A directory listing vulnerability on a US government contractor's server exposed over 70,000 sensitive military files, including personnel records and internal base images, to public access. The data remained exposed for years despite a notification to CISA in 2024, posing significant risks of phishing, impersonation, and reconnaissance against military personnel and infrastructure. The article does not provide technical details on specific software versions, CVSS scores, or remediation steps for the underlying vulnerability.
Government security US military data exposed in leaky directory despite CISA notification May 8, 2026 Share By SC Staff (Adobe Stock) A directory containing over 70,000 files related to US military personnel, contractor records, and images from inside military bases has been discovered to be publicly accessible. The leaky directory remained exposed even after the Cybersecurity and Infrastructure Security Agency (CISA) was notified in 2024, as reported by Tech Radar. The exposed data, belonging to US government contractor CMI Management Inc., was found via an open directory listing vulnerability following a tip to Cybernews. Files included schematics, personnel records, maintenance forms, emails, and internal photos of military bases. This leak poses significant risks, including potential phishing and impersonation attempts against military personnel, and could provide threat actors with detailed information about military base layouts and security vulnerabilities. Despite CISA being alerted by security research Arkadeep Roy in 2024, the data remained accessible as of March 2026. This incident follows a recent CISA alert urging organizations to harden endpoint management systems following a cyberattack against a US organization. Source: Tech Radar SC Staff Related Application security Analysis reveals concerning features in official White House app SC Staff May 8, 2026 A security researcher known as Thereallo has found that the app can inject code into third-party websites, effectively hiding cookie consent banners, GDPR notices, and paywalls. Security Operations CISA urges critical infrastructure to plan for prolonged service delivery during emergencies SC Staff May 8, 2026 CISA is warning that state-sponsored hackers, specifically Chinese groups known as Salt Typhoon and Volt Typhoon, pose a continuous threat to vital sectors such as electricity, water, and internet services. AI/ML Major AI companies to share models with Commerce Department for security testing SC Staff May 6, 2026 The Center for AI Standards and Innovation (CAISI), a division of the Commerce Department, will lead the testing of these AI models. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe You can skip this ad in 5 seconds