Security researcher discloses vulnerabilities in Johnson & Johnson campus recruiting and audit systems
By
Eaton
Summary
A security researcher (Eaton) discloses two vulnerabilities found in Johnson & Johnson web applications. The first is a campus recruiting system that exposed personal details of nearly 1,000 students. The second is an admin takeover vulnerability in an internal audit tracking management system used by 20 companies. The article details the technical exploitation process, the data exposed, and the responsible disclosure timeline with JnJ's security team.
Source
Key quotes
· 3 pulledToday I am revealing vulnerabilities I found in 2 very different Johnson & Johnson web apps.
One is a vulnerability in a college campus recruiting system that exposed details of nearly 1,000 students, and the other is an admin takeover of an internal audit system used by 20 companies.
Let's dive in!
You might also wanna read
University of Nottingham confirms student data breach via third-party software vulnerability
The University of Nottingham disclosed that cyber criminals accessed a "significant amount" of personal student data through a third-party v
UNDP Lebanon recruitment process exposes applicant data through insecure submission methods
The article discusses cybersecurity risks associated with the UNDP Lebanon office's recruitment process for a Junior Research Analyst positi
undercodetesting.com·16d agoMicrosoft threatens security researcher with legal action over public disclosure of unpatched bugs
Microsoft threatened independent security researcher "Nightmare Eclipse" with legal action and criminal investigation after they publicly di
ShinyHunters exploits Oracle PeopleSoft zero-day, breaches 100+ organizations including University of Nottingham
ShinyHunters, a data theft and extortion group, exploited a critical Oracle PeopleSoft zero-day vulnerability (CVE-2026-35273) to compromise
Microsoft reverses legal threats against security researcher who disclosed 0-day vulnerability
Microsoft has backed down from legal threats against a pseudonymous security researcher who disclosed a 0-day vulnerability, following backl
Nottingham University cyber attack compromises data of 450,000 students and alumni
Around 450,000 current and former Nottingham University students had their personal data compromised in a cyber attack claimed by the ShinyH

Comments
Sign in to join the conversation.
No comments yet. Be the first.