The U.S. Department of Defense has disclosed details about four security vulnerabilities on its infrastructure. Two of them have a severity high severity rating while the other two received a critical score. The flaws were reported in August and July. They could allow attackers to hijack a subdomain, execute arbitrary code remotely, or view files on the affected machine. All issues were reported through the Department s vulnerability disclosure on the HackerOne bug bounty platform by distinct ethical hackers. The Department takes about eight hours on average to triage the bugs and deals with all of them.
Source: https://www.bleepingcomputer.com/news/security/us-department-of-defense-discloses-critical-and-high-severity-bugs/