ALL POSTS

Key Findings Researchers at watchTowr Labs have discovered a critical vulnerability in SmarterMail, tracked as WT-2026-0001, that allows unauthenticated attackers to hijack administrative accounts and achieve full Remote Code Execution (RCE). The vulnerability lies within the force-reset-password API endpoint, which fails to implement proper security checks for system administrators. Attackers can simply send a JSON request with IsSysAdmin set to true, the target username, an

Key Findings OpenAI confirmed a data breach involving its third-party analytics provider Mixpanel The breach exposed limited API user metadata like names, emails, locations, and browser info No passwords, API keys, chat content, or payment data were involved Regular ChatGPT users were not affected, only those interacting with the OpenAI API Background OpenAI, the company behind the popular AI assistant ChatGPT, has confirmed a data breach involving Mixpanel, a third-party ana