mdgrkb

Invito a revisar: Respuesta de José Antonio Kast @joseantoniokast suplicioextendido.blogspot.com/2025/12/respue… cc @storrealbaa

El pago por destacar publicaciones "boost" de X es lamentable. Solía ser un espacio donde cada voz tenía la misma oportunidad que las demás; ahora manda el bolsillo. Bloqueo las cuentas que usan boost, salvo raras excepciones.

i went to clickup.com. opened the page source. found a hardcoded API key in the javascript. copied it. sent one GET request. got back 959 email addresses and 3,165 internal feature flags. employees from Home Depot. Fortinet. Autodesk. Tenable. Rakuten. Mayo Clinic. Permira. Akin Gump. government workers from Wyoming, Arkansas, North Carolina, Montana, Queensland Australia, and New Zealand. a Microsoft contractor. 71 clickup employees. fortinet sells enterprise firewalls. tenable makes Nessus, the vulnerability scanner half the industry runs. their employees emails are exposed because clickup hardcoded a third party API key in a javascript file that loads before you even log in. this was first reported to clickup through hackerone on January 17, 2025. its now April 2026. the key has not been rotated. i just pulled the response five minutes ago. every email is still there. clickup raised $535 million at a $4 billion valuation. claims 85% of the Fortune 500 use their platform. looks like the proof is in the page source.

🚨 SaaS platform ClickUp, used by 85% of the Fortune 500, has been leaking customer emails through its homepage for at least 465 days, and counting. ClickUp has a $4 billion valuation. They are SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, ISO 42001, and PCI DSS certified. The fix takes about 90 seconds. Security researcher @weezerOSINT noticed a hardcoded Split[.]io SDK token sitting in plain text inside ClickUp's production JavaScript bundle. The bundle loads before you log in. View source, copy key, send one unauthenticated GET request, and 4.5MB of ClickUp's internal configuration is exposed: 959 customer emails and 3,165 internal feature flags. The customer list consists of Home Depot. Fortinet, who sells enterprise firewalls. Tenable, who makes Nessus, the vulnerability scanner half the industry runs on. Autodesk. Rakuten. Mayo Clinic. Permira. Akin Gump. A Microsoft contractor. 71 ClickUp employees. Government workers from Wyoming, Arkansas, North Carolina, Montana, Queensland, and New Zealand. It gets worse, ClickUp has a flag named "enable-missing-authz-checks." It is active in production. It lists five ClickUp API endpoints the company itself documented as having no authorization. They wrote down their own holes in a config anyone with a browser can read. At first disclosure, another flag carried a live ClickUp API token tied to Fairfax County Public Schools, one of the largest school districts in the US, serving 180,000 students. The token pulled 1,066 staff records, including Chief Financial Services data. ClickUp removed that one token. They never rotated the SDK key that exposed it. While that report rotted, the same researcher found a second bug. ClickUp's webhook API has zero SSRF protection. Reported via HackerOne on April 8, 2026. Status: "New." 19 days, zero response. The original report was filed by @weezerOSINT on January 17, 2025 (!). The key is still live. The emails still drop with one GET. ClickUp has had 465 days to rotate a single token. Zero response... The fix is one click in the Split[.]io dashboard... ClickUp still hasn't replied to the researcher.

@ProfeJeanPaul Invito a revisar: Las Peras y Manzanas del Ministerio de Economía suplicioalcliente.blogspot.com/2014/06/las-pe…

@oadasmed ¿Sabe como nació el Ranking de Empresas que Menos Responden Reclamos a Sernac suplicioalcliente.blogspot.com/2013/06/versio… ?

@oadasmed Invito a revisar: Las Peras y Manzanas del Ministerio de Economía suplicioalcliente.blogspot.com/2014/06/las-pe…

@JPilpul63202 Invito a revisar: Las Peras y Manzanas del Ministerio de Economía suplicioalcliente.blogspot.com/2014/06/las-pe…

@v_rotmanh Invito a revisar: Las Peras y Manzanas del Ministerio de Economía suplicioalcliente.blogspot.com/2014/06/las-pe…

@DavidCosoi Invito a revisar: Las Peras y Manzanas del Ministerio de Economía suplicioalcliente.blogspot.com/2014/06/las-pe…

@ClaudioWortsman Invito a revisar: Las Peras y Manzanas del Ministerio de Economía suplicioalcliente.blogspot.com/2014/06/las-pe…

@MDUASO Invito a revisar: Las Peras y Manzanas del Ministerio de Economía suplicioalcliente.blogspot.com/2014/06/las-pe…

