That is correct. In pan-India exams like the JEE and NEET, and even in high-stakes state-level exams, it would be impossible to cheat so blatantly. That doesn't mean cheating doesn't happen, but it would require you to know someone in the examining body. And, they would be risking their careers and their liberty to help you.

And, I know a few people who were vaccinated, but the dose did not get registered. In some cases, this was purposefully done - so that they could get the dose while they were below the age floor (at that time). In other cases, this was accidental - the hospital staff simply neglected to put it into the system, and no one cared.

It appears that he got the credentials from github, and this was critical for his exploit to work.

If he could find 30+ instances before he just gave up I’m not sure if we can count that as a significant barrier.

And I hope he disclosed it responsibly.

I don't think he disclosed this. Theirs no mention of it in the post.

The fact that he sat on it for months before going back and trying suggests that he didnt disclose the GitHub leaks to the government.

I assume you do draw the line at some point, below which you would consider a discipline a fake subject. Where do you draw that line?