John

Poef, weg complot: De CIA wist al in 1950 dat kanker een parasitaire infectie was ... jdreport.com/2026/03/06/poe…

The original post: x.com/weezerOSINT/st…

Meanwhile, ClickUp has time to produce videos like this one.

🚨 SaaS platform ClickUp, used by 85% of the Fortune 500, has been leaking customer emails through its homepage for at least 465 days, and counting. ClickUp has a $4 billion valuation. They are SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, ISO 42001, and PCI DSS certified. The fix takes about 90 seconds. Security researcher @weezerOSINT noticed a hardcoded Split[.]io SDK token sitting in plain text inside ClickUp's production JavaScript bundle. The bundle loads before you log in. View source, copy key, send one unauthenticated GET request, and 4.5MB of ClickUp's internal configuration is exposed: 959 customer emails and 3,165 internal feature flags. The customer list consists of Home Depot. Fortinet, who sells enterprise firewalls. Tenable, who makes Nessus, the vulnerability scanner half the industry runs on. Autodesk. Rakuten. Mayo Clinic. Permira. Akin Gump. A Microsoft contractor. 71 ClickUp employees. Government workers from Wyoming, Arkansas, North Carolina, Montana, Queensland, and New Zealand. It gets worse, ClickUp has a flag named "enable-missing-authz-checks." It is active in production. It lists five ClickUp API endpoints the company itself documented as having no authorization. They wrote down their own holes in a config anyone with a browser can read. At first disclosure, another flag carried a live ClickUp API token tied to Fairfax County Public Schools, one of the largest school districts in the US, serving 180,000 students. The token pulled 1,066 staff records, including Chief Financial Services data. ClickUp removed that one token. They never rotated the SDK key that exposed it. While that report rotted, the same researcher found a second bug. ClickUp's webhook API has zero SSRF protection. Reported via HackerOne on April 8, 2026. Status: "New." 19 days, zero response. The original report was filed by @weezerOSINT on January 17, 2025 (!). The key is still live. The emails still drop with one GET. ClickUp has had 465 days to rotate a single token. Zero response... The fix is one click in the Split[.]io dashboard... ClickUp still hasn't replied to the researcher.

🚨 BREAKING 🇨🇳 CHINA JUST INJECTED ¥218,500,000,000.00 INTO THE MARKET! THEY'RE OFFICIALLY STARTING QE (MONEY PRINTING) TO STIMULATE THE ECONOMY. HUGE LIQUIDITY FLOOD IS COMING!!

Waarom toch overal die agressieve @Politie? Het lijkt normaal te zijn om iedereen maar neer te meppen in dit land, echt te belachelijk voor woorden.

JUST IN - White House to hold a Press Briefing at 1 PM ET today

ALL major artificial intelligence systems — SuperGrok, ChatGPT, and Google Gemini — independently concluded that VACCINES CAUSE AUTISM after analyzing our landmark 82-page study. The 30-year lie that “vaccines don’t cause autism” has officially been TERMINATED.

The propaganda has reached truly absurd levels. The US destroyed Nord Stream to decouple Europe from Russia; it was not a Ukrainian erotic model.

Moderna’s newly approved COVID shot (mNEXSPIKE) is literally named after VIOLENT DEATH. In Latin, “NEX” means violent death. mNEXSPIKE = mDEATHSPIKE. The FDA approved mDEATHSPIKE despite a 2.7% SERIOUS ADVERSE EVENT RATE and ZERO placebo tests. You can’t make this up.

Lekker dan zo'n mega groot AZC, daar mag blijkbaar wel iedereen de dupe van worden Verbaasde fietsers rijden zich klem op de Wieldrechtse Zeedijk Met de opening van het asielzoekerscentrum AZC is een populaire doorgaande fietsroute permanent geblokkeerd dordtcentraal.nl/actueel/verbaa…

🚨 I THINK WE’VE SEEN THIS BEFORE… SO WE PROBABLY KNOW WHAT’S COMING NEXT The U.S. Air Force airbridge into the Middle East ran at full intensity overnight, with increased traffic flowing into bases across the UAE and Qatar. This isn’t routine logistics. This is pre-positioning. And historically, it comes right before things escalate. Watch closely.

Iedereen wordt genaaid

😱 iOS 26.4.2 still leaks the real IP when updating VPN apps. Motivated by Mullvad's recent blog, we made a website that logs the iPhone IP every second. We started Mullvad VPN, opened the website, then let Mullvad updated in the background. See the leaks in action.. 🤯

Knap, 9 jaar over een HBO studie gedaan.

Wtf zeg. Zorgcentrum duldt geen kritiek dus dochter mag moeder maar 2 x per week bezoeken? Mijn moeder was meteen mee naar huis gegaan met mij. Wat een mafkezen

90 minuten duurde het volksfeest met de koninklijke familie in #dokkum Dat kostte dus €33.333,33 per minuut. Opgebracht door deels de bevolking van Dokkum en de inwoners van Friesland. Die vetklep moet zich kapot schamen. #vakantiekoning

Juli 1999. Frits Salomonson (oud-advocaat van koningin Beatrix en lid van de raad van voogdij van Prins Willem Alexander) wordt van seks met jongetjes beschuldigd…

Leerling groep 8 op basisschool neergestoken op schoolplein door andere leerling, destentor.nl/deventer/leerl… hulpdiensten NIET gebeld door de school

It gets even better. A Twitch streamer caught a police officer sleeping on duty outside the White House, with anime playing on his work laptop. This whole thing is just a comedy show.

Feit: Prins Willem Alexander kreeg in 2002 een medaille voor het bijwonen van zijn eigen huwelijk... Bron: de staatsalmanak