SUPERFORTUNE Launches AI-Powered Mobile App, Expanding Beyond Web3 Into $392 Billion Metaphysics Market 
Australia’s Under-16 Social Media Ban Sparks Global Debate and Early Challenges 
SoftBank Shares Slide as Oracle’s AI Spending Plans Fuel Market Jitters 
Trello Outage Disrupts Users as Access Issues Hit Atlassian’s Work Management Platform 
Amazon in Talks to Invest $10 Billion in OpenAI as AI Firm Eyes $1 Trillion IPO Valuation 
iRobot Files for Chapter 11 Bankruptcy Amid Rising Competition and Tariff Pressures 
SpaceX Edges Toward Landmark IPO as Elon Musk Confirms Plans 
Oracle Stock Surges After Hours on TikTok Deal Optimism and OpenAI Fundraising Buzz 
Intel’s Testing of China-Linked Chipmaking Tools Raises U.S. National Security Concerns 
Jared Isaacman Confirmed as NASA Administrator, Becomes 15th Leader of U.S. Space Agency 
Moore Threads Stock Slides After Risk Warning Despite 600% Surge Since IPO 
MetaX IPO Soars as China’s AI Chip Stocks Ignite Investor Frenzy 
Micron Technology Forecasts Surge in Revenue and Earnings on AI-Driven Memory Demand 
Trump Administration Reviews Nvidia H200 Chip Sales to China, Marking Major Shift in U.S. AI Export Policy 
Republicans Raise National Security Concerns Over Intel’s Testing of China-Linked Chipmaking Tools 
Trump Signs Executive Order to Establish National AI Regulation Standard 
OpenAI Explores Massive Funding Round at $750 Billion Valuation 
A security flaw was recently discovered hiding in T-Mobile domain that could have been exploited to gather customers’ private information.
According to reports, the vulnerability was found in one of T-Mobile’s subdomains intended for the company’s customer care staff. The flawed network, promotool.t-mobile.com, is exclusively being used by the company’s customer support staff and serves as their online portal to access T-Mobile internet services.
Though the said subdomain is not popularly known to the public, ZDNet noted that it was not actually hidden from search engines as well. So if an unauthorized element knows where to look, they can easily abuse the exploit and mine vital account information of T-Mobile customers.
The exploit was found in a hidden API within the domain. And requesting customer information from the website did not require any sort of password. According to the reports, a person using the domain can easily gather account details by simply affixing a customer’s mobile number at the end of the domain address due to the found vulnerability.
Once the exploit was successfully executed, the bugged subdomain returned an array of important customer information including their full name, address, account number.
The flawed domain was also found leaking other sensitive details. ZDNet added that, while account PINs were not released, the bugged domain returned data including “references” to security-related account information. This can then be provided to customer service agents if someone is motivated to manipulate the actual T-Mobile customer’s account.
Meanwhile, other sensitive details such as a T-Mobile customer’s tax identification number was also some of the data returned. The bug also allowed an unauthorized person to view whether a customer has suspended their T-Mobile subscription or if they have an outstanding bill.
Meanwhile, the bugged API has been taken down by T-Mobile after they were notified by security researcher Ryan Stevenson. And as of this writing, the bugged domain has been reportedly fixed. Stevenson was later rewarded with $1,000 under T-Mobile’s bug bounty program.
“The bug was patched as soon as possible and we have no evidence that any customer information was accessed,” a T-Mobile representative said.
