Malaysia
Bangladeshi Teen Hacker Shuvon Gets NASA Recognition for Cybersecurity Discovery: Md Shariar Shanaz Shuvon, a 17-year-old ethical hacker and Bangladeshi expat student in Malaysia, has received an official letter of appreciation from NASA for uncovering a critical vulnerability in the agency’s cybersecurity infrastructure.
Born in Jhenaigati, Sherpur, Shuvon passed his SSC from Jhinaigati Govt Model Pilot High School before enrolling in a diploma program in Information Technology at the University of Cyberjaya, Malaysia. Despite his young age, Shuvon has already established himself as an Information Security Analyst at ERTH (Blue Bee Technologies Sdn. Bhd.), a firm known for its cybersecurity services.
Shuvon’s interest in cybersecurity began early. “I started programming in Class 7, using free online resources—courses, YouTube videos, books, and PDFs,” he shared. By Class 8, he had plunged into bug hunting, hackathons, and tech freelancing in fields like SEO, design, and video editing. “But cybersecurity is my true passion,” he said.
On June 11, 2024, his dedication paid off when he uncovered a major privacy-related bug in NASA’s Earth data systems. By leveraging a complex combination of vulnerabilities—namely IDOR (Insecure Direct Object Reference) and SSRF (Server-Side Request Forgery)—Shuvon gained unintended access to sensitive Earth observation data. “This type of data could have been misused for phishing or sold on the dark web,” he explained. “I reported the issue through NASA’s Vulnerability Disclosure Program. They fixed it and appreciated my ethical approach.”
NASA officially acknowledged his findings in February 2025, praising him for his responsible disclosure and commitment to ethical standards.
But NASA is just one of many major organisations Shuvon has helped. He has identified vulnerabilities in Sony, where an IDOR bug enabled access to restricted data, and Meta, where he revealed a privacy flaw in hidden reactions on user profiles. “I specialise in IDOR and information disclosure bugs,” he noted.
His skills haven’t gone unnoticed in the global cybersecurity community either. Shuvon recently ranked #1 worldwide on TryHackMe, a premier online platform with over two million users focused on ethical hacking and cybersecurity training.
When asked about his tools of the trade, Shuvon mentioned Burp Suite, Nuclei, Google Dorks, HackerOne, and Bugcrowd. Yet, he believes tools are secondary to a critical mindset: “It’s about logical thinking—spotting what others overlook.”
Shuvon’s journey is a testament to the power of self-learning, curiosity, and ethical intent. With more discoveries likely ahead, he continues to make Bangladesh proud on the global cybersecurity stage.
