Incidents

Operational and security incidents across all monitored services.

CRITICAL/payment/process

Broken Authorization

Endpoint accepted forged JWT with admin scope (BOLA/IDOR class).

Recommendation
Apply RBAC validation middleware
SEC-991-ABX2026-05-07 14:22 UTC
HIGH/users/{id}

Sensitive Data Exposure

Response leaked CPF and phone for cross-tenant user IDs.

Recommendation
Mask PII fields in response projection
SEC-984-LMN2026-05-07 11:08 UTC
MEDIUM/auth/login

Missing Security Headers

HSTS, X-Frame-Options and CSP missing on login route.

Recommendation
Add Strict-Transport-Security and X-Content-Type-Options
SEC-977-QRP2026-05-06 19:45 UTC
LOW/healthz

SLA Drift

p95 latency drifted 8% above baseline for 12 minutes.

Recommendation
Investigate upstream cache warm-up window
SEC-971-TWX2026-05-06 08:12 UTC