skull

Leaking the phone number of any Google user brutecat.com/articles/leaki…

Google fixes flaw that could unmask YouTube users' email addresses - @LawrenceAbrams bleepingcomputer.com/news/security/…

My channel has been restored! Thank you to everyone who supported me during this process, especially @GoogleVRP for the help in bring the channel back. youtube.com/@skull

Are you seriously kidding me? There's only 3 videos on this channel, all of which are @GoogleVRP PoCs. @TeamYouTube

Google fixes bug that could reveal users' private phone numbers | TechCrunch techcrunch.com/2025/06/09/goo…

Phone numbers are a goldmine for SIM swappers. A researcher found how to get this precious piece of information through a clever brute-force attack. wired.com/story/a-resear…

It used to be possible to leak the EXIF data of any Google user's profile picture by adding "=ip" to the end of the image URL, until recently when this got patched. No, Google does not strip EXIF when you upload a profile picture to your Google account...

Disclosing YouTube Creator emails via Content ID for $20,000 brutecat.com/articles/youtu…

I've seen a lot of discussion about what the impact of an email address leak is. Here's my thoughts: - Many valuable but inactive accounts are on expired domains or old yahoo emails. Attackers can claim these domains, set up forwarding, or recreate deleted emails - then use…

Leaking the email of any YouTube user for $10,000 brutecat.com/articles/leaki…

Google just removed comments for over ~2219 objects from the staging-people-pa discovery document today. All removed comments: tracker.brute.cat/api/changes/st…

Looks like Google has finally fixed the google.com/amp/x.com open redirect. Thankfully, there's still several other open redirects if you know where they are :)

Thanks @YouTube for verifying my channel! (even though i'm only at 5 subscribers...) Look forward to posting some Google VRP exploit POCs here in the future!