Dr. Gupta

He studied philosophy. Dropped out of MBA. Started working at 15 to help his family. Today Meta hired him to lead WhatsApp globally. Meet Kunal Shah — the architect of India's fintech revolution. > Born May 20, 1983 in Mumbai to a Gujarati family. > Father was a small businessman. > When his family faced financial crisis at 14. > he started working at age 15. > Studied philosophy at Wilson College. > Dropped out of MBA at NMIMS. > Chose learning over credentials. > 2009 — Founded PaisaBack. A cashback rewards platform for retailers. > Profitable from day one. > But he saw the market was fragmented. Pivoted. > 2010 — Founded FreeCharge with Sandeep Tandon. > 2015 — Snapdeal acquired it for ~$400 million. > Made digital payments mainstream in India. > Then stepped back. > Spent years observing. > Learning. > Investing in 200+ startups. > 2018 — Founded CRED. A rewards platform for credit card bill payments. > CRED has 17 million monthly active members. > Processes 40% of India's credit card bill payments. > Processes ₹8.5 lakh crore in annual payment value. > TODAY — June 22, 2026. > Meta invests $900 million in CRED at $4.5 billion post-money valuation. > But that's not the headline. > Kunal Shah is stepping down as CRED CEO to become Global Head of WhatsApp at Meta. > Succeeding Will Cathcart. Leading WhatsApp's next phase globally. > He retains his personal shareholding in CRED. > The founder walked away from his own company. > At the moment of its biggest inflection. Why? > "The delta between WhatsApp today and its full potential is massive." > That's his quote. > 1.7 billion users. Underdeveloped. Untapped. > He saw an imbalance he couldn't ignore. > Philosophy major. > MBA dropout. > Two billion-dollar exits (FreeCharge, CRED). > 200+ angel investments. > Now — global head of the world's biggest messaging app. > On his failures: "We should celebrate entrepreneurs who take risks. In the AI-driven world, being a job seeker may be riskier than being an entrepreneur." > This is the philosophy graduate talking. Not the billionaire. From Mumbai middle-class kid to shaping India's fintech. From CRED founder to WhatsApp's global boss. In one day. Absolute legend.

Whether or not AI replaces auditors doesn’t matter. The truth is, AI is already augmenting auditors. That’s why I see learning AI deeply as crucial for staying competent in security research going forward. You either adapt or fall behind. Someone who has a deep understanding of both security and AI will be in great demand. If you’re serious about adapting, this is a solid place to start! https://t.co/pEC4ccpIhF

i had a mentor once. not some guru mf. a legit psychopath who’d built and lost two empires by 40. i asked him for the secret to winning... he just looked at me with dead eyes, the kind of eyes that have seen real fucking war, and said: "i hope you fail. i hope you lose it all. i hope you feel the terror of it so deep in your bones it feels like a disease. only then will you develop a disgust for losing so profound, so pathological, that you'll never let it happen again." the desire to win is for goons playing a game. the pathological HATRED of losing is what builds kingdoms. listen to more killers and you'll become one

Many friends ask me what’s the dorking I use in duckduckgo Firstly there’s no many dorking in ddg but the secret is archive system on it is different from google that’s why if you focus more on it you can find things that’s not in google or waybackurls Here’s my dorking site:google(.)com site:*.google(.)com “google(.)com” “Interesting keyword” #bugbountytips #BugBounty

What happened here? 1.I found a subdomain endpoint via DuckDuckGo dorking. 2.I noticed a login endpoint that’s different from the users endpoint (neither allows registration). 3.I fuzzed that endpoint and discovered a user-management endpoint, but the website redirected me, so I used Burp to change the status code. 4.The endpoint didn’t initially disclose anything, but one function worked: it allowed me to add a new user via an endpoint with missing authentication. 5.I created a normal user account for myself. 6.When I logged in, Burp’s active scan discovered a weak JWT signing secret — this is the first bug and allows account takeover (ATO). 7.I then accessed the same endpoint from which I created my user; after navigating to it I saw the site allowed me to access the admin panel directly — this is the second bug. Impact: 2 critical bugs — maximum payout. Clean mind always wins. #bugbounty #bugbountytips