How to hack Discord, Vercel and more with one easy trick

A researcher says a trendy documentation platform used by big names like Discord and Vercel let user-written pages secretly run code on its servers—think “one weird trick” and suddenly you’ve got access to secrets and can mess with caches across customer sites. They also showed a link that could grab images from other companies’ docs and pop an alert on Discord’s domain—pure internet nightmare fuel. The comments? Absolute fireworks. One user called it a VC‑funded, vibe‑coded AI docs startup moment: flashy features, short on brakes, and the finder allegedly got $5k for reporting it. Others piled on that $5k is peanuts for a vuln this spicy. Confusion swirled over why so many giant brands leaned on what looks like a “static site host with sprinkles,” while a wave of supply‑chain panic tied this to a related thread about pwning multiple platforms (link). The meme machine went into overdrive, mocking last week’s “impressively complicated” caching post—now the punchline. There’s some pushback that bug bounties vary and startups aren’t banks, but the loudest chorus is simple: if your docs can run code, your brand can get cooked. Grab popcorn; the docs are spicy.