A threat actor identified as Hider_Nex has claimed to have discovered multiple vulnerabilities on the official website of the Oyo State Ministry of Trade, Industry, Investment and Cooperatives (oyostatecommerce.com.ng).
The vulnerabilities include:
- Zero-click vulnerability
- Clickjacking
- Username enumeration
- Unauthorized access to admin accounts and citizen records (Telegram version only)
The actor is offering to sell or provide these vulnerabilities to interested Nigerian authorities in exchange for a reward.
This incident raises serious concerns about the security posture of state-level government platforms and the potential exposure of sensitive data.
CyHawk Africa advises:
- Immediate technical review and patching of the site
- Rotate all admin credentials
- Conduct a full log audit to check for unauthorized access