DigiNews

Summary

Security researcher reveals two vulnerabilities in Johnson & Johnson web apps: a Campus Recruiting site exposed nearly 1,000 student records due to a misconfigured MSAL authentication combined with hardcoded API keys, and an internal Audit Tracking Management System with unauthenticated APIs that exposed thousands of employee records. The report documents timelines, impacted systems, and partial remediation, highlighting the risk of client-side auth weaknesses and insecure API usage in enterprise apps.