Security Hall of Fame
We're grateful to the security researchers who help keep Killswitch safe through responsible disclosure.
Acknowledged Researchers
Sachin Kalkumbe
April 2026
Third-party chat widget loaded on token-bearing routes — URL tokens leaked to analytics endpoint
Ahmed S
April 2026
Master key API hardening — overwrite/null protection, Content Security Policy tightening, and share-endpoint error normalization
Sumit Bhadouriya
February 2026
Login endpoint brute-force protection bypass — identified non-enforcing rate limiting on authentication endpoint
Ravela Pramod Kumar
February 2026
Master key API endpoint hardening — credential exposure in query strings (CWE-598) and missing rate limiting
Cyber_Subhash
February 2026
Direct IP access exposure and PostgreSQL public port exposure — infrastructure hardening
Aqudas Gulzar
February 2026
Fixed critical 2FA authentication bypass — secured completion endpoint with signed, time-limited verification tokens
Manasi Deokate
February 2026
Session security hardening — logout token revocation, no-cache headers, session replay protection
Kunal Mhaske
February 2026
Session invalidation on password change, email enumeration protection
Khurram Shoaib
January 2026
Multiple authentication and session security improvements