Talegaon Dabhade, Pune Police !
A college-aged man was stopped by a policeman on a three-seater bike in Talegaon Dabhade, Pune, as he was riding a triple-seater bike.
Stopped and asked him to pay a fine for driving a triple seater. "However, the law student told the police that he would pay the fine only if they gave him a receipt.
After the student gave such a reply, the police got angry and the police literally beat the student inhumanly.
When the young man went to file a complaint at the police station, the police there also threatened to file a case against him. This information has been given by the student's family. It will be important to see what action the police administration will take on this.
While crime is rampant in the state as a whole, the inaction of the police is clearly visible, while on the other hand, it is evident how the police are harassing ordinary people for trivial reasons
Meet Jyoti Singh from Rohini in North-West Delhi who successfully used Gender Card, but not for herself but to demand Justice for a Male Uber Rider. And even @DelhiPolice acted swiftly this time because the complainant was a woman and arrested the accused in just one day and posted his Victim Video. Good Job Jyoti!!
@ZeptoNow@zeptocares You might be listening but for sure you're not reading. Ask your customer support ([email protected]) to read email and respond instead of just pasting a stereotype response. 🙏
be @ni5arga
→ 19 years old, from West Bengal, studied in Delhi for a few years
→ just finished his own Class 12 exams in 2026
→ calls himself a hobbyist cybersecurity researcher
→ says he is an engineer, not a hacker
→ built an OSINT engine, a stock-tracking TUI, a pastebin in Rust
→ once found bugs in FOSS United and disclosed them quietly
→ just another CBSE student watching his own board roll out a new digital marking system
then he opened the portal
→ CBSE moves Class 12 evaluation to On-Screen Marking, 1.8 million students affected
→ Nisarga sees the portal link is fully public, gets curious
→ opens DevTools, downloads the Angular JavaScript bundle
→ first vulnerability found in 30 minutes
→ a literal master password sitting in plain text inside the frontend code
→ enter it, the OTP field auto-fills, the entire login flow gets bypassed
→ OTP validation happens in the user's browser, not on the server
→ no route guards, every internal page reachable by editing browser storage
→ password reset API never checks the old password
→ systemic IDOR across the entire API, change one value in sessionStorage, become any examiner
→ outcome: take over any teacher account, view answer sheets, edit marks
25 February 2026. He reports everything to CERT-In the same day.
→ CERT-In asks for a screen recording, he sends a full walkthrough
→ acknowledgement comes back as a boilerplate reply
→ reference number assigned: CERTIn-16590126
→ he follows up multiple times. no response.
→ three months pass. portal still live. Class 12 results released. vulnerabilities still there.
→ 22 May: publishes the blog post and a thread on X
→ Deedy Das, Satish Acharya, Internet Freedom Foundation amplify it
→ the post goes viral
→ CBSE issues a clarification: that was just a test portal, no breach
→ the URL CBSE cited in their own tweet was not even a registered domain
→ a friend buys the domain and points it at Nisarga's blog
→ CBSE quietly deletes the tweet
then it gets worse
→ 25 May: finds an SQL injection vulnerability on the live production portal
→ reports to CERT-In, gets a one-line thank you
→ gains admin access to the live https://t.co/1WpmNGsczK server
→ portal stays up for four more hours
→ he uploads anime videos and memes, links them publicly from CBSE servers
→ plays a viral Japanese song on a CBSE page, makes the news for it
→ CBSE finally takes the whole portal down
then he reads the database
→ master table accessed: 10 GB, 9.3 million records
→ examiner names, addresses, school names, bank account details
→ passwords stored in plain text
→ login tokens anyone can paste into a browser to log in as that user
→ 31 May: finds a second live CBSE production portal, 45,074 records of failed payments
→ emails, phone numbers, payment IDs, order IDs, all readable
→ 31 May, the bigger one: an AWS S3 bucket is misconfigured
→ ListObjectsV2 works without authentication, the bucket root is listable
→ samples pulled from 18 lakh scanned 2026 answer sheets, every subject
→ multiple institutions sharing the same bucket
→ also notices something strange in the scans: bedsheets visible in the background of answer sheets CBSE paid for proper scanners to handle
CBSE responds
→ posts an AI-generated image saying the system is robust and secure
→ three days later admits some vulnerabilities existed and have been contained
→ refuses to name the cybersecurity firm doing the audit
→ claims they tried contacting him. he says they have not.
→ Internet Freedom Foundation writes to the Ministry of Education and CERT-In
→ asks for an investigation into CBSE, a review of the contract with vendor Coempt EduTeck, a full audit
→ he points out he could have sold this data and made a lot of money
→ he did not. he is a CBSE student too.
