Olivia
Online
Yashvir Dalaya
@Yashvir
To define is to limit.
E Unibus Pluram.
Mumbai, India
Joined April 2010
1.6K Following
7.6K Followers
52.4K Posts
be @ni5arga
→ 19 years old, from West Bengal, studied in Delhi for a few years
→ just finished his own Class 12 exams in 2026
→ calls himself a hobbyist cybersecurity researcher
→ says he is an engineer, not a hacker
→ built an OSINT engine, a stock-tracking TUI, a pastebin in Rust
→ once found bugs in FOSS United and disclosed them quietly
→ just another CBSE student watching his own board roll out a new digital marking system
then he opened the portal
→ CBSE moves Class 12 evaluation to On-Screen Marking, 1.8 million students affected
→ Nisarga sees the portal link is fully public, gets curious
→ opens DevTools, downloads the Angular JavaScript bundle
→ first vulnerability found in 30 minutes
→ a literal master password sitting in plain text inside the frontend code
→ enter it, the OTP field auto-fills, the entire login flow gets bypassed
→ OTP validation happens in the user's browser, not on the server
→ no route guards, every internal page reachable by editing browser storage
→ password reset API never checks the old password
→ systemic IDOR across the entire API, change one value in sessionStorage, become any examiner
→ outcome: take over any teacher account, view answer sheets, edit marks
25 February 2026. He reports everything to CERT-In the same day.
→ CERT-In asks for a screen recording, he sends a full walkthrough
→ acknowledgement comes back as a boilerplate reply
→ reference number assigned: CERTIn-16590126
→ he follows up multiple times. no response.
→ three months pass. portal still live. Class 12 results released. vulnerabilities still there.
→ 22 May: publishes the blog post and a thread on X
→ Deedy Das, Satish Acharya, Internet Freedom Foundation amplify it
→ the post goes viral
→ CBSE issues a clarification: that was just a test portal, no breach
→ the URL CBSE cited in their own tweet was not even a registered domain
→ a friend buys the domain and points it at Nisarga's blog
→ CBSE quietly deletes the tweet
then it gets worse
→ 25 May: finds an SQL injection vulnerability on the live production portal
→ reports to CERT-In, gets a one-line thank you
→ gains admin access to the live https://t.co/1WpmNGsczK server
→ portal stays up for four more hours
→ he uploads anime videos and memes, links them publicly from CBSE servers
→ plays a viral Japanese song on a CBSE page, makes the news for it
→ CBSE finally takes the whole portal down
then he reads the database
→ master table accessed: 10 GB, 9.3 million records
→ examiner names, addresses, school names, bank account details
→ passwords stored in plain text
→ login tokens anyone can paste into a browser to log in as that user
→ 31 May: finds a second live CBSE production portal, 45,074 records of failed payments
→ emails, phone numbers, payment IDs, order IDs, all readable
→ 31 May, the bigger one: an AWS S3 bucket is misconfigured
→ ListObjectsV2 works without authentication, the bucket root is listable
→ samples pulled from 18 lakh scanned 2026 answer sheets, every subject
→ multiple institutions sharing the same bucket
→ also notices something strange in the scans: bedsheets visible in the background of answer sheets CBSE paid for proper scanners to handle
CBSE responds
→ posts an AI-generated image saying the system is robust and secure
→ three days later admits some vulnerabilities existed and have been contained
→ refuses to name the cybersecurity firm doing the audit
→ claims they tried contacting him. he says they have not.
→ Internet Freedom Foundation writes to the Ministry of Education and CERT-In
→ asks for an investigation into CBSE, a review of the contract with vendor Coempt EduTeck, a full audit
→ he points out he could have sold this data and made a lot of money
→ he did not. he is a CBSE student too.
→ his own analogy: the door wasn't just unlocked. the key was lying on the ground in front of everyone.
a 19-year-old with a anima pff broke a national exam evaluation system in 30 minutes with browser developer tools and the government is still pretending it was a test environment
Brené Brown, researcher and author, on the contradiction she keeps hearing in rooms full of tech billionaires:
Her work puts her in rooms where the founders and CEOs of major tech platforms talk openly about how they think.
