VulnerabilitiesApr 25, 2026
‼️🇧🇷 A threat actor is selling a critical Insecure Direct Object Reference (IDOR) vulnerability...
Threat actor selling critical IDOR vulnerability affecting Brazilian company with 2M customer records exposed.
Summary
A threat actor is offering a critical Insecure Direct Object Reference (IDOR) vulnerability for sale on underground forums, claiming it affects an unidentified Brazilian company and exposes personal data of up to 2 million customers. The vulnerability remains unpatched and the targeted company has not been publicly identified. This represents both an active security threat and a potential privacy incident affecting a large customer base.
Entities
Unknown threat actor (selling vulnerability on underground forums) (threat_actor)IDOR (Insecure Direct Object Reference) (technology)