• 2026-02-14: Original Huel T-Shirt vs SF121 alternative

• 2026-02-03: Systematic analysis of the efficacy of water-based plant extract interaction with carbonated beverages

• 2026-01-21: Too Good To Go: Guide + Tips + Experiences after 3 years

• 2026-01-04: How to inspect Chrome DevTools with Chrome DevTools

• 2025-12-22: How to change the New Tab Page in Chrome

• 2025-11-27: chrome://crash is the best home page

websecblog.com

• 2021-09-07: 5 Different Vulnerabilities in Google’s Threadit

• 2020-09-29: Public Bucket Allowed Access to Images on Upcoming Google Cloud Blog Posts

• 2020-04-07: Listing all registered email addresses on Google’s Crisis Map thanks to IDOR and incremental IDs

• 2019-08-12: Clickjacking DOM XSS on Google.org

• 2019-06-12: XSSing Google Employees — Blind XSS on googleplex.com

• 2019-03-10: Inserting arbitrary files into anyone’s Google Earth Studio Projects Archive

• 2019-01-29: Unsecured access to personal data of a million Leo Express users

• 2018-12-14: XSSing Google Code-in thanks to improperly escaped JSON data

• 2018-09-21: Bypassing Firebase authorization to create custom app.goo.gl subdomains

• 2018-09-09: How to use Google’s CSP Evaluator to bypass CSP

• 2018-09-08: Reflected XSS in Google Code Jam

• 2018-08-23: Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org

• 2018-03-29: Angular XSS vulnerability on McDonalds.com