About Me

I’m a security consultant who tests how apps, websites, and systems can be hacked. Recently, I’ve been identifying security vulnerabilities in large language models and AI agents.

Hidden Prompt Injection to Cloud Data Exfiltration

February 16, 2026

4 min read

AI SecurityGoogle Cloud ConsoleCloud Security

Prompt Injection, but Make It Invisible

June 29, 2025

6 min read

AI SecurityHidden UnicodeBug Bounty

How a Shared Folder Led to Full Account Access in Nextcloud

June 28, 2025

5 min read

Web SecurityNextcloudBusiness Logic Error

From Folder Sharing to Data Exposure

June 26, 2025

4 min read

Web SecurityNextcloudBusiness Logic Error

Nextcloud Workflows Remote Code Execution

June 21, 2025

5 min read

Web SecurityNextcloudOS Command Injection

About Me

Recent Blog Posts