Chris Wysopal
@weld.bsky.social
Gray haired gray hat. Co-founder Veracode. Former L0pht security researcher. Builds tools to find and fix vulnerabilities in code at scale. Twitter: https://twitter.com/WeldPond
ATM jackpotting is still very much alive in 2025.
Two attackers physically opened ATMs, connected a laptop, installed malware, and forced the machines to dump all their cash. DOJ convictions, prison time, restitution, deportation.
Two attackers physically opened ATMs, connected a laptop, installed malware, and forced the machines to dump all their cash. DOJ convictions, prison time, restitution, deportation.
January 23, 2026 at 5:23 PM
ATM jackpotting is still very much alive in 2025.
Two attackers physically opened ATMs, connected a laptop, installed malware, and forced the machines to dump all their cash. DOJ convictions, prison time, restitution, deportation.
Two attackers physically opened ATMs, connected a laptop, installed malware, and forced the machines to dump all their cash. DOJ convictions, prison time, restitution, deportation.
This FDA announcement says over 700 people were harmed and 7 people died due to a bug in the Abbot FreeStyle Libre device.
www.fda.gov/medical-devi...
www.fda.gov/medical-devi...
Early Alert: Glucose Monitor Sensor Issue from Abbott Diabetes Care
Certain Abbott Diabetes Care Continuous Glucose Monitor sensors may provide incorrect low glucose readings
www.fda.gov
January 21, 2026 at 8:37 PM
This FDA announcement says over 700 people were harmed and 7 people died due to a bug in the Abbot FreeStyle Libre device.
www.fda.gov/medical-devi...
www.fda.gov/medical-devi...
Massachusetts lawmakers introduced bipartisan bills (HD 5563 / SD 3606) to curb abandoned consumer electronics by requiring vendors to disclose software support lifetimes, warn users before end-of-life, and explain lost features and security risks.
January 21, 2026 at 4:22 PM
Massachusetts lawmakers introduced bipartisan bills (HD 5563 / SD 3606) to curb abandoned consumer electronics by requiring vendors to disclose software support lifetimes, warn users before end-of-life, and explain lost features and security risks.
January 21, 2026 at 12:59 PM
Microsoft released NTLMv2 in 1998, no doubt because tools like L0phtCrack were able crack NTLMv1 passwords with the measly computing power then.
NTLMv1 is still in use today!
Mandiant has now released rainbow tables for NTLMv1 that can crack any pw in 12hrs on a $600 computer.
NTLMv1 is still in use today!
Mandiant has now released rainbow tables for NTLMv1 that can crack any pw in 12hrs on a $600 computer.
January 20, 2026 at 4:17 PM
Microsoft released NTLMv2 in 1998, no doubt because tools like L0phtCrack were able crack NTLMv1 passwords with the measly computing power then.
NTLMv1 is still in use today!
Mandiant has now released rainbow tables for NTLMv1 that can crack any pw in 12hrs on a $600 computer.
NTLMv1 is still in use today!
Mandiant has now released rainbow tables for NTLMv1 that can crack any pw in 12hrs on a $600 computer.
UK NCSC: pro-Russian hacktivists are still hammering critical infra & local gov w/DDoS attacks. Low-tech, high impact, disrupting services & costing serious recovery time/money. Shouldn't critical infra & local gov be able to mitigate these attacks? What do they use? Cloudflare? Akamai? ISPs?
January 20, 2026 at 3:37 PM
UK NCSC: pro-Russian hacktivists are still hammering critical infra & local gov w/DDoS attacks. Low-tech, high impact, disrupting services & costing serious recovery time/money. Shouldn't critical infra & local gov be able to mitigate these attacks? What do they use? Cloudflare? Akamai? ISPs?
Tell your older relatives to turn personalized ads off everywhere. Scammers target this demographic.
January 18, 2026 at 5:36 PM
Tell your older relatives to turn personalized ads off everywhere. Scammers target this demographic.
“Prompt injection” is the wrong mental model.
LLM attacks increasingly look like malware campaigns, not single exploits. This paper frames them as promptware and maps a 5-stage kill chain: initial access → priv esc → persistence → lateral movement → actions on objective.
arxiv.org/html/2601.09...
LLM attacks increasingly look like malware campaigns, not single exploits. This paper frames them as promptware and maps a 5-stage kill chain: initial access → priv esc → persistence → lateral movement → actions on objective.
arxiv.org/html/2601.09...
The Promptware Kill Chain: How Prompt Injections Gradually Evolved Into a Multi-Step Malware
arxiv.org
January 15, 2026 at 5:03 PM
“Prompt injection” is the wrong mental model.
LLM attacks increasingly look like malware campaigns, not single exploits. This paper frames them as promptware and maps a 5-stage kill chain: initial access → priv esc → persistence → lateral movement → actions on objective.
arxiv.org/html/2601.09...
LLM attacks increasingly look like malware campaigns, not single exploits. This paper frames them as promptware and maps a 5-stage kill chain: initial access → priv esc → persistence → lateral movement → actions on objective.
arxiv.org/html/2601.09...
