Data Security , AI/ML , Vulnerability Management Lovable AI coding platform faces scrutiny over data exposure April 21, 2026 Share By SC Staff (Adobe Stock) As detailed in The Register, the AI coding platform Lovable is facing criticism following a researcher's discovery of a significant security flaw. The vulnerability allowed unauthorized access to sensitive user information, including credentials, chat history, and source code, through free accounts. A security researcher, operating under the handle @weezerOSINT, reported that a simple free account on Lovable provided access to other users' source code and database credentials. The issue stemmed from a Broken Object Level Authorization (BOLA) vulnerability, where API endpoints lacked proper ownership validation. Lovable's initial response attributed the exposure to unclear documentation and "intentional behavior," later shifting blame to its bug bounty partner, HackerOne. The company's statements evolved, with Lovable eventually apologizing for its earlier responses and acknowledging a mistake in its permission handling that accidentally re-enabled access to public project chats. Source: The Register An In-Depth Guide to AI Get essential knowledge and practical strategies to use AI to better your security program. Learn More SC Staff Related Data Security Seiko USA website defaced, customer data breach claimed SC Staff April 21, 2026 The attackers asserted they breached Seiko USA's Shopify backend, exfiltrating sensitive customer data including names, email addresses, phone numbers, order history, shipping addresses, and account details. Threat Intelligence Multiple other companies purportedly breached by ShinyHunters, over 9M record leak warned SC Staff April 20, 2026 Hacking operation ShinyHunters has claimed to have compromised nine major brands, including fast fashion retailer Zara, convenience store chain 7-Eleven, and cruise line operator Carnival Corporation, while warning that it would release over 9 million records with personally identifiable information and internal data should the demanded ransom remain unpaid by Apr. 21, Cybernews reports. Data Security Payouts King ransomware abuses QEMU for hidden VMs and backdoors SC Staff April 20, 2026 The Payouts King ransomware operation is leveraging the QEMU emulator to create hidden virtual machines and establish reverse SSH backdoors on compromised systems, allowing them to bypass endpoint security measures. Related Events Cybercast Beyond the Hype: The Cybersecurity Trends CISOs are Keeping an Eye on in 2026 On-Demand Event Cybercast Beyond the data perimeter: Why next-generation DSPM is the foundation for modern data security On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Buffer Overflow Checksum Cipher Ciphertext Cryptanalysis Cryptographic Algorithm or Hash Data Encryption Standard (DES) Decryption Digital Signature Disassembly You can skip this ad in 5 seconds