How I found critical vulnerabilities in Petlibro smart pet feeders allowing complete account takeover via broken OAuth, access to anyone's pet data, device hijacking, and private audio recordings - and how they're still leaving the auth bypass active for 'legacy compatibility' two months later.
Misread as Pelletburo, now sad there’s no pet feeder called that
Cat no potato. Only cold.
Your cat’s data belongs to the people, comrade!