John

168.8K posts

John banner
John

John

@JDreport

Living in The Truman Show inside other dimensions, realities and timelines

Tham gia Temmuz 2010
1.4K Đang theo dõi3.5K Người theo dõi
John đã retweet
TheLizVariant
TheLizVariant@TheLizVariant·
Why does my Ring camera have IMAX footage of a raccoon demolishing last night’s pizza out of my trash… but a White House event looks like it was filmed on a cracked flip phone from 2007? We pay taxes for this?
English
756
2.2K
9.5K
123.7K
John đã retweet
Matt Wallace
Matt Wallace@MattWallace888·
Why was this guy just sitting there filming?
English
71
129
333
15.7K
John đã retweet
Superjan
Superjan@superjan·
En nog een vrouwenmars. Heel goed!
Miranda@miertje010love

@superjan 16 mei Vrouwenmars tegen AZC in Hellevoetsluis - Voorne aan Zee Neem iedere vrouw mee, je zus, moeder, oma, tante, buurvrouw, dochter of kleindochter. Meer info volgt.❤️

Nederlands
1
7
41
707
John đã retweet
Michael van der Galien
Michael van der Galien@MichaelDDS·
220 asielzoekers naar de Zeelandhallen in Goes tot 1 november. 'Straatcoaches' moeten overlast voorkomen — dat zegt eigenlijk alles. Weer een gemeente die opdraait voor falend asielbeleid uit Den Haag. dagelijksestandaard.nl/nieuws/eerste-…
Nederlands
24
81
199
2.4K
John đã retweet
International Cyber Digest
International Cyber Digest@IntCyberDigest·
The original post: x.com/weezerOSINT/st…
impulsive@weezerOSINT

i went to clickup.com. opened the page source. found a hardcoded API key in the javascript. copied it. sent one GET request. got back 959 email addresses and 3,165 internal feature flags. employees from Home Depot. Fortinet. Autodesk. Tenable. Rakuten. Mayo Clinic. Permira. Akin Gump. government workers from Wyoming, Arkansas, North Carolina, Montana, Queensland Australia, and New Zealand. a Microsoft contractor. 71 clickup employees. fortinet sells enterprise firewalls. tenable makes Nessus, the vulnerability scanner half the industry runs. their employees emails are exposed because clickup hardcoded a third party API key in a javascript file that loads before you even log in. this was first reported to clickup through hackerone on January 17, 2025. its now April 2026. the key has not been rotated. i just pulled the response five minutes ago. every email is still there. clickup raised $535 million at a $4 billion valuation. claims 85% of the Fortune 500 use their platform. looks like the proof is in the page source.

