Stortex
12 posts
I was reading this and I double checked my blood pressure to make sure I wasn't having a stroke or hallucinating from a brain aneurysm
impulsive@weezerOSINT
i went to clickup.com. opened the page source. found a hardcoded API key in the javascript. copied it. sent one GET request. got back 959 email addresses and 3,165 internal feature flags. employees from Home Depot. Fortinet. Autodesk. Tenable. Rakuten. Mayo Clinic. Permira. Akin Gump. government workers from Wyoming, Arkansas, North Carolina, Montana, Queensland Australia, and New Zealand. a Microsoft contractor. 71 clickup employees. fortinet sells enterprise firewalls. tenable makes Nessus, the vulnerability scanner half the industry runs. their employees emails are exposed because clickup hardcoded a third party API key in a javascript file that loads before you even log in. this was first reported to clickup through hackerone on January 17, 2025. its now April 2026. the key has not been rotated. i just pulled the response five minutes ago. every email is still there. clickup raised $535 million at a $4 billion valuation. claims 85% of the Fortune 500 use their platform. looks like the proof is in the page source.
English
@_agh0ri @offchan420 @ramxcodes Are you dumb? social engineering attack that lets you watch pirated movies with no login oh no !
English
@offchan420 @ramxcodes morons, this is a social engineering attack! Does it matter if the URL is harmless looking?
Didn't your mum teach you not to click anything or modify the url?
Have you done hacking before?
English
The C++ Standards organization… has made their X account ( @isocpp ) private.
The Lunduke Journal@LundukeJournal
C++ Standards Contributor Banned For Using Word "Question" Seriously. C++ ISO Standards Group has permanently banned a long time contributor (w/dozens of papers on C++) because he included the word "question" in the title for a technical document. It's as insane as it sounds.
English
@b4rry4113n @voqreyy @Brazilwasthere @flrshh @Eomzo1 @VergoFN_ @PeterbotFN @Fortnite @FortniteStatus @FNCompetitive mind telling me how names in the lobby with information such as KD give you in any way a easier win?
English
@StortexIPL @voqreyy @Brazilwasthere @flrshh @Eomzo1 @VergoFN_ @PeterbotFN @Fortnite @FortniteStatus @FNCompetitive Competitive advantage doesn't mean aimbot, dumbass.
English
Epic needs to seriously say what you can't do with overwolf; there are apps that do things like showing all the players in the game when you load into it as shown in the video @Eomzo1 @VergoFN_ @PeterbotFN @Fortnite @FortniteStatus @FNCompetitive
English
@voqreyy @Brazilwasthere @b4rry4113n @flrshh @Eomzo1 @VergoFN_ @PeterbotFN @Fortnite @FortniteStatus @FNCompetitive "Is not allowed cuz it needs to Access the game files" is wrong, Cheats reading the game using multiple way are not allowed cause they are going to give you a advantage, Things like overwolf don't give you better aim + Its Epic their decision not yours. Whitelists exist..😂
English
@Brazilwasthere @b4rry4113n @flrshh @Eomzo1 @VergoFN_ @PeterbotFN @Fortnite @FortniteStatus @FNCompetitive Is not allowed cuz it needs to acces the game files to see whos in your game and Everything. And thats not allowed. Idk if youve read anything or just seen post from rndm people who have no clue. But you got no info about this
English
‼️A malware binder tool branded "Universal File Binder 2026" is being sold on a popular cybercrime forum, advertised as fully undetectable and designed to disguise executable payloads as common file types including documents, images, and videos.
⠀
‣ Threat Actor: Davina Keenan
‣ Category: Malware Tool Sale / Payload Binder
‣ Product: Universal File Binder 2026
‣ Industry Impact: Phishing, Social Engineering, Initial Access
⠀
The tool is marketed as a payload binder, a category of malware used to attach executable code to a legitimate looking file so that opening the file triggers both the decoy document and the hidden payload. A video demo is attached to the listing and this post.
⠀
Advertised features:
⠀
▪️ Claimed "100% FUD" (Fully Undetectable) against major antivirus engines including Windows Defender, Avast, and Kaspersky, at both scantime and runtime
▪️ Bind payloads to .jpg, .png, .pdf, .docx, .pptx, .mp4, and .mp3 files
▪️ Icon and extension spoofing, including double extension tricks
▪️ Lightweight stub with small footprint
▪️ Stated compatibility with Windows 10 and Windows 11
⠀
Pricing:
⠀
▪️ Single build: $100
▪️ Lifetime access with updates: $1,000
⠀
Binders of this type are a common component of commodity phishing kits, used primarily to deliver RATs, stealers, and ransomware via email attachments or messaging platforms. "FUD" claims on public forums are typically short lived and degrade within days or weeks of release as antivirus vendors collect samples.
English
Arch Linux Deletes XLibre Wiki Page, Cites "Code of Conduct"
"The XLibre project goes against [Arch Linux Code of Conduct] and should not be listed on ArchWiki."
English
@instanceGWD @AbsolutlyNobode @UBERSOY1 The Perfect meme of a failing education system in the US. He never said its Averaging 100m, he said Its Averaging almost 100m which is very true considering that like i said before 2 videos are very near the 100m mark and only 1 video got 55m. You clearly failed school retard 🤡
English
English
@instanceGWD @AbsolutlyNobode @UBERSOY1 Learn how to read and what "almost" means when 1 Video is over 100m and 2 videos very near it with only 1 being 55m.
English