Reposted by Chris Wysopal
BIG NEWS! Rachael Morrison’s JOYBUBBLES will have its #WORLDPREMIERE at the 2026 #SundanceFilmFestival (@sundance.org) on JAN 26 at 6 PM! Executive produced by @cameowood.com & Charming Stranger Films, the film will screen in person JAN 26—JAN 31 & online screenings begin JAN 29: loom.ly/xnAbh1w
January 9, 2026 at 6:33 PM
BIG NEWS! Rachael Morrison’s JOYBUBBLES will have its #WORLDPREMIERE at the 2026 #SundanceFilmFestival (@sundance.org) on JAN 26 at 6 PM! Executive produced by @cameowood.com & Charming Stranger Films, the film will screen in person JAN 26—JAN 31 & online screenings begin JAN 29: loom.ly/xnAbh1w
"A draft amendment to the BND Act, circulating by German media, would transform the agency’s reach by authorizing it to break into foreign digital systems, collect and store large portions of internet traffic, and analyze those communications retroactively."
reclaimthenet.org/germany-bnd-...
reclaimthenet.org/germany-bnd-...
Germany Considers Broader Legal Authority for Internet Surveillance and State Hacking
Much of the world’s data has always passed through Frankfurt; now Germany wants to keep a copy for itself.
reclaimthenet.org
January 15, 2026 at 3:02 PM
"A draft amendment to the BND Act, circulating by German media, would transform the agency’s reach by authorizing it to break into foreign digital systems, collect and store large portions of internet traffic, and analyze those communications retroactively."
reclaimthenet.org/germany-bnd-...
reclaimthenet.org/germany-bnd-...
Reposted by Chris Wysopal
Tickets for in-person and online viewing go on sale tomorrow! I hope I get to see some friends in the audience on opening night!
January 13, 2026 at 9:19 PM
Tickets for in-person and online viewing go on sale tomorrow! I hope I get to see some friends in the audience on opening night!
iPhones now have "delete and report spam" for unknown messages and callers.
If everyone was to choose "delete and report spam" for every spam message and call would they stop? If not, what is the point?
If everyone was to choose "delete and report spam" for every spam message and call would they stop? If not, what is the point?
January 13, 2026 at 10:51 PM
iPhones now have "delete and report spam" for unknown messages and callers.
If everyone was to choose "delete and report spam" for every spam message and call would they stop? If not, what is the point?
If everyone was to choose "delete and report spam" for every spam message and call would they stop? If not, what is the point?
Before the word hacker meant anything at all there was a blind kid who whistled 2600 Hz and bent Ma Bell to his will.
Joybubbles tells the story of Joe Engressi, the original phone phreak and a reminder that hacking started as curiosity, play, and defiance.
festival.sundance.org/program/film...
Joybubbles tells the story of Joe Engressi, the original phone phreak and a reminder that hacking started as curiosity, play, and defiance.
festival.sundance.org/program/film...
Program Guide | 2025 Sundance Film Festival
Discover the 2025 film lineup.
festival.sundance.org
January 13, 2026 at 2:26 PM
Before the word hacker meant anything at all there was a blind kid who whistled 2600 Hz and bent Ma Bell to his will.
Joybubbles tells the story of Joe Engressi, the original phone phreak and a reminder that hacking started as curiosity, play, and defiance.
festival.sundance.org/program/film...
Joybubbles tells the story of Joe Engressi, the original phone phreak and a reminder that hacking started as curiosity, play, and defiance.
festival.sundance.org/program/film...
CES Worst in Show is a reminder that “innovation” now means:
more attack surface, less ownership, permanent surveillance, and DRM on objects you physically bought.
Congratulations to the ad-powered fridge for completing the arc.
www.youtube.com/watch?v=cxZg...
more attack surface, less ownership, permanent surveillance, and DRM on objects you physically bought.
Congratulations to the ad-powered fridge for completing the arc.
www.youtube.com/watch?v=cxZg...
The Worst Devices of CES 2026
YouTube video by iFixit
www.youtube.com
January 12, 2026 at 5:02 PM
CES Worst in Show is a reminder that “innovation” now means:
more attack surface, less ownership, permanent surveillance, and DRM on objects you physically bought.
Congratulations to the ad-powered fridge for completing the arc.
www.youtube.com/watch?v=cxZg...
more attack surface, less ownership, permanent surveillance, and DRM on objects you physically bought.
Congratulations to the ad-powered fridge for completing the arc.
www.youtube.com/watch?v=cxZg...
“The Conscience of a Hacker” by The Mentor is 40 years old today.
January 8, 2026 at 4:40 PM
“The Conscience of a Hacker” by The Mentor is 40 years old today.
Manufacturing cyber compromises are expensive. An attack in 2025 forced Jaguar Land Rover to suspend production at its factories in the UK, Slovakia, Brazil and India through September and pushed it into a quarterly loss of almost £500m.
www.theguardian.com/business/202...
www.theguardian.com/business/202...
