FIFA flaw exposes World Cup live streams

// 2h agoSECURITY INCIDENT

FIFA flaw exposes World Cup live streams

A security vulnerability in FIFA's public Agent Platform allowed any registered user to bypass client-side checks and access the backend of the FIFA Football Data Platform. This flaw exposed active RTMP ingest URLs and stream keys for all live FIFA World Cup 2026 camera feeds, enabling attackers to potentially hijack global broadcast feeds.

// ANALYSIS

Relying on front-end role checks without server-side validation is a classic architectural failure that is unacceptable for high-profile global operations.

* Client-side routing guards are not security barriers; all APIs must validate user permissions on every request.

* Adding public registrations directly to a corporate Entra tenant exponentially increases attack surface if internal applications trust any authenticated tenant member by default.

* The absence of a security contact, VDP, or `security.txt` file introduces dangerous delays in resolving active, critical vulnerabilities.

// TAGS

securityvulnerabilitybroken-access-controlactive-directorylive-streamingbroadcastapi-securityfifa

DISCOVERED

2h ago

2026-06-16

PUBLISHED

5h ago

2026-06-16

RELEVANCE

8/ 10

AUTHOR

BobDaHacker

// KEEP READING

More AI developer news from the feed

EXPLORE FULL FEED

TUTORIAL1h ago

Nav Toor drops Claude Code cheat sheet

AI developer Nav Toor shared a cheat sheet of underutilized commands for Anthropic's terminal-based assistant, Claude Code. The guide highlights advanced features like the /fork command, which spawns background agents to test risky changes without losing conversation history.

UPDATE2h ago

PhysicsWallah integrates ElevenLabs' real-time voice technology to upgrade its 'Ask AI' doubt-solving tool into a multilingual, conversational AI tutor.

Indian EdTech giant PhysicsWallah has integrated ElevenLabs' low-latency text-to-speech API into its 'Ask AI' doubt-solving engine, transitioning from a text-only interface to a conversational, audio-first learning experience. The integration addresses findings that 52% of PhysicsWallah's student base prefers audio learning, especially in low-attention or multitasking scenarios. Utilizing ElevenLabs' multilingual capabilities, the platform provides real-time explanations in natural Hinglish and regional languages with minimal latency, supporting high-concurrency peak usage. The integration currently powers three distinct educational use cases: the Ask AI doubt solver, parent outreach calling, and AI student counseling mentors.

OPEN SOURCE2h ago

Moonshot AI open-sources Kimi Code CLI

Moonshot AI has released Kimi Code CLI under the MIT license, a terminal-based AI coding assistant optimized for running long-horizon agentic workflows in local environments. The tool assists developers with tasks like debugging and refactoring, automatically handling read-only actions while requesting explicit confirmation for file modifications or shell commands.