Days after making headlines over his claims of security vulnerabilities in CBSE’s digital systems, 19-year-old ethical hacker Nisarga Adhikary has joined IIT Kanpur’s cybersecurity innovation hub.Adhikary was appointed as an Open-Source Intelligence (OSINT) and Threat Intelligence Engineer at C3iHub, the technology innovation hub at IIT Kanpur. His LinkedIn profile states that he is currently working in OSINT and threat intelligence at the institute.The appointment comes shortly after Adhikary drew national attention with a series of allegations related to CBSE’s digital infrastructure.In posts on X, Adhikary claimed that scanned answer sheets and question papers linked to CBSE were publicly accessible because of an alleged cloud storage configuration issue. He alleged that an AWS storage bucket containing 2026 answer sheets and question papers could be accessed without authentication.“Anyone on the internet can download any scanned booklet,” he wrote in one of the posts.Adhikary had earlier also claimed to have found vulnerabilities in CBSE’s On-Screen Marking (OSM) portal. In a blog post, he said he had discovered the issues in February and reported them to CERT-In before making them public.According to his claims, some of the vulnerabilities could have allowed unauthorised access to parts of the evaluation system. The allegations quickly gained attention on social media, with several users raising concerns about data security and student privacy.According to the blog, the alleged vulnerabilities included a “hardcoded master password” visible inside the portal’s JavaScript bundle, client-side OTP validation, missing route protections, password reset flaws and what he described as a “systemic IDOR vulnerability”.“One of the hardest things was not exploitation,” he wrote, “The hardest part was reading a JavaScript file and editing a couple of values in DevTools.” Adhikary also alleged that OTP verification was effectively meaningless because “the browser grades its own test”.“A security control that runs on the attacker’s machine isn’t a control at all,” he wrote.