CVE-2026-2257

The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2 due to missing validation on a user controlled key in the action function. This makes it possible for authenticated attackers, with Author-level access and above, to...

LinkedIn: Access to Deactivated LinkedIn Company Pages via Competitor Analytics API

A vulnerability was discovered in LinkedIn's Competitor Analytics API that permitted authenticated users to access analytics data for deactivated company pages...

EUVD-2026-11762

The GetGenie plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.2 due to missing validation on a user controlled key in the action function. This makes it possible for authenticated attackers, with Author-level access and above, to...

Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns

Instagram Threads, the upcoming Twitter competitor from Meta, will not be launched in the European Union due to privacy concerns, according to Ireland's Data Protection Commission DPC. The development was reported by the Irish Independent, which said the watchdog has been in contact with the soci...

LinkedIn: [ADMIN FEATURE ACCESS] Knowing The Competitors analytics of any company

Vulnerability description not provided...

CVE-2022-1165

The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. This could result in blocking arbitrary IP addresses, such as legitimate/good search...

An Internet Troll Gives Nonalcoholic Spirits Startups the Spins

From false press releases to misleading domain names, one man has allegedly gone to great lengths to sabotage his competitors...

Cross-Site Request Forgery (CSRF) in zmister2016/mrdoc

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

Twitch Gets Gutted: All Source Code Leaked

An attacker claims to have ransacked Twitch for everything it’s got, including all of its source code and user-payout information. 100621 14:23 UPDATE: Twitch has confirmed the breach. According to Video Games Chronicle VGC, which first reported the assault on the interactive live-streaming...

Ticketmaster To Pay $10 Million Fine For Hacking A Rival Company

Ticketmaster has agreed to pay a $10 million fine after being charged with illegally accessing computer systems of a competitor repeatedly between 2013 and 2015 in an attempt to "cut the company off at the knees." A subsidiary of Live Nation, the California-based ticket sales and distribution...

Rank Math 0.9~1.0.42.1 - Missing Access Controls to Disable Competitor Plugins

Missing access controls on the GET requests to deactivate competitors' plugins. This could allow any authenticated users such as subscribers to deactivate the SEO and Sitemap plugins from competitors. The attack could also be performed via CSRF...

Rank Math 0.9~1.0.42.1 - Missing Access Controls to Disable Competitor Plugins

Missing access controls on the GET requests to deactivate competitors' plugins. This could allow any authenticated users such as subscribers to deactivate the SEO and Sitemap plugins from competitors. The attack could also be performed via CSRF. PoC...

Hacking Back? BriansClub Dark Web Attack a Boon for Banks

UPDATE A Dark Web “carding store” called BriansClub, which specializes in selling stolen payment card information, has itself become a victim, with thieves making off with 26 million credit- and debit-card records. The site appears to be a target of roundabout “hacking back” by a competitor , who...

Bezop Cryptocurrency Server Spills 25K in Private Investor, Promoter Data

A leaky Mongo database exposed personal information, including scanned passports and driver’s licenses, of 25,000 investors and potential investors tied to the Bezop cryptocurrency, according to researchers. Kromtech Security said that it found the unprotected data on March 30, adding that it...

Amazon Patents Measures to Prevent In-Store Comparison Shopping

Amazon has been issued a patent on security measures that prevents people from comparison shopping while in the store. It's not a particularly sophisticated patent -- it basically detects when you're using the in-store Wi-Fi to visit a competitor's site and then blocks access -- but it is an...

Yelp: ClickJacking in editing business name

SUMMARY: Hope you guys are doing great. I found clickjacking vulnerability while updating business page.One of the endpoints which is vulnerable to clickjacking is https://www.yelp.com/bizattribute?bizid=RIyHYSf3lyJcFb4El9T4tQ . Clickjacking User Interface redress attack, UI redress attack, UI...

Cloud Source Repositories: Google Quietly Launches GitHub Competitor

After the death of Google code this winter, Google is apparently back in the business through the launch of its private Git repository hosting service on Google Cloud Platform called Cloud Source Repositories. Not yet officially announced, but Google started providing free beta access to its new...

Spamtitan Backdoors

a few month ago backdoors in barracuda was found https://www.schneier.com/blog/archives/2013/01/backdoorsbuilt.html http://www.theregister.co.uk/2013/01/24/barracudabackdoor/ apparently their competitor spamtitan was quick making fun of them...

Head of Russian Payment Processor ChronoPay Arrested

Pavel Vrublevsky, the head of a prominent Russian payment-processing company, ChronoPay, was arrested in Russia on suspicion of hiring someone to launch a denial-of-service attack against one of his company’s main competitors. The arrest is the latest in a series of high-profile actions against...

Yonggang "Gary" Min (DuPont)

Min worked at Delaware based chemicals giant DuPont for over a decade before he surreptitiously took a job at DuPont competitor, Victrex. Over a four month period after accepting that offer, and before informing DuPont of his decision, Min systematically copied thousands of pages of confidential...