- Nisarga Adhikary identified security flaws in CBSE's Online Submission of Marks portal
- He reported vulnerabilities responsibly without exploiting the system
- The OSM portal is critical for managing exam marks of CBSE-affiliated schools
Nisarga Adhikary, a young cybersecurity researcher who came into spotlight after identifying security vulnerabilities in the Central Board of Secondary Education's (CBSE) On-Screen Marking (OSM) portal, has been appointed as an OSINT and Threat Intelligence Engineer at C3iHub, the cybersecurity and cyber defence research centre at IIT Kanpur.
The development marks a significant milestone in Adhikary's journey from a student researcher to a cybersecurity professional, highlighting the growing recognition of ethical hacking and responsible vulnerability disclosure in India.
The OSM portal is a critical digital platform used by CBSE-affiliated schools across the country to upload and manage students' examination marks. The system plays an important role in the board examination process, enabling schools to submit marks online for compilation and result preparation.
Commenting on the development, Prof. Manindra Agrawal, Director, IIT Kanpur, said, “Nisarga Adhikary has joined IIT Kanpur's C3iHub as an OSINT and Threat Intelligence Engineer. He is a talented young engineer who has demonstrated noteworthy technical capabilities at a young age. We believe he has significant potential, and working at IIT Kanpur will provide him with the opportunity to further develop his capabilities while contributing to cybersecurity and threat intelligence initiatives at C3iHub. We wish him the very best in his journey ahead.”
Adhikary had earlier discovered multiple security weaknesses in the portal that could have potentially exposed sensitive student and school-related information if exploited by malicious actors. According to reports, the vulnerabilities included flaws related to access controls and data security, raising concerns about the protection of information handled through the platform.
Instead of attempting to misuse the vulnerabilities, Adhikary followed the principles of responsible disclosure and reported the issues to the concerned authorities. His actions helped bring attention to cybersecurity gaps in educational technology systems and underscored the importance of proactive security audits for platforms handling large volumes of sensitive data.
The disclosure drew widespread attention from cybersecurity experts and the education sector, with many praising the teenager for choosing an ethical approach.
His appointment at C3iHub, one of India's leading centres for cybersecurity research, reflects the growing demand for skilled threat intelligence and security professionals.
