I'm Kushagra Kumar

A Programmer and a Student

Learn More

About Me

Kushagra Kumar

Hey, I’m Kushagra Kumar — but you can call me Kush.

I’m a curious mix of tech enthusiast, fitness freak, and lifelong learner. I spend my days exploring code, building projects, hitting the gym, and focusing on improving my health.

🚀 What I Do

Coding & Tech – Skilled in Python, JavaScript, and soon Java. I’ve worked on automation, AI integrations, and web projects like this site.

AI & Projects – I love tinkering with AI tools, creating bots, and finding practical ways to make tech actually useful.

Web Dev – From clean, functional designs to backend integrations (MongoDB, Node.js), I enjoy bringing ideas to life.

💪 Beyond the Screen

When I’m not coding, you’ll probably find me in the gym, focusing on improving my health and building sustainable fitness habits. I’m also into gaming (League of Legends main, Ahri mid supremacy), cars, and occasionally deep‑diving into books like Atomic Habits or The Power of Your Subconscious Mind.

🎯 My Mindset

I believe in constant improvement — whether it’s learning a new skill, pushing past my PRs at the gym, or experimenting with something completely outside my comfort zone.

This site is my digital home — a place to share my projects, thoughts, and maybe a few surprises along the way.

My Bounties

RANK S

1) Found a messaging bug in Meta's Instagram

Uncovered a critical loophole in Instagram DMs that let non‑followers bypass messaging limits and spam targets at scale.

Read More

This effectively nullified Instagram’s non‑follower DM restrictions, enabling high‑volume unsolicited outreach and abuse. I responsibly disclosed the issue to Meta with full repro steps, impact analysis, and mitigation suggestions—contributing to a platform‑level fix.

Edit: Instagram later changed the behavior — non‑followers can now send unlimited messages by default. You can still google “non followers dm restrictions” to see what I’m referring to.

RANK A

2) Found a login flaw in Steam mobile app

Found a session‑persistence flaw where Steam stayed logged in after device clone/restore, undermining device‑change safeguards.

Read More

The bypass could let accounts avoid the 7–14 day trade hold and increase fraud/compromise risk. I reported it with clear STR, environment notes, and realistic attack paths to help the team tighten session integrity.

RANK B

3) Found a very small design error in JetBrains Marketplace website

Flagged a high‑visibility branding inconsistency on JetBrains Marketplace (legacy Twitter logo long after the X rebrand).

Read More

Seemingly small, but these cues shape trust at scale. I documented the issue with references and recommended an asset update policy to keep marketplace surfaces aligned with live brand standards.

Social Media

Contact Me

Email: kushagrakk2008@gmail.com

WhatsApp: +91 9693008878 (Text only)

Are you sure?