→ his own analogy: the door wasn't just unlocked. the key was lying on the ground in front of everyone.
a 19-year-old with a anima pff broke a national exam evaluation system in 30 minutes with browser developer tools and the government is still pretending it was a test environment
@Livpure_India Your sales team guy tried misleading by mentioning about 7 day free trial. I am not satisfied with your services and would like to cancel, and get the full refund. Kindly assist ASAP.
@JioMart_Support A ticket was created today morning after I raised a complaint using the app but now when I check the app, I don't see any details about the ticket although old tickets are still showing up.
Public Health Issue Alert 🚨
Travelling on Vande Bharat today (Allahabad → Delhi) and yesterday was travelling on Rajdhani (Delhi → Allahabad), I was served rotis/kachoris heated directly inside sealed plastic packaging. While at Rajdhani, I was hungry and so ate the hot Kachori almost instantly and then realised - wait, how can it be hot? Wasn’t it in a sealed packet? How could they heat the packet directly?
Then this repeated today and I couldn’t stop myself from inquiring -
The “Halka Phulka” roti packet clearly states:
• “Store in a cool & dry place”
• No mention of microwave/heating in-pack
• No “microwave safe” indication
Yet the packets are handed over visibly hot.
Lakhs of passengers can verify this - the rotis are served warm with the plastic pack heated.
The person in the train confirmed that rotis were being heated directly in the packet.
Food-grade plastic is not automatically heat-safe unless certified for microwave/steam use. Heating multilayer packaging without clear instructions can potentially increase chemical migration into food - especially when done repeatedly at scale.
This may be operational convenience.
But food safety should never rely on shortcuts.
Requesting @IRCTCofficial@RailMinIndia@AshwiniVaishnaw to clarify:
- Are these institutional packs certified for in-pack heating?
- If so, can that certification be publicly shared?
- Is this happening on all trains? 🚆
- Who has authorised this?
Passenger safety deserves application of mind - not just efficiency. Just to make the passengers that IRCTC is serving hot food, how can such a careless thing be done - playing with the health of lakhs of people who are eating this food?
The last thing we want is blame game buck to be passed between @IRCTCofficial@fssaiindia -
Ministry of Consumer Affairs, Food and Public Distribution will say that it is Railways’ mistake.
Railway minister will say it is the third party vendor who has been given the tender - it’s their mistake.
Third party vendor will find someone at the lowest in the ladder like the gentleman in this video who admitted that they were heated in microwave, to fix the blame on - while fixing NO Accountability of the damage already done and NO Responsibility for what’s to come.
Action / Clarification on this ought to be issued from the Railway Ministry.
Corrective Measures need to be announced immediately.
#railways #VandeBharat #HotFoodScam
These are the current Lokpal members, an authority meant to check corruption in the central govt. Most are retired judges or babus.
They’ve floated tenders to buy BMW 3 Series Li cars worth ₹70 lakh each for all seven.
Lokpal is the most incompetent anti-corruption body. It rejects nearly 90% of complaints, mostly because they weren’t in the prescribed format. Classical judge/babu whims! In five years, it received 8,703 complaints, ordered probes in just 24, and granted prosecution sanction in only six.
Itna to ye log corruption nahi pakdte jitni sarkari suvidhaon ka maza loot lete hain. Ab inko BMW chahiye.
@nch1915 I am not able to retrieve my forgotten password. Forgot password only allows phone number but phone number was not mandatory when I created account. Kindly help. My email is already registered.
Military Combat Parachute System (#MCPS), indigenously developed by #DRDO, has successfully undergone a combat free-fall jump from an altitude of 32,000 feet.
🔹 The jump was executed by the test jumpers of the #IndianAirForce, showcasing the efficiency, reliability, and advanced design of the #indigenous system.
🔹 This achievement makes the #MCPS the only #parachutesystem currently in operational use by the #IndianArmedForces capable of deployment above 25,000 feet.
Details: ▶️
https://t.co/4cGnwGJ369
@GoKiwiNow@YESBANK 'Flat 10% off international flights' offer shows 'Valid on Student fares' in the conditions section after viewing details. Key eligibility criteria should be in the main banner. Such fine print manipulation erodes customer trust. #TransparentMarketing
एक बलात्कारी को जन्मदिन मनाने के लिए पैरोल दी जा रही है - हमारी व्यवस्था कितनी पाखंडी हो चुकी है, इसका सबसे शर्मनाक उदाहरण राम रहीम का मामला है।
यह अब तक 14 बार पैरोल पर बाहर आ चुका है, और इस बार फिर 40 दिनों के लिए जन्मदिन मनाने के नाम पर!
सिस्टम का इससे बड़ा मजाक और क्या हो सकता है!