Bhavuk Jain

Hijacking an UltraHuman Ring: How Unauthenticated Bluetooth Allows Attackers to Steal and Modify Health Data

Account Takeover via Custom OTP, No User Interaction Required!

Capturing HTTP Requests from a non-proxy-aware Mobile Application

Zero-day in Sign in with Apple

Account Takeover Due to Misconfigured Login with Facebook/Google

Zomato Account Takeover using Victim's Facebook ID

Extracting Sensitive PII From a Tracking Number in Grab Parcel