@EnzoSchachterG Invito a revisar: Las Peras y Manzanas del Ministerio de Economía suplicioalcliente.blogspot.com/2014/06/las-pe…

@FerMatteotti Invito a revisar: Las Peras y Manzanas del Ministerio de Economía suplicioalcliente.blogspot.com/2014/06/las-pe…

@omarlarre @MinagriCL @sagchile x.com/omarlarre/stat…

Entiendo que hay una planta desaladora en Coquimbo ya adjudicada (El Panul, USD 318 millones con capacidad de 1.200 L/seg) enfocada en consumo humano. Puede sonar loco, pero yo la expandiría para incluir riego agrícola en un par de años más, con un poco de suerte además la nueva generación de osmosis inversa permitiría recuperar minerales de la salmuera, litio incluido. Todo incluso se podría hacer con energía solar.

@maisapm2606 @maisapm2606 ¿Habrá tenido ocasión de revisar la Versión Oficial Sernac suplicioalcliente.blogspot.com/2013/06/versio… ?

@maisapm2606 ¿Sabe como nació El Ranking de Empresas que Menos Responden Reclamos a Sernac suplicioalcliente.blogspot.com/2013/06/versio… ?

@maisapm2606 Invito a revisar: Las Peras y Manzanas del Ministerio de Economía goo.gl/5SGUda

Known as the "Chernobyl Three," engineers Alexei Ananenko, Valeri Bespalov, and Boris Baranov risked their lives to prevent an apocalyptic catastrophe just days after the historic explosion at the nuclear power plant happened 40 years ago Today. Shortly after the initial explosion, firefighters began pumping water into the damaged reactor to cool it. This water rapidly flooded a basement chamber directly beneath the reactor core. The room housed critical valves that controlled the reactor’s emergency cooling system. As the reactor core reached temperatures of over 2,000°F (1,100°C), it started melting through the concrete floor above the flooded basement. Engineers feared that if the superheated molten nuclear fuel (corium) came into contact with the large volume of water below, it would trigger a massive steam explosion. Such a blast could have destroyed the remaining reactors at Chernobyl, devastated the city of Kyiv 60 miles (100 km) away, and released so much radioactive material into the atmosphere that much of Eastern Europe would have become uninhabitable for generations. On April 28, 1986, just two days after the explosion, the three men stepped forward. Wearing only basic diving suits and respirators, and armed with a single flashlight, they repeatedly descended into the pitch-black, highly radioactive flooded basement. Wading through contaminated water up to their chests, they searched for the valves in near-total darkness. After several dangerous descents over multiple days, they finally located and opened the valves. By May 8, approximately 20,000 tons of radioactive water had been successfully drained, preventing the feared steam explosion and sparing millions of people from an even greater nuclear catastrophe. Boris Baranov was the only member of the trio to pass away relatively early, but not from radiation. He died of a heart attack on April 6, 2005, at the age of 64. Alexei Ananenko still alive andcontinued to work in the nuclear industry for decades. In 2017, he survived a serious car accident that left him in a coma, but he recovered and currently lives in Kyiv. Valeri Bespalov remained in the nuclear field after the accident and, like Ananenko, and currently lives in Kyiv.

Today marks 40 years since the Chernobyl disaster. On April 26, 1986, at 1:23 AM, a routine safety test spiraled into the worst nuclear disaster in history.

@Sylvushka Maybe add some text before the link, that works better.

@charliebilello I wonder how long it would take Congress to reach an agreement if government shutdown meant also stock exchanges shutdown.

Does a government shutdown negatively impact the stock market? No. The S&P 500 has gained an average of 0.4% during prior shutdowns and is up 4.8% during the current shutdown which is the longest in history at 70 days and counting. $SPX

@sip_oficial Es igualmente lamentable constatar cuando toda la prensa de un país se somete y hace cómplice de un montaje, transmitiendo sin cuestionamientos una negociada versión oficial: Versión Oficial Sernac suplicioalcliente.blogspot.com/2013/06/versio…

🔴📣 La SIP denuncia graves retrocesos y avances autoritarios en las Américas. 👉🏼Creciente autoritarismo, restricciones a la expresión, persecución judicial, agresiones a periodistas y un entorno digital hostil. sipiapa.org/la-sip-denunci…

@ignacioolivos Invito a revisar: Las Peras y Manzanas del Ministerio de Economía suplicioalcliente.blogspot.com/2014/06/las-pe…