Security Affairs
FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hacker found a flaw in the UK Defence Gateway that exposes army data

The security researcher from Government Lab Mohammed Adel has found a vulnerability in the UK Defence Gateway that exposes army data. The security researcher from Government Lab Mohammed Adel has found a vulnerability in the UK Defence Gateway, an application only for the staff use, that could be exploited by attackers to gain access to the […]

Hacker found a flaw in the UK Defence Gateway that exposes army data

The security researcher from Government Lab Mohammed Adel has found a vulnerability in the UK Defence Gateway that exposes army data.

The security researcher from Government Lab Mohammed Adel has found a vulnerability in the UK Defence Gateway, an application only for the staff use, that could be exploited by attackers to gain access to the system as a staff member .

Mohammed Adel told me that he exploited the vulnerability in a kind of Filtering Bypass attack, He was able to get into the UK Defence Gateway without using the @MOD.uk email, a condition implemented to allow the authentication only the internal staff.

The hacker was able to view the material used by the UK Defence to train its personnel, he accessed the private lessons that the Defence Gateway delivers to its staff.

Adel was also able to access other information, including news and the internal announcements.

This Defence Gateway is a platform used by all of the army units, it is also used to allow the Defence UK staff can communicate privately .

Below image the researcher shared to proof the existence of the bug.

UK Defence Gateway bug

The Government Lab rated the bug 6.2 over 10.

I reached the hacker for a comment:

“The severity of this Vulnerability is allowed me to see the sensitive information, including training army data that could allow attackers to study the tactic British Defence. A hacker can exploit the vulnerability to to access the information and sell it to threat actors.”

“I can’t tell how I have found the vulnerability, it’s a classified issue, but the vulnerability is kind of Filtering Bypass attack and redirect files” 

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – UK Defence Gateway, hacking)