Jaguar Land Rover sales slump sharply amid US tariffs and cyber-attack
Shares in owner Tata Motors fall after carmaker confirms impact of devastating hack
www.theguardian.com
January 7, 2026 at 3:02 PM
Manufacturing cyber compromises are expensive. An attack in 2025 forced Jaguar Land Rover to suspend production at its factories in the UK, Slovakia, Brazil and India through September and pushed it into a quarterly loss of almost £500m.
www.theguardian.com/business/202...
www.theguardian.com/business/202...
Outlook emailing me that someone “reacted” to my email feels very Dilbert, like the Pointy-Haired Boss getting his emails printed.
December 18, 2025 at 2:19 PM
Outlook emailing me that someone “reacted” to my email feels very Dilbert, like the Pointy-Haired Boss getting his emails printed.
[un]prompted is a new practitioner-led AI security con taking place Mar 3–4 at Salesforce Tower in SF. If you’re working hands-on w/AI systems, I strongly encourage you to submit a talk. Take a look at the CFP & review boards guidance on the kinds of submissions we’re hoping to see
unpromptedcon.org
unpromptedcon.org
[un]prompted | Ai Security Practitioners Conference
unpromptedcon.org
December 17, 2025 at 7:33 PM
[un]prompted is a new practitioner-led AI security con taking place Mar 3–4 at Salesforce Tower in SF. If you’re working hands-on w/AI systems, I strongly encourage you to submit a talk. Take a look at the CFP & review boards guidance on the kinds of submissions we’re hoping to see
unpromptedcon.org
unpromptedcon.org
December 11, 2025 at 4:15 PM
In life, as in music, all time scales coexist. The ‘now’ is not a fleeting instant but a field that extends forward and backward through memory and anticipation. Perception and context shape how we experience this layered present.
December 5, 2025 at 5:18 PM
In life, as in music, all time scales coexist. The ‘now’ is not a fleeting instant but a field that extends forward and backward through memory and anticipation. Perception and context shape how we experience this layered present.
🚨 Critical React + Next.js RCE Alert 🚨
New flaws in the React Server Components “Flight” protocol (CVE-2025-55182 & CVE-2025-66478) allow unauthenticated remote code execution on default installations.
Attackers only need one malicious HTTP request to take over a server.
New flaws in the React Server Components “Flight” protocol (CVE-2025-55182 & CVE-2025-66478) allow unauthenticated remote code execution on default installations.
Attackers only need one malicious HTTP request to take over a server.
December 3, 2025 at 4:25 PM
🚨 Critical React + Next.js RCE Alert 🚨
New flaws in the React Server Components “Flight” protocol (CVE-2025-55182 & CVE-2025-66478) allow unauthenticated remote code execution on default installations.
Attackers only need one malicious HTTP request to take over a server.
New flaws in the React Server Components “Flight” protocol (CVE-2025-55182 & CVE-2025-66478) allow unauthenticated remote code execution on default installations.
Attackers only need one malicious HTTP request to take over a server.
Reposted by Chris Wysopal
New policy paper out: An Achilles Heel of Today’s Armed Forces: Managing Software Supply Chain Risk in the Military Sector
Armed forces should pay more attention to their software supply chains. These are complex networks of software components, vendors, service providers, and other companies. /1
Armed forces should pay more attention to their software supply chains. These are complex networks of software components, vendors, service providers, and other companies. /1
November 20, 2025 at 9:42 AM
New policy paper out: An Achilles Heel of Today’s Armed Forces: Managing Software Supply Chain Risk in the Military Sector
Armed forces should pay more attention to their software supply chains. These are complex networks of software components, vendors, service providers, and other companies. /1
Armed forces should pay more attention to their software supply chains. These are complex networks of software components, vendors, service providers, and other companies. /1
Veracode Research finds that OpenAI GPT-5 writes more secure code than other models.
www.forbes.com/sites/the-wi...
www.forbes.com/sites/the-wi...
OpenAI’s New Model Just Got Much Better At Writing More Secure Code
OpenAI’s frontier model may not have astounded when it arrived earlier this year, but research indicates it’s now much better than others at writing code with fewer vulnerabilities.
www.forbes.com
November 18, 2025 at 3:05 PM
Veracode Research finds that OpenAI GPT-5 writes more secure code than other models.
www.forbes.com/sites/the-wi...
www.forbes.com/sites/the-wi...
I'm heartbroken to share that my friend of 30 yrs, Arthur Phillip Delchi, @delchi.bsky.social, DJ Delchi, has left us.
A founding force behind DEF CON’s Hackers with Disabilities, a member of cDc Ninja Strike Force, a L0pht regular who DJed our wildest parties (two of those moments captured below)
A founding force behind DEF CON’s Hackers with Disabilities, a member of cDc Ninja Strike Force, a L0pht regular who DJed our wildest parties (two of those moments captured below)
November 15, 2025 at 4:53 PM
I'm heartbroken to share that my friend of 30 yrs, Arthur Phillip Delchi, @delchi.bsky.social, DJ Delchi, has left us.
A founding force behind DEF CON’s Hackers with Disabilities, a member of cDc Ninja Strike Force, a L0pht regular who DJed our wildest parties (two of those moments captured below)
A founding force behind DEF CON’s Hackers with Disabilities, a member of cDc Ninja Strike Force, a L0pht regular who DJed our wildest parties (two of those moments captured below)