Gray haired gray hat. Co-founder Veracode. Former L0pht security researcher. Builds tools to find and fix vulnerabilities in code at scale.https://bsky.app/profile/weld.bsky.socialhttps://bsky.app/profile/weld.bsky.social/post/3mlqwox6eg22w13 May 2026 18:29 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3mlqwox6eg22whttps://bsky.app/profile/weld.bsky.social/post/3micbmamihk2qPhrack call for papers is out! Check out the cool demoscene graphics at phrack.org30 Mar 2026 18:19 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3micbmamihk2qhttps://bsky.app/profile/weld.bsky.social/post/3mhvgagjdbs2dI’m excited to let you know that the talks from [un]prompted—the AI Security Practitioner Conference—are now live on YouTube. No fluff, no hype—just real-world AI security from people actually doing the work. https://www.youtube.com/playlist?list=PLjmt1tu85IhAiVPugOjP-7Cy0Oemi3m7z25 Mar 2026 15:37 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3mhvgagjdbs2dhttps://bsky.app/profile/weld.bsky.social/post/3mhavmtdt7c2vRCE vulnerability in the Yamaha PSR-E433 synthesizer, discovered by Anna Antonenko, allows exploitation through crafted MIDI files that trigger a hidden firmware backdoor with hardcoded password "#0000". https://it4sec.substack.com/p/remote-code-execution-rce-in-yamaha17 Mar 2026 11:47 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3mhavmtdt7c2vhttps://bsky.app/profile/weld.bsky.social/post/3mgurh4qtdk2cDoesn't everyone watch Akira on LaserDisc with their figurines?12 Mar 2026 16:00 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3mgurh4qtdk2chttps://bsky.app/profile/weld.bsky.social/post/3mfugtims6k2r🕯️There will be a online memorial for Par 🕯️ Jason Snitker "Parmaster" Memorial Service Feb 28, 2026 04:00 PM Confirmed Speakers: Par's Aunt Deb Wysopal Mudge John Lee Tom Sloan (former Secret Service) Registration Link: https://us02web.zoom.us/meeting/register/hYD6OW0URGaIUG5qA18zXw [contains quote post or other embedded content]27 Feb 2026 19:25 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3mfugtims6k2rhttps://bsky.app/profile/weld.bsky.social/post/3mfb643y7gc23My wife @debdebdeb.bsky.social and I are heartbroken to share the sad news that our old friend @jasonsnitker.bsky.social AKA Parmaster, has passed away.20 Feb 2026 03:28 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3mfb643y7gc23https://bsky.app/profile/weld.bsky.social/post/3mfaf4sr66k2fNew $10k FULU bug bounty for Ring video doorbells just announced. https://bounties.fulu.org/bounties/ring-video-doorbells19 Feb 2026 20:01 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3mfaf4sr66k2fhttps://bsky.app/profile/weld.bsky.social/post/3me72uayeu22hThis is a new one for me. I'm #8 and #31 on this top 100 list. Do you want Chris the the CTO of Veracode or Chris the security pioneer. 😂 https://www.futuristsspeakers.com/top-100-cybersecurity-thought-leaders-list/06 Feb 2026 13:59 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3me72uayeu22hhttps://bsky.app/profile/weld.bsky.social/post/3mdw63jxpyc2gCan we all forget about the email disclaimers now? The information contained in this communication is confidential, may be attorney-client privileged, may constitute inside information, and is intended only for the use of the addressee. It is the property of JEE03 Feb 2026 01:03 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3mdw63jxpyc2ghttps://bsky.app/profile/weld.bsky.social/post/3mdoan7e5ck2gIn order to collect a bug bounty, a researcher was required to sign an NDA to not discuss the vulnerability. https://zuernerd.github.io/blog/2026/01/29/molekule-re.html30 Jan 2026 21:28 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3mdoan7e5ck2ghttps://bsky.app/profile/weld.bsky.social/post/3mdizyyjatk2xVulnerability disclosure norms are a control system for incentives. They made vulnerability handling predictable enough to industrialize. We get more finding, more fixing, and more secure software.28 Jan 2026 19:46 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3mdizyyjatk2xhttps://bsky.app/profile/weld.bsky.social/post/3mdgz44qdec2bThis looks interesting. Teenage hackers. I was one. I didn’t do this type of thing though. www.amazon.com/dp/133500193X https://www.amazon.com/dp/133500193X28 Jan 2026 00:24 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3mdgz44qdec2bhttps://bsky.app/profile/weld.bsky.social/post/3md47og7ul22hATM jackpotting is still very much alive in 2025. Two attackers physically opened ATMs, connected a laptop, installed malware, and forced the machines to dump all their cash. DOJ convictions, prison time, restitution, deportation.23 Jan 2026 17:23 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3md47og7ul22hhttps://bsky.app/profile/weld.bsky.social/post/3mcxjlqqhxc2oThis FDA announcement says over 700 people were harmed and 7 people died due to a bug in the Abbot FreeStyle Libre device. https://www.fda.gov/medical-devices/medical-device-recalls-and-early-alerts/early-alert-glucose-monitor-sensor-issue-abbott-diabetes-care21 Jan 2026 20:37 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3mcxjlqqhxc2ohttps://bsky.app/profile/weld.bsky.social/post/3mcx3drnmks2oMassachusetts lawmakers introduced bipartisan bills (HD 5563 / SD 3606) to curb abandoned consumer electronics by requiring vendors to disclose software support lifetimes, warn users before end-of-life, and explain lost features and security risks.21 Jan 2026 16:22 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3mcx3drnmks2ohttps://bsky.app/profile/weld.bsky.social/post/3mcwq22afvs2cNew from Anthropic. https://red.anthropic.com/2026/cyber-toolkits-update/21 Jan 2026 12:59 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3mcwq22afvs2chttps://bsky.app/profile/weld.bsky.social/post/3mcukmii3ts2oMicrosoft released NTLMv2 in 1998, no doubt because tools like L0phtCrack were able crack NTLMv1 passwords with the measly computing power then. NTLMv1 is still in use today! Mandiant has now released rainbow tables for NTLMv1 that can crack any pw in 12hrs on a $600 computer.20 Jan 2026 16:17 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3mcukmii3ts2ohttps://bsky.app/profile/weld.bsky.social/post/3mcuied6pzk2oUK NCSC: pro-Russian hacktivists are still hammering critical infra & local gov w/DDoS attacks. Low-tech, high impact, disrupting services & costing serious recovery time/money. Shouldn't critical infra & local gov be able to mitigate these attacks? What do they use? Cloudflare? Akamai? ISPs?20 Jan 2026 15:37 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3mcuied6pzk2ohttps://bsky.app/profile/weld.bsky.social/post/3mcpo5ddyvc27Tell your older relatives to turn personalized ads off everywhere. Scammers target this demographic.18 Jan 2026 17:37 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3mcpo5ddyvc27https://bsky.app/profile/weld.bsky.social/post/3mci2tygdkk2d“Prompt injection” is the wrong mental model. LLM attacks increasingly look like malware campaigns, not single exploits. This paper frames them as promptware and maps a 5-stage kill chain: initial access → priv esc → persistence → lateral movement → actions on objective. https://arxiv.org/html/2601.09625v115 Jan 2026 17:03 +0000at://did:plc:zzxobol7ogdohqi2ce7dir4a/app.bsky.feed.post/3mci2tygdkk2d