English
0
2
20
5.1K
John đã retweet
International Cyber Digest
International Cyber Digest@IntCyberDigest·
Meanwhile, ClickUp has time to produce videos like this one.
English
1
2
28
4.8K
John đã retweet
International Cyber Digest
International Cyber Digest@IntCyberDigest·
🚨 SaaS platform ClickUp, used by 85% of the Fortune 500, has been leaking customer emails through its homepage for at least 465 days, and counting. ClickUp has a $4 billion valuation. They are SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, ISO 42001, and PCI DSS certified. The fix takes about 90 seconds. Security researcher @weezerOSINT noticed a hardcoded Split[.]io SDK token sitting in plain text inside ClickUp's production JavaScript bundle. The bundle loads before you log in. View source, copy key, send one unauthenticated GET request, and 4.5MB of ClickUp's internal configuration is exposed: 959 customer emails and 3,165 internal feature flags. The customer list consists of Home Depot. Fortinet, who sells enterprise firewalls. Tenable, who makes Nessus, the vulnerability scanner half the industry runs on. Autodesk. Rakuten. Mayo Clinic. Permira. Akin Gump. A Microsoft contractor. 71 ClickUp employees. Government workers from Wyoming, Arkansas, North Carolina, Montana, Queensland, and New Zealand. It gets worse, ClickUp has a flag named "enable-missing-authz-checks." It is active in production. It lists five ClickUp API endpoints the company itself documented as having no authorization. They wrote down their own holes in a config anyone with a browser can read. At first disclosure, another flag carried a live ClickUp API token tied to Fairfax County Public Schools, one of the largest school districts in the US, serving 180,000 students. The token pulled 1,066 staff records, including Chief Financial Services data. ClickUp removed that one token. They never rotated the SDK key that exposed it. While that report rotted, the same researcher found a second bug. ClickUp's webhook API has zero SSRF protection. Reported via HackerOne on April 8, 2026. Status: "New." 19 days, zero response. The original report was filed by @weezerOSINT on January 17, 2025 (!). The key is still live. The emails still drop with one GET. ClickUp has had 465 days to rotate a single token. Zero response... The fix is one click in the Split[.]io dashboard... ClickUp still hasn't replied to the researcher.
International Cyber Digest tweet mediaInternational Cyber Digest tweet media
English
13
57
449
47.8K
John đã retweet
0xNobler
0xNobler@CryptoNobler·
🚨 BREAKING 🇨🇳 CHINA JUST INJECTED ¥218,500,000,000.00 INTO THE MARKET! THEY'RE OFFICIALLY STARTING QE (MONEY PRINTING) TO STIMULATE THE ECONOMY. HUGE LIQUIDITY FLOOD IS COMING!!
English
50
88
377
35.8K
John đã retweet
Ruud✺
Ruud✺@ruud_1111·
Waarom toch overal die agressieve @Politie? Het lijkt normaal te zijn om iedereen maar neer te meppen in dit land, echt te belachelijk voor woorden.
Nederlands
279
209
625
44.4K
John đã retweet
Insider Paper
Insider Paper@TheInsiderPaper·
JUST IN - White House to hold a Press Briefing at 1 PM ET today
English
13
86
474
33.5K
John đã retweet
Nicolas Hulscher, MPH
Nicolas Hulscher, MPH@NicHulscher·
ALL major artificial intelligence systems — SuperGrok, ChatGPT, and Google Gemini — independently concluded that VACCINES CAUSE AUTISM after analyzing our landmark 82-page study. The 30-year lie that “vaccines don’t cause autism” has officially been TERMINATED.
healthbot@thehealthb0t

Having been called a liar by Anthony Fauci for saying that "not one of the 72 vaccines mandated for children has ever been safety tested", RFK Jr. sued Fauci. After a year of stonewalling, Fauci's lawyers admitted that RFK Jr. had been right all along. "There's no downstream liability, there's no front-end safety testing... and there's no marketing and advertising costs, because the federal government is ordering 78 million school kids to take that vaccine every year." "What better product could you have? And so there was a gold rush to add all these new vaccines to the schedule... because if you get onto that schedule, it's a billion dollars a year for your company." "So we got all of these new vaccines, 72 shots, 16 vaccines... And that year, 1989, we saw an explosion in chronic disease in American children... ADHD, sleep disorders, language delays, ASD, autism, Tourette's syndrome, ticks, narcolepsy." "Autism went from one in 10,000 in my generation... to one in every 34 kids today."

English
187
5.6K
12.6K
326.6K
John đã retweet
Glenn Diesen
Glenn Diesen@Glenn_Diesen·
The propaganda has reached truly absurd levels. The US destroyed Nord Stream to decouple Europe from Russia; it was not a Ukrainian erotic model.
Mario Nawfal@MarioNawfal

🇺🇦🇷🇺🇩🇪 Ukraine's Nord Stream diving team included Freya, a former erotic model. In her twenties she'd posed for erotic magazines, including a cover shot in a captain's coat with the headline "Why does the Crimean sun awaken sexy feelings?" She was also reportedly the best diver in the group. Her cover story if they got stopped by police: they were filming an underwater porn shoot. You just can’t make that up 😂 Source: Bild

English
84
486
2.2K
49.2K
John đã retweet
Nicolas Hulscher, MPH
Nicolas Hulscher, MPH@NicHulscher·
Moderna’s newly approved COVID shot (mNEXSPIKE) is literally named after VIOLENT DEATH. In Latin, “NEX” means violent death. mNEXSPIKE = mDEATHSPIKE. The FDA approved mDEATHSPIKE despite a 2.7% SERIOUS ADVERSE EVENT RATE and ZERO placebo tests. You can’t make this up.
English
45
944
1.7K
24.6K

Khám phá

@Politie @weezerOSINT @elonmusk @BarackObama @taylorswift13 @cristiano @BillGates @NASA