Google pays hacker duo $22k in bug bounties for flaws in multiple cloud projects

Security researchers Sreeram KL and Sivanesh Ashok have won over $22,000 in bug bounties after discovering vulnerabilities in four Google Cloud Platform projects. The most lucrative project was Vertex AI, with the duo earning $5,000 for identifying a server-side request forgery bug and then a further $5,000 for detecting a subsequent patch bypass. Google has addressed the issue by adding cross-site request forgery protection.