*Critical vulnerabilities in Pudu Robotics' entire fleet - BellaBot, KettyBot, and all their service robots used globally. They ignored emails until I contacted their biggest customers.* ## More Than Just Robot Waiters  You've probably seen these cat-faced robots delivering food in restaurants. Pudu Robotics is the world's largest commercial service robotics company, making not just the famous BellaBot robot waiter, but an entire [...| bobdahacker blog
*Flutrr, backed by The Times of India, has critical security flaws that expose all user data. They knew about it since November 2024 and still haven't fixed it.* ## What I Found Every single API endpoint has the same problem: they just trust what the client tells them, No authentication checks. Nothing. Here's what I could do: **1. Login to Anyones account:** The Google login API just takes the users email you wanna login to: , I wasn't expecting to find their entire customer database exposed. But here we are. ### Respect My Authority! (The Founders Club Had None) For context, Casa Bonita's Found...| bobdahacker blog
How I found critical security vulnerabilities in McDonald's systems affecting millions of employees, and had to cold-call their HQ pretending to know security staff just to report them.| bobdahacker.com
Nonbinary ethical hacker passionate about finding and reporting security vulnerabilities.| BobDaHacker
How Lovense ignored critical vulnerabilities for 8+ years despite multiple researchers reporting them since 2017, exposed 11+ million users' emails through XMPP, allowed account takeovers without passwords, lied to researchers about fixes, and only patched after public exposure forced their hand.| bobdahacker.com
Monster Energy's corporate infrastructure exposed: employee training, customer stereotypes, Beast Bux rewards, and a file system API that's STILL wide open.| bobdahacker.com