disclosure of unpatched bugs

Microsoft threatened independent security researcher "Nightmare Eclipse" with legal action and criminal investigation after they publicly di

techcrunch.com·1mo ago

ShinyHunters exploits Oracle PeopleSoft zero-day, breaches 100+ organizations including University of Nottingham

ShinyHunters, a data theft and extortion group, exploited a critical Oracle PeopleSoft zero-day vulnerability (CVE-2026-35273) to compromise

theregister.com·25d ago

Microsoft reverses legal threats against security researcher who disclosed 0-day vulnerability

Microsoft has backed down from legal threats against a pseudonymous security researcher who disclosed a 0-day vulnerability, following backl

mwyr.es·1mo ago

Nottingham University cyber attack compromises data of 450,000 students and alumni

Around 450,000 current and former Nottingham University students had their personal data compromised in a cyber attack claimed by the ShinyH

briefly.co·25d ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.