Richard’s blogs on Cloud Security

Contributors: Sandeep Kamble, BugDazz Autonomous Pentest AI, Rabit0 ModelPublication Date: March 19, 2026Severity Rating: High (CVSS Score: 8.8)Vulnerability Status: Zero-day at time of discovery A...

Contribute to i12gocaj/Instagram-Notes-Audio-Leakage-via-URL-Extraction-Fixed development by creating an account on GitHub.

Consistency and patience are not soft skills in bug bounty. They are the strategy.

Introduction
Hello, I’m RyotaK
(@ryotkak
), a security engineer at GMO Flatt Security Inc.
A while ago, I participated in the Google Cloud VRP bugSWAT,
a live hacking event organized by Google.
During this event, I discovered a remote command execution…

Found 3 HTTP request smuggling bugs and 1 cache poisoning vulnerability in Cloudflare's Pingora reverse proxy. All exploitable under default config. 3 CVEs, $5k bounty. Full technical breakdown and disclosure notes.

We found a vulnerability in Claude's Chrome Extension that let any website silently inject prompts into your AI-powered browser session. By chaining a wildcard origin allowlist with a DOM-based XSS in a CAPTCHA subdomain, an attacker could steal credentials…

BeyondTrust Phantom Labs reveals a critical command injection vulnerability in OpenAI Codex. Learn how malicious GitHub branch names enable OAuth token…

The Bug
This blog post outlines the chains of multiple gadgets to achieve a full read ssrf on a target.

Open Dynamic client registration on the MCP server to create an open redirect gadget

Path norm

Our audit of WhatsApp’s new “Private Inference” feature shows that trusted execution environments (TEEs) aren’t a silver bullet.

The Cyber Security & Resilience Bill is both predictable and significant, here are five key takeaways that matter most for organizations trying to understand what this Bill really means in practice. 

We released a new Testing Handbook chapter providing a comprehensive security checklist for C and C++ code review, covering Linux, Windows, and seccomp environments.

At ProjectDiscovery, we've been building Neo, an autonomous security testing platform that runs multi-agent, multi-step workflows, routinely executing 20-40+ LLM steps per task. Vulnerability assessments, code reviews, and security audits at scale, enabling…

Posted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team Following our April ...

Posted by Jiacheng Lu, Software Engineer, Google Pixel Team Google is continuously advancing the security of Pixel devices. We have been f...

What you will learn How AI is changing bug bounty Where AI helps security teams Why human hackers matter What the future of bug bounty looks like AI and all the tools built around related technologies...

Introducing the official Burp Suite Ambassador Program

Trail of Bits discovered and exploited memory safety and logic vulnerabilities in Google’s Rust zero-knowledge proof code to forge a proof claiming better quantum circuit performance metrics than Google’s original results, demonstrating unique security risks…

AI and the growing ecosystem of tools built around it have now moved beyond early experimentation and into everyday use across the bug bounty community.