Cracking open the rewards admin panel.

Tata Motors gave away the keys to their infrastructure and customer data on their public websites.

On August 10, 2025 at DEF CON 33 in Las Vegas, I presented what could possibly be the biggest vulnerability I may ever discover in the automotive industry. Read and watch how I managed to take over a top automaker’s entire dealer ecosystem.

Industrial generator smart platform had insecure APIs that could enable remote control by anyone.

Hardcoded credentials, pointless encryption, and generous APIs exposed details of every employee and made it possible to break into internal websites.