What @BreneBrown hears there unsettles her:
"So I hear someone say, 'Hey, you know, tech billionaire, what should my kids study? I'm worried for my kids… they should study coding, physics,' and then five minutes later, as if that answer didn't happen, someone will say, 'What do you attribute your success to?' I mean deeply when you think about it, and the same person will say, 'My deep reading of philosophy and the stoics.'"
The contradiction is what stops her: the same people crediting philosophy and the liberal arts for their own success are telling other parents their kids should focus on coding and physics.
That gap leads her to a bigger, more uncomfortable question:
"I start to extrapolate from there and wonder if there is a thinking class that's emerging where they're like, 'We're going to read philosophy and we're going to read the liberal arts and we're going to study history, and the rest of you just keep scrolling. Don't worry about the big words. We'll handle all the big words for you.'"
She points to Steve Jobs as an early signal of the same pattern:
"It's like when they asked Steve Jobs, 'Boy, your kids must love the iPad.' Steve Jobs said, 'My kids don't have an iPad.' And then his biographer who spent time with his family said he wasn't kidding. There's no technology. At dinner, they're talking about art and history."
The takeaway is simple but uncomfortable.
The people building these platforms are protecting their own kids from them, and giving them books, ideas, and real conversation instead.
So why are the rest of us being sold something different?
@Prakashplutus Thank you Prakashji
Who to follow
Ernie Arias
@ERNIEARIAS
Ernie Arias is an Advertising Studio Manager at Freelance. Social Media enthusiast. Dad, husband. Opinions are my own. https://t.co/u73O64P0Px
DJ PerKucion
@DJPerKucion
First spun his way onto the music scene in 98. In that time, he’s established a rep as one of the most innovative DJs of his generation.
Harry Hawk 
@hhawk
Digital GTM & Optimization & Juicy Burgers. Staff: https://t.co/SFrn1TSWvT, https://t.co/givqjq49HA. Past: Madison Ave., Wall St, & Bell Labs. Extropian. Alt-His of Gen AI.
@Sandeep_Majj I also saw somewhere that while FIIs are selling the largecaps, and their share of largecaps is trending down, their share of mid and smallcaps is trending up
@EquityInsightss And what does may tend to do? You'll tell us in June?
@mid_day You can just say 7 years
@VVVStockAnalyst Watched the traderlion conference video of yours just last week, appreciate putting such info out for all to benefit
@Prakashplutus thank you, i actually exited some of my stocks and funds that were underperforming at a bit higher than breakeven, and held off new investments based on your inputs
A man died when a Metro slab collapsed in Mulund. MMRDA promised ZERO tolerance. Heads would roll.
Months later, the consultant it blamed & threatened to fire is still on the project.
The explanation? It was all a "misunderstanding."
@sabahvir's break in today's edition:
https://t.co/f98FiYL5zh via @IndianExpress
@GalaxyNewsUnit @JoshEakle The op is trying to say it'll negatively affect regular Americans and you're saying it'll benefit American oil companies and traders; both these things can be and are true.
A young female doctor resigned from a reputed hospital on her very first day after allegedly uncovering unethical practices aimed at maximising revenue. She claimed she was instructed to admit patients unnecessarily and keep them in the ICU without medical need.
Refusing to compromise on patient care, the doctor chose to quit immediately. Her account of the incident, shared on Twitter, has since gone viral, sparking widespread debate over ethics and accountability in private healthcare.
VC: yourfamilyphysician/IG
#doctor #indiandoctors #ICU #ethics #viralreels
@zoru75 Can someone explain this simply for those of us who aren't lawyers
@InvesysCapital What's the peg ratio looking like for the same?
@InvesysCapital Eid Mubarak!
@EquityInsightss Still expensive if looking at PEG ratio of individual stocks
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.4M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers