Chris Wysopal's Avatar

Chris Wysopal

@weld.bsky.social

Gray haired gray hat. Co-founder Veracode. Former L0pht security researcher. Builds tools to find and fix vulnerabilities in code at scale. Twitter: https://twitter.com/WeldPond

6,492 Followers  |  298 Following  |  362 Posts  |  Joined: 04.05.2023  |  1.8303

Latest posts by weld.bsky.social on Bluesky

Preview
Top 100 Cybersecurity Thought Leaders | #1 Scott Steinberg Top 100 cybersecurity thought leaders list: Hire famous AI & IT digital transformation consultant and futurist celebrity keynote speaker Scott Steinberg - 3000 brands served!

This is a new one for me. I'm #8 and #31 on this top 100 list. Do you want Chris the the CTO of Veracode or Chris the security pioneer. πŸ˜‚
www.futuristsspeakers.com/top-100-cybe...

06.02.2026 13:59 β€” πŸ‘ 8    πŸ” 1    πŸ’¬ 3    πŸ“Œ 0

and
destroy this communication and all copies thereof,
including all attachments. copyright -all rights reserved

03.02.2026 01:03 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Unauthorized use, disclosure or copying of this
communication or any part thereof is strictly prohibited
and may be unlawful. If you have received this
communication in error, please notify us immediately by
return e-mail or by e-mail to jeevacation@gmail.com <mailto:jeevacation@gmail.com> ,

03.02.2026 01:03 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Can we all forget about the email disclaimers now?

The information contained in this communication is
confidential, may be attorney-client privileged, may
constitute inside information, and is intended only for
the use of the addressee. It is the property of
JEE

03.02.2026 01:03 β€” πŸ‘ 5    πŸ” 0    πŸ’¬ 3    πŸ“Œ 0
Post image

In order to collect a bug bounty, a researcher was required to sign an NDA to not discuss the vulnerability.
zuernerd.github.io/blog/2026/01...

30.01.2026 21:28 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0

Hackers & vendors working together on coordinated disclosure led to working together to secure products, systems and networks

28.01.2026 20:11 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Vulnerability disclosure norms are a control system for incentives. They made vulnerability handling predictable enough to industrialize.

We get more finding, more fixing, and more secure software.

28.01.2026 19:46 β€” πŸ‘ 7    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Ctrl + Alt + Chaos: How Teenage Hackers Hijack the Internet Ctrl + Alt + Chaos: How Teenage Hackers Hijack the Internet [Tidy, Joe] on Amazon.com. *FREE* shipping on qualifying offers. Ctrl + Alt + Chaos: How Teenage Hackers Hijack the Internet

This looks interesting. Teenage hackers. I was one. I didn’t do this type of thing though.

www.amazon.com/dp/133500193X

28.01.2026 00:24 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

It’s available streaming from Sundance. Check out the schedule to buy tix.

27.01.2026 04:30 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Post image

Barnaby Jack dragged this attack class into the open in 2010 with a live BlackHat demo & coined the term jackpotting. He showed ATMs are just poorly defended computers w/cash attached. 15 yrs later attackers are still proving him right. Vendors/operators keep relearning the same lesson the hard way

23.01.2026 17:23 β€” πŸ‘ 10    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

This wasn’t a one-off.

DOJ has charged dozens across multiple states, including members of the Tren de Aragua syndicate, tied to coordinated ATM jackpotting rings. Same attack class, just industrialized.

23.01.2026 17:23 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

ATM jackpotting is still very much alive in 2025.

Two attackers physically opened ATMs, connected a laptop, installed malware, and forced the machines to dump all their cash. DOJ convictions, prison time, restitution, deportation.

23.01.2026 17:23 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Preview
Early Alert: Glucose Monitor Sensor Issue from Abbott Diabetes Care Certain Abbott Diabetes Care Continuous Glucose Monitor sensors may provide incorrect low glucose readings

This FDA announcement says over 700 people were harmed and 7 people died due to a bug in the Abbot FreeStyle Libre device.
www.fda.gov/medical-devi...

21.01.2026 20:37 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Massachusetts Legislation Tackles End Of Life Software Risk - Secure Resilient Future Foundation (SRFF) Lawmakers in Massachusetts on Monday introduced new legislation to address the growing epidemic of abandoned smart, personal electronics. Two closely aligned bills, dubbedβ€œAn Act Relative To Consumer ...

More details on the proposed MA legislation addressing end-of-life software risk in consumer devices: secure-resilient.org/2026/01/mass...

21.01.2026 16:22 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Massachusetts lawmakers introduced bipartisan bills (HD 5563 / SD 3606) to curb abandoned consumer electronics by requiring vendors to disclose software support lifetimes, warn users before end-of-life, and explain lost features and security risks.

21.01.2026 16:22 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0
Post image

New from Anthropic.

red.anthropic.com/2026/cyber-t...

21.01.2026 12:59 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

What are the EU alternatives for DDoS mitigation?

20.01.2026 16:23 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Datasets – Google Research

The 4TB download is here research.google/resources/da...

20.01.2026 16:21 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Microsoft released NTLMv2 in 1998, no doubt because tools like L0phtCrack were able crack NTLMv1 passwords with the measly computing power then.

NTLMv1 is still in use today!

Mandiant has now released rainbow tables for NTLMv1 that can crack any pw in 12hrs on a $600 computer.

20.01.2026 16:17 β€” πŸ‘ 12    πŸ” 2    πŸ’¬ 2    πŸ“Œ 1

UK NCSC: pro-Russian hacktivists are still hammering critical infra & local gov w/DDoS attacks. Low-tech, high impact, disrupting services & costing serious recovery time/money. Shouldn't critical infra & local gov be able to mitigate these attacks? What do they use? Cloudflare? Akamai? ISPs?

20.01.2026 15:37 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Tell your older relatives to turn personalized ads off everywhere. Scammers target this demographic.

18.01.2026 17:37 β€” πŸ‘ 10    πŸ” 3    πŸ’¬ 1    πŸ“Œ 1

Assume access. Design for containment.

15.01.2026 17:03 β€” πŸ‘ 6    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
The Promptware Kill Chain: How Prompt Injections Gradually Evolved Into a Multi-Step Malware

β€œPrompt injection” is the wrong mental model.

LLM attacks increasingly look like malware campaigns, not single exploits. This paper frames them as promptware and maps a 5-stage kill chain: initial access β†’ priv esc β†’ persistence β†’ lateral movement β†’ actions on objective.
arxiv.org/html/2601.09...

15.01.2026 17:03 β€” πŸ‘ 9    πŸ” 1    πŸ’¬ 2    πŸ“Œ 0
Post image

BIG NEWS! Rachael Morrison’s JOYBUBBLES will have its #WORLDPREMIERE at the 2026 #SundanceFilmFestival (@sundance.org) on JAN 26 at 6 PM! Executive produced by @cameowood.com & Charming Stranger Films, the film will screen in person JAN 26β€”JAN 31 & online screenings begin JAN 29: loom.ly/xnAbh1w

09.01.2026 18:33 β€” πŸ‘ 7    πŸ” 3    πŸ’¬ 1    πŸ“Œ 2
Preview
Germany Considers Broader Legal Authority for Internet Surveillance and State Hacking Much of the world’s data has always passed through Frankfurt; now Germany wants to keep a copy for itself.

"A draft amendment to the BND Act, circulating by German media, would transform the agency’s reach by authorizing it to break into foreign digital systems, collect and store large portions of internet traffic, and analyze those communications retroactively."

reclaimthenet.org/germany-bnd-...

15.01.2026 15:02 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
A black and white photo of a man holding two phones to his head, with the text β€œSundance Film Festival 2026” and Jan 22-Feb 1

A black and white photo of a man holding two phones to his head, with the text β€œSundance Film Festival 2026” and Jan 22-Feb 1

Tickets for in-person and online viewing go on sale tomorrow! I hope I get to see some friends in the audience on opening night!

13.01.2026 21:19 β€” πŸ‘ 7    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Young Americans Are Unplugging, And It's Making Them Happier People who create screen-free time in their day say they feel more productive, more present with loved ones, and more aware of what's happening around them.

We are seeing Gen Z unplug and be fascinated by analog right at the time human artists are being supplanted. Should be an interesting few years.

studyfinds.org/young-americ...

13.01.2026 23:10 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0

iPhones now have "delete and report spam" for unknown messages and callers.

If everyone was to choose "delete and report spam" for every spam message and call would they stop? If not, what is the point?

13.01.2026 22:51 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0
Program Guide | 2025 Sundance Film Festival Discover the 2025 film lineup.

Before the word hacker meant anything at all there was a blind kid who whistled 2600 Hz and bent Ma Bell to his will.

Joybubbles tells the story of Joe Engressi, the original phone phreak and a reminder that hacking started as curiosity, play, and defiance.
festival.sundance.org/program/film...

13.01.2026 14:26 β€” πŸ‘ 40    πŸ” 18    πŸ’¬ 1    πŸ“Œ 2
The Worst Devices of CES 2026
YouTube video by iFixit The Worst Devices of CES 2026

CES Worst in Show is a reminder that β€œinnovation” now means:

more attack surface, less ownership, permanent surveillance, and DRM on objects you physically bought.

Congratulations to the ad-powered fridge for completing the arc.

www.youtube.com/watch?v=cxZg...

12.01.2026 17:02 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@weld is following 19 prominent accounts