Bug Hunting 9

• 1-Click Account Takeover (ATO) in Voox Android Apr 2, 2026
• 2FA Bypass via Response Manipulation -- Binding MFA Without Email Verification Mar 3, 2026
• Bypassing OTP Rate Limits with a Simple Capital Letter Oct 23, 2025
• S3 Bucket Writeable and Readable by Unauthenticated Users Mar 3, 2025
• The Thrilling Hunt for a Boolean-Based Blind SQL Injection Oct 15, 2024
• Stored XSS to Account Takeover on Web3 Oct 13, 2024
• Exposing Broken Access Control in Salesforce Oct 11, 2024
• Improper Access Control: User Information Exposure Oct 9, 2024
• Open Redirect To Account TakeOver Oct 7, 2024