Customers of Oracle subsidiary NetSuite’s ERP offering may be unaware that their custom record types grant unauthenticated access to sensitive data readily consumable via NetSuite’s APIs.| CSO Online
This research is written and discovered by Aaron Costello (Twitter @ConspiracyProof). Daniel Miessler has had absolutely no part in the research nor this article. His sole link to the research is taking statements from this very article and reposting them on Twitter. Please provide proper accreditat| Enumerated
How an un-exploitable SOQL injection turned into a 0-day in Salesforce itself affecting millions of user records| Tobia Righi
