Hackers Exploit Vercel GenAI to Mass-Produce Convincing Phishing Sites

Hackers are abusing Vercel GenAI to create convincing phishing sites that mimic major brands, including Microsoft, Adidas, and Nike, making scams harder to detect...

Nike Data Breach Claims Surface as WorldLeaks Leaks 1.4TB of Files Online

As users continue to assess the Under Armour data breach, WorldLeaks, the rebranded version of the Hunters International…...

EUVD-2021-8246

Malicious code in bioql PyPI...

MAL-2025-27528 Malicious code in nike-hercules (npm)

The package nike-hercules was found to contain malicious code...

Malicious code in nike-hercules (npm)

The package nike-hercules was found to contain malicious code...

CVE-2021-20834

Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

nike-schuessler.de Improper Access Control vulnerability OBB-3766290

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

factoryconnect.nike.com Open Redirect vulnerability OBB-3547148

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

secureaccesstest.nike.com Open Redirect vulnerability OBB-3494110

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

secureaccess.nike.com Cross Site Scripting vulnerability OBB-3489436

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The Anatomy of a Scalping Bot: NSB Was Copped!

In recent years, scalping bots have become a growing concern for online retailers. In this two-part blog series, we will analyze the inner workings of the Nike Shoe Bot NSB scalping bot, one of the most dangerous scalping bots around. We will take a closer look at the components of NSB, how we...

cloud.oficial.nike.com.br Cross Site Scripting vulnerability OBB-3073677

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

nike-pro.com Cross Site Scripting vulnerability OBB-2514909

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-20834

Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

CVE-2021-20834

Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

Authorization

Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

CVE-2021-20834

Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...

CVE-2021-20834

CVE-2021-20834 affects Nike App for Android prior to 2.177 and Nike App for iOS prior to 2.177.1. The issue is improper authorization in the handler for the Custom URL Scheme, which can let an attacker prompt a user to visit an arbitrary website via the vulnerable app. Root cause: insufficient ac...

Nike App fails to restrict custom URL schemes properly

Overview Nike App by Nike, Inc. provides the function to access a requested URL using Custom URL Scheme. The app does not restrict access to the function properly CWE-939 which may be exploited to direct the app to access any sites. Impact A remote attacker may lead a user to access an arbitrary...

JVN#89126639: Nike App fails to restrict custom URL schemes properly

Nike App by Nike, Inc. provides the function to access a requested URL using Custom URL Scheme. The app does not restrict access to the function properly CWE-939 which may be exploited to direct the app to access any sites. Impact A remote attacker may lead a user to access an arbitrary website v...