Blog
Security research insights, technical write-ups, and lessons learned from bug bounty hunting.
Mar 13, 2026
I Found 39 Algolia Admin Keys Exposed Across Open Source Documentation Sites
A systematic audit of Algolia DocSearch found 39 admin API keys exposed across projects like Home Assistant, KEDA, and vcluster.
3 min read
security-researchalgoliadocsearch
Jan 16, 2026
How a Single Leaked Token Exposed Home Depot's Internal Infrastructure for a Year
A leaked GitHub token granted access to 664 internal repositories for nearly a year. Home Depot never responded.
3 min read
security-researchdisclosuregithub