He has been featured and known by both national and international media and publications[1][2] like Forbes,[3] BBC,[4] The Wall Street Journal,[5] The Express Tribune[1] and TechCrunch.

Reflectiz, a cyber security company, released the list of "Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021" recognizing Rafay Baloch as the top influencer.

[10] On 23 March 2022, ISPR recognized Rafay Baloch's contribution in the field of Cyber Security with Pride for Pakistan award.

[23][24][25][26][27][28] He is amongst the first Pakistani security researcher to be acknowledged by Google, Facebook, PayPal, Apple, Microsoft[29] and numerous other international organizations.

[40][41] Baloch also found several vulnerabilities affecting WebView which allowed an attacker to read local files as well as steal cookies from the user device.

[46][47][48][49][50][51][52] Rafay, along with another researcher, discovered numerous security vulnerabilities that impact PureVPN's Linux desktop client.

Microsoft fixed the issue within two months but Apple didn’t respond to Baloch's report despite the deadline given of 90 days grace period so he made the details public.

[56] The reason this is possible is because an address bar is the only reliable indicator for security in new browsers, as it displays the site’s URL and other details related to the webpage one is on.

Security firms are already seeing attacks in the wild where users are abusing Same Origin Policy (SOP) bypass bug to target Facebook users.” [65] The Metasploit Framework, owned by Rapid7, contained 11 such WebView exploits that were need to be patched, most of which were contributions from Rafay Baloch and Joe Vennix.