21 million employee screenshots leaked in bossware breach blunder

April 29, 2025

If you thought only your boss was peeking at your work screen, think again.

Employee-monitoring tool Work Composer has committed a jaw-dropping blunder, leaving a treasure trove of millions of workplace screenshots openly accessible on the internet with no encryption in place, and no password required.

Read more in my article on the Hot for Security blog.

Source: Read More

Previous ArticleRansomware attacks on critical infrastructure surge, reports FBI

Next Article Security Isn’t a Tool—It’s a Mindset: Kapil Yewale’s Vision for Resilient Cyber Systems

Highlights

CVE-2025-20261 – Cisco IMC SSH Privilege Escalation Vulnerability

June 4, 2025

CVE ID : CVE-2025-20261

Published : June 4, 2025, 5:15 p.m. | 2 hours, 21 minutes ago

Description : A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges.

This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

6 registry tweaks every tech-savvy user must apply on Windows 11

Here’s why network infrastructure is vital to maximizing your company’s AI adoption

The AI video tool behind the most viral social trends right now

Got a new password manager? How to clean up the password mess you left in the cloud

Right Invoicing App for iPhone: InvoiceTemple

Right Invoicing App for iPhone: InvoiceTemple

Tunnel Run game in 170 lines of pure JS

Integrating Drupal with Salesforce SSO via SAML and Dynamic User Sync

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

User calls Windows 11 “pure horror,” Microsoft says it’s listening to feedback

John the Ripper is an advanced offline password cracker

21 million employee screenshots leaked in bossware breach blunder

Learn MLOps by Creating a YouTube Sentiment Analyzer

Last Week in AI #302 – QwQ 32B, OpenAI injunction refused, Alexa Plus

CVE-2025-44998 – TinyFileManager Stored XSS

CVE-2025-42994 – SAP MDM Server Denial of Service (DoS) Vulnerability

Streamline Mass Insertions with Laravel’s fillAndInsert() Method

Senators Peters and Rounds Lead Bipartisan Push to Extend Critical Cybersecurity Information Sharing Protections

CVE-2025-20261 – Cisco IMC SSH Privilege Escalation Vulnerability

Optimizing Hybrid IT for Competitive and Environmental Advantage

systemd-analyse helps uncover performance problems

CVE-2025-3913 – Mattermost Team Privacy Setting Permission Validation Vulnerability

21 million employee screenshots leaked in bossware breach blunder

Related Posts