Researcher
Joined February 2022
- Tweets 157
- Following 409
- Followers 1,213
- Likes 299
54 Photos and videos
Pinned Tweet
Jan 8
Wow, I just broke into the Top 10 A-lister Google's Bug Hunter Leaderboard worldwide, proudly representing Israel!
2
13
1,150
Liv Matan retweeted
Apr 13
I'm so happy to have won the MVH at the latest Google LHE (Seoul 2026). Thank you, @GoogleVRP, for the amazing event!
17
11
227
31,659
Liv Matan retweeted
Our Google Cloud VRP researchers don't miss! ๐ฅ Check out @terminatorLM's latest Looker research uncovering 9 novel cross-tenant vulns in Looker.
See how it was done: ๐
Mar 10
๐ซฃLeakyLooker: 1 Cross-tenant vulnerability? How about 9? (1/10)๐งต
Iโm incredibly proud to share LeakyLooker. I discovered 9 novel cross-tenant vulnerabilities in Google Cloudโs Looker Studio that broke fundamental design assumptions.
Here is how I broke tenant isolation: ๐
1
11
89
8,738
Mar 10
๐ซฃLeakyLooker: 1 Cross-tenant vulnerability? How about 9? (1/10)๐งต
Iโm incredibly proud to share LeakyLooker. I discovered 9 novel cross-tenant vulnerabilities in Google Cloudโs Looker Studio that broke fundamental design assumptions.
Here is how I broke tenant isolation: ๐
1
20
78
12,913
Mar 10
Disclosure (9/10)๐งต
Huge thanks to the Google VRP team. They handled these reports professionally and moved quickly to remediate them all. All issues are now fully patched. No customer action is required.
1
1
6
616
Mar 10
Read the full technical deep dive and payloads here:
tenable.com/blog/leakylookerโฆ (10/10)๐งต
1
2
9
842
Feb 4
๐ LookOut: Novel Remote Code Execution & Internal Database Access vulnerabilities that I discovered in Google Looker
tenable.com/blog/google-lookโฆ
3
5
46
3,277
25 Dec 2025
Thank you for the shoutout :) it was a pleasure.
25 Dec 2025
๐๐๐
I went to a meetup last night about cloud attacks and watched a talk by @terminatorLM about GCP, and it was SO GOOD!!
I came home with so many ideas and so much motivation.
Turns out itโs also on YouTube! please watch it, no matter which cloud youโre into๐คญ youtu.be/nZWpDeY9p6g?siโฆ
663
5 Nov 2025
๐ค HackedGPT: Unpacking 7 Vulnerabilities we discovered in ChatGPT
Following up on our work: Yarden Curiel, Moshe Bernstein, and I are proud to share the technical details of our ChatGPT research
tenable.com/blog/hackedgpt-nโฆ
1
6
34
2,897
16 Oct 2025
๐ต๏ธ#๐ญ ๐๐ฆ๐ฅ๐๐๐ & #๐ญ๐ด ๐ช๐ข๐ฅ๐๐๐ช๐๐๐: ๐๐ผ๐ผ๐ด๐น๐ฒ ๐ฉ๐๐น๐ป๐ฒ๐ฟ๐ฎ๐ฏ๐ถ๐น๐ถ๐๐ ๐ฅ๐ฒ๐๐ฒ๐ฎ๐ฟ๐ฐ๐ต๐ฒ๐ฟ๐ ๐๐ฒ๐ฎ๐ฑ๐ฒ๐ฟ๐ฏ๐ผ๐ฎ๐ฟ๐ฑ
Massive personal milestone! ๐ I'm ranked #1 in Israel and #18 worldwide on the Google VRP! Thrilled to be a part of it.
6
9
114
12,825
30 Sep 2025
๐ถโ๐ซ๏ธ Big news! The Gemini Trifecta:
I discovered a "Trifecta" of three new vulnerabilities (now remediated) in Google Gemini Cloud Assist, Search Model, and its browsing tool.
Full technical details:
tenable.com/blog/the-trifectโฆ
2
2
22
1,501
11 Sep 2025
My vulnerability is featured in the blog
11 Sep 2025
The inaugural Cloud VRP โ๏ธ bugSWAT event was a record-setter ๐: With 91 identified vulnerabilities resulting in ~$1.6 million in rewards, the event underscored the value of collaboration with external security researchers.
bughunters.google.com/blog/5โฆ
2
1
59
5,793
16 Jul 2025
๐งโโ๏ธ OCI, Oh My:
I recently discovered a classic 1-click Remote Code Execution through CSRF that affects Oracle Cloud Shell and Code Editor Integrated Services.
Full details:
tenable.com/blog/remote-codeโฆ
6
35
1,938