CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

McDonald's Partner and Employee Portals Vulnerabilities Disclosed

First reported
Last updated
πŸ“° 1 unique sources, 1 articles

Summary

Hide β–²

An ethical hacker, BobdaHacker, discovered multiple vulnerabilities in McDonald's partner and employee portals. These flaws exposed sensitive data, allowed unauthorized access to corporate data, and enabled changes to franchise owner websites. The issues were found in various systems, including the Feel-Good Design Hub and the McDonald's Global Restaurant Standards tool. The vulnerabilities were reported to McDonald's after significant effort to find a proper reporting channel. The flaws included server-side issues, API key exposure, and misconfigurations that allowed unauthorized access and data exposure. McDonald's has since addressed these issues, but the company still lacks a formal security reporting program.

Timeline

  1. 20.08.2025 21:41 πŸ“° 1 articles Β· ⏱ 27d ago

    McDonald's Partner and Employee Portals Vulnerabilities Disclosed

    An ethical hacker, BobdaHacker, discovered multiple vulnerabilities in McDonald's partner and employee portals. These flaws exposed sensitive data, allowed unauthorized access to corporate data, and enabled changes to franchise owner websites. The issues were found in various systems, including the Feel-Good Design Hub and the McDonald's Global Restaurant Standards tool. The vulnerabilities were reported to McDonald's after significant effort to find a proper reporting channel. The flaws included server-side issues, API key exposure, and misconfigurations that allowed unauthorized access and data exposure. McDonald's has since addressed these issues, but the company still lacks a formal security reporting program.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

UNC6395 Exploits Salesloft OAuth Tokens to Exfiltrate Salesforce Data

UNC6395 exploited Salesloft OAuth tokens to exfiltrate data from Salesforce instances. The campaign, active from August 8 to 18, 2025, targeted over 700 organizations, exporting credentials and sensitive information. Zscaler, Palo Alto Networks, Cloudflare, Google, PagerDuty, Proofpoint, SpyCloud, Tanium, and Workiva were impacted by the breach, exposing customer information. Salesloft and Salesforce have taken remediation steps, and the threat actor demonstrated operational security awareness. The breach involved exporting large volumes of data from Salesforce instances, including AWS access keys, passwords, and Snowflake tokens. The actor deleted query jobs to cover tracks. Salesloft has revoked connections and advised customers to re-authenticate Salesforce integrations. The campaign may indicate a broader supply chain attack strategy. Salesloft has engaged Mandiant and Coalition for investigation and remediation. Drift customers are urged to update API keys for connected integrations. Salesforce removed the Drift application from the Salesforce AppExchange until further notice. Google has revealed that the campaign impacts all integrations, including Google Workspace email accounts, and has taken steps to mitigate the risk. Salesloft is temporarily taking Drift offline to review the application and build additional security measures. Okta successfully prevented a breach of its Salesforce instance by enforcing inbound IP restrictions, securing tokens with DPoP, and using the IPSIE framework. Okta recommends that organizations demand IPSIE integration from application vendors and implement an identity security fabric unified across applications.

Open in new tab

Multiple vulnerabilities in Dell ControlVault3 firmware allow persistent access

Cybersecurity researchers have identified multiple vulnerabilities in Dell's ControlVault3 firmware and associated Windows APIs. These flaws, collectively named ReVault, can enable attackers to bypass Windows login, extract cryptographic keys, and maintain persistent access even after OS reinstallation. Over 100 Dell laptop models using Broadcom BCM5820X series chips are affected. No evidence of exploitation in the wild has been reported. The vulnerabilities allow attackers to escalate privileges, bypass authentication, and deploy undetectable malicious implants. The affected systems are commonly used in industries requiring heightened security, such as those using smart card or NFC readers. The identified vulnerabilities include out-of-bounds write, arbitrary free, stack-based buffer overflow, out-of-bounds read, and deserialization of untrusted input flaws. Dell has provided patches to mitigate these risks, and users are advised to apply them and disable unnecessary ControlVault services. The vulnerabilities were discovered by Philippe Laulheret, a senior vulnerability researcher at Cisco Talos, and were presented at the Black Hat USA 2025 security conference. The vulnerabilities involve undocumented APIs that allow users to communicate with the Control Vault board, leading to memory corruption, code execution, extraction of secret keys, and permanent firmware modification.

Open in new tab