India's national school exam board acknowledged vulnerabilities in its online grading system after a teenage cybersecurity researcher discovered the weaknesses. The board said it has contained the issues affecting one of the country's most critical school-leaving exams.
The exam board disclosed that it has been actively monitoring and has now contained cybersecurity vulnerabilities in the portal used for grading a major national exam. The flaws were initially reported by a teenage security researcher who identified gaps in the system's defenses.
The vulnerabilities posed potential risks to the integrity of the grading process for one of India's most important educational assessments. Such exam portals typically handle sensitive student data and grades, making security a critical concern.
The board's confirmation marks a significant acknowledgment of the security gaps. While the organization stated it has contained the vulnerabilities, specifics about the nature of the flaws or the timeline for their discovery remain limited. The incident highlights how security researchers, including younger specialists, continue to identify weaknesses in critical digital infrastructure.
The discovery underscores ongoing challenges with cybersecurity in educational systems across India. Exam boards and educational institutions have faced increasing pressure to modernize their systems while maintaining robust security protocols to protect student information and maintain the credibility of examination processes.
The teenage researcher's identification of these vulnerabilities demonstrates the importance of responsible disclosure and external security audits. Educational institutions and government bodies increasingly rely on digital platforms for administration, making cybersecurity expertise essential.
No details have been provided regarding potential exposure of student data or the specific vulnerability types. The board's statement that vulnerabilities have been "contained" suggests remedial action has been taken, though comprehensive disclosure of remediation steps remains unclear.
This incident adds to a broader pattern of security concerns within India's digital educational infrastructure, particularly as institutions accelerate their shift toward online systems.
Security researchers have identified that Cloudflare's Turnstile CAPTCHA system collects WebGL data capable of fingerprinting devices, raising privacy concerns about the supposedly privacy-focused verification service.
A vulnerability in the WP Maps Pro WordPress plugin allows attackers to create administrator accounts without authentication. The exploit targets sites running affected versions of the plugin.
A security researcher has published technical documentation on parallel reconstruction of lawful TLS wiretapping, demonstrating how encrypted traffic can be decrypted in compliance with court orders. The post has generated significant discussion in the security community.
Palo Alto Networks has confirmed that hackers are actively exploiting CVE-2026-0257, an authentication bypass vulnerability in GlobalProtect VPN, to breach corporate networks.