Schemata API Flaw Exposed Military Training Data Across Tenants
Schemata, an AI-powered virtual training platform used by defense customers under active Department of Defense contracts, exposed sensitive military training materials and service member records through API endpoints that lacked effective authorization controls. Researchers at Strix found that a low-privileged user could access cross-tenant data because the platform failed to enforce tenant isolation, organizational scoping, and permission checks, exposing names, email addresses, enrollment details, military base affiliations, course metadata, and direct AWS S3 links to proprietary manuals and Army explosive ordnance field documents.
The same authorization failures reportedly affected write-enabled routes, creating the possibility that unauthorized users could modify or delete training content in addition to viewing it. Strix said it privately disclosed the issue on December 2, 2025, but the flaw remained unpatched for about 150 days despite repeated follow-ups; Schemata said it found no evidence of third-party exploitation, patched the exposed endpoints on May 1, 2026, and is now working with cybersecurity consultants and government authorities as the incident raises compliance concerns tied to DFARS 252.204-7012 and CMMC requirements.
How this story unfolded
4 events from the earliest known activity through the most recent confirmed update.
Strix privately discloses Schemata API authorization flaw
On 2025-12-02, the Strix research team privately reported a zero-authorization flaw in Schemata’s API that allowed low-privileged users to access cross-tenant data and potentially modify or delete training content.
Schemata patches exposed API endpoints after months of delay
Schemata acknowledged the vulnerable endpoints and applied a patch on 2026-05-01, roughly 150 days after the initial disclosure. Researchers later verified that the remediation was effective.
Hunt.io uncovers espionage campaign targeting Omani ministries
Researchers at Hunt.io discovered an active intrusion campaign affecting at least 12 Omani government entities after finding an attacker-controlled staging server exposed online. The Ministry of Justice and Legal Affairs was identified as the primary confirmed victim, with stolen judicial data, user records, and credential material recovered from the server.
Schemata says no exploitation found and begins external coordination
Following remediation and public reporting, Schemata said it found no evidence of third-party exploitation of the flaw and that it was working with cybersecurity consultants and government authorities.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
A DOD contractor’s API flaw exposed military course data and service member records | CyberScoop
cyberscoop.com
Open sourceIranian-Nexus Operation Targets Oman Ministries With Webshells, SQL Escalation, and Data Theft
cybersecuritynews.com
Open sourceZero-Auth Flaw Exposes DoD Contractor to Cross-Tenant Data Access
cybersecuritynews.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Multiple Misconfiguration and Access-Control Flaws Expose AI and SaaS Platforms to Data Theft and Account Takeover
Security researchers reported a **critical Moltbook** exposure caused by an unauthenticated database/API access issue that allowed enumeration of agent records (e.g., `GET /api/agents/{id}`) and leakage of **email addresses, JWT `login_token`s, and third-party `api_key`s**, enabling agent hijacking and downstream abuse of connected services. Separately, **Cal.com Cloud** was found vulnerable to a chained set of broken access controls and signup/invite-token logic flaws that enabled **complete account takeover** and access to sensitive booking data (attendee details, emails, and booking histories) at scale, including organizational accounts. In parallel, SentinelLabs documented that roughly **175,000 internet-exposed Ollama** instances were reachable due to common deployment misconfiguration (binding to `0.0.0.0`/public interfaces), creating conditions for **arbitrary code execution** and access to external resources—especially where tool-calling features were enabled. A distinct IoT case study described **Molekule** air purifiers exposing fleet-wide telemetry because an **AWS Cognito Identity Pool** permitted unauthenticated access to **AWS IoT Core MQTT** subscriptions, leaking device shadow data (e.g., Wi‑Fi SSIDs, MAC addresses, device names, sensor readings) for ~100,000 devices; the disclosed policy reportedly allowed read/subscribe access but not device control without per-device certificates.
Mar 21, 2026
CMI Management Leak Exposed U.S. Military Base Files in Public Directory
A publicly accessible directory tied to U.S. government contractor **CMI Management Inc.** exposed more than **70,000 files** linked to U.S. military installations and personnel. Reports say the contractor, which provides facility management services to the **U.S. Army**, left records openly available for months through an open directory listing, allowing access to sensitive material including personnel records, contractor documents, maintenance forms, emails, schematics, and photographs taken inside military bases. The leak created risks including **phishing, impersonation, and intelligence gathering** against military facilities and staff. Researcher **Arkadeep Roy** reportedly alerted **CISA** in 2024 after the exposure was identified following a tip to Cybernews, but the files remained accessible as recently as March 2026, underscoring how long-lived misconfigurations at defense contractors can leave operationally sensitive government data exposed.
May 8, 2026
Critical Azure SRE Agent Token Flaw Exposed Cross-Tenant AI Sessions
Researchers at Enclave disclosed a critical improper authentication flaw in Microsoft's Azure SRE Agent that allowed an outsider with only a free Azure account to observe another organization's AI operations agent in real time. The cross-tenant exposure stemmed from a token issuance process that accepted accounts from any Microsoft cloud tenant and a communication channel that verified token validity but not tenant ownership, enabling unauthorized access to live agent sessions. Microsoft confirmed the issue, assigned `CVE-2026-32173`, rated it critical with a `CVSS` score of `8.6`, and remediated it server-side. According to the disclosure, exposed data could include user prompts, agent responses, step-by-step reasoning, executed commands, command output, and even plaintext credentials, while generating no logs visible to the victim organization, underscoring wider concerns that enterprise AI agent deployments are outpacing governance and security controls.
Apr 20, 2026