{"id":60386,"date":"2026-03-27T12:30:11","date_gmt":"2026-03-27T12:30:11","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/"},"modified":"2026-03-27T12:30:11","modified_gmt":"2026-03-27T12:30:11","slug":"afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/","title":{"rendered":"AFC Ajax drops ball as flaws let hackers play admin with tickets and bans"},"content":{"rendered":"<p>Dutch football giant AFC Ajax has admitted to a data breach after an attacker gained access to its internal systems, in an incident that looks less like a stray pass and more like the gates left wide open.<\/p>\n<p>The club <a href=\"https:\/\/english.ajax.nl\/articles\/information-about-data-breach-at-ajax\/\" rel=\"nofollow\">says<\/a> a &#8220;hacker in the Netherlands&#8221; exploited vulnerabilities to access parts of its systems, viewing email addresses of a few hundred people and limited personal data tied to fewer than 20 supporters with stadium bans. Ajax says it patched the holes, notified regulators, and has &#8220;no indication&#8221; the data has spread further.<\/p>\n<p>That&#8217;s the scoreboard Ajax wants to show. The match report from <a href=\"https:\/\/www.rtl.nl\/nieuws\/tech\/artikel\/5581939\/hack-ajax-seizoenskaarten-stelen-fans-stadionverboden\" rel=\"nofollow\">RTL News<\/a> looks more like a game where the defense stayed in the locker room.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,dmpu,\" data-sm=\",fluid,mpu,dmpu,\" data-md=\",fluid,mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2acchy_UTmvpkCf61JFsCOgAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2acchy_UTmvpkCf61JFsCOgAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>RTL&#8217;s investigation found that by poking at exposed APIs and reusing shared digital keys, it was possible to act as other users entirely \u2013 transferring season tickets, altering account details, and even lifting stadium bans. For example, RTL lifted a VIP ticket from Ajax director Menno Geelen&#8217;s account in seconds and used it to access an upcoming match before the club clawed it back.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44acchy_UTmvpkCf61JFsCOgAAAAc&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44acchy_UTmvpkCf61JFsCOgAAAAc&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>The flaws potentially exposed data tied to more than 300,000 registered supporters and put upwards of 42,000 season tickets in play \u2013 tickets that could be stolen or simply vanish from an account with little the ticketholder could do about it.<\/p>\n<p>RTL also found details of more than 500 supporters with stadium bans sitting there for the taking, including the reasons behind them \u2013 from scuffles with stewards to drug-related incidents. Not exactly the sort of thing you&#8217;d want easily searchable. As one affected individual, a local government worker, put it: &#8220;This could harm my career.&#8221;<\/p>\n<p>Ajax&#8217;s own statement concedes that a journalist demonstrated the ability to transfer tickets and modify bans, but offered little detail on how such a wide-open setup made it into production in the first place. RTL&#8217;s reporting points to a more basic problem: systems that trusted requests they shouldn&#8217;t have, handing out the same digital keys to everyone, and effectively letting anyone call the shots.<\/p>\n<p>Ajax appears keen to keep the scoreline respectable, focusing on the limited number of confirmed data exposures. But when outsiders can not only see the data but also pull the levers behind it, this looks less like a narrow breach and more like an own goal scored with no one in the net. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2026\/03\/27\/afc_ajax_drops_ball_as\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Vulns in Dutch football club&#8217;s systems didn&#8217;t just expose data \u2013 they let outsiders play with accounts, and even lift stadium bans Dutch football giant AFC Ajax has admitted to a data breach after an attacker gained access to its internal systems, in an incident that looks less like a stray pass and more like the gates left wide open.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-60386","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>AFC Ajax drops ball as flaws let hackers play admin with tickets and bans 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"AFC Ajax drops ball as flaws let hackers play admin with tickets and bans 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-27T12:30:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2acchy_UTmvpkCf61JFsCOgAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"AFC Ajax drops ball as flaws let hackers play admin with tickets and bans\",\"datePublished\":\"2026-03-27T12:30:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/\"},\"wordCount\":412,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2acchy_UTmvpkCf61JFsCOgAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/\",\"name\":\"AFC Ajax drops ball as flaws let hackers play admin with tickets and bans 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2acchy_UTmvpkCf61JFsCOgAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2026-03-27T12:30:11+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/#primaryimage\",\"url\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2acchy_UTmvpkCf61JFsCOgAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2acchy_UTmvpkCf61JFsCOgAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AFC Ajax drops ball as flaws let hackers play admin with tickets and bans\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"AFC Ajax drops ball as flaws let hackers play admin with tickets and bans 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/","og_locale":"en_US","og_type":"article","og_title":"AFC Ajax drops ball as flaws let hackers play admin with tickets and bans 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2026-03-27T12:30:11+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2acchy_UTmvpkCf61JFsCOgAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"AFC Ajax drops ball as flaws let hackers play admin with tickets and bans","datePublished":"2026-03-27T12:30:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/"},"wordCount":412,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2acchy_UTmvpkCf61JFsCOgAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/","url":"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/","name":"AFC Ajax drops ball as flaws let hackers play admin with tickets and bans 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2acchy_UTmvpkCf61JFsCOgAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2026-03-27T12:30:11+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2acchy_UTmvpkCf61JFsCOgAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2acchy_UTmvpkCf61JFsCOgAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/afc-ajax-drops-ball-as-flaws-let-hackers-play-admin-with-tickets-and-bans\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"AFC Ajax drops ball as flaws let hackers play admin with tickets and bans"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60386","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=60386"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60386\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=60386"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=60386"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=60386"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}