Chris Wysopal
@weld.bsky.social
Gray haired gray hat. Co-founder Veracode. Former L0pht security researcher. Builds tools to find and fix vulnerabilities in code at scale. Twitter: https://twitter.com/WeldPond
A great performance to listen to as you contemplate this.
www.youtube.com/watch?v=p3m3...
www.youtube.com/watch?v=p3m3...
A Charlie Brown Christmas: Live at The Jazz Estate
YouTube video by The Commercialists
www.youtube.com
December 5, 2025 at 5:53 PM
A great performance to listen to as you contemplate this.
www.youtube.com/watch?v=p3m3...
www.youtube.com/watch?v=p3m3...
Updates now available:
React 19.0.1 / 19.1.2 / 19.2.1
Next.js 14.3.0-canary.88 / 15.0.5+ / 16.0.7
Full RCE. Remote. Unauthenticated. Near-100% exploit reliability.
Patch today. Do not wait.
React 19.0.1 / 19.1.2 / 19.2.1
Next.js 14.3.0-canary.88 / 15.0.5+ / 16.0.7
Full RCE. Remote. Unauthenticated. Near-100% exploit reliability.
Patch today. Do not wait.
December 3, 2025 at 4:25 PM
Updates now available:
React 19.0.1 / 19.1.2 / 19.2.1
Next.js 14.3.0-canary.88 / 15.0.5+ / 16.0.7
Full RCE. Remote. Unauthenticated. Near-100% exploit reliability.
Patch today. Do not wait.
React 19.0.1 / 19.1.2 / 19.2.1
Next.js 14.3.0-canary.88 / 15.0.5+ / 16.0.7
Full RCE. Remote. Unauthenticated. Near-100% exploit reliability.
Patch today. Do not wait.
Wiz reports 39% of cloud environments are vulnerable.
If you're running:
• React 19.0–19.2
• Next.js 14.3.0-canary, 15.x, 16.x (App Router)
• Any framework bundling react-server (Redwood, Waku, Vite/Parcel RSC plugins, etc.)
👉 You are likely exposed. Patch immediately.
If you're running:
• React 19.0–19.2
• Next.js 14.3.0-canary, 15.x, 16.x (App Router)
• Any framework bundling react-server (Redwood, Waku, Vite/Parcel RSC plugins, etc.)
👉 You are likely exposed. Patch immediately.
December 3, 2025 at 4:25 PM
Wiz reports 39% of cloud environments are vulnerable.
If you're running:
• React 19.0–19.2
• Next.js 14.3.0-canary, 15.x, 16.x (App Router)
• Any framework bundling react-server (Redwood, Waku, Vite/Parcel RSC plugins, etc.)
👉 You are likely exposed. Patch immediately.
If you're running:
• React 19.0–19.2
• Next.js 14.3.0-canary, 15.x, 16.x (App Router)
• Any framework bundling react-server (Redwood, Waku, Vite/Parcel RSC plugins, etc.)
👉 You are likely exposed. Patch immediately.
Yeah but... fried pickles.
November 25, 2025 at 2:45 PM
Yeah but... fried pickles.
This seems to be a Baltimore and Pennsylvania tradition for people of German heritage. I'm a big sauerkraut fan!
November 25, 2025 at 2:28 PM
This seems to be a Baltimore and Pennsylvania tradition for people of German heritage. I'm a big sauerkraut fan!
No doorbell cams either. Over half homes have them.
November 25, 2025 at 2:01 PM
No doorbell cams either. Over half homes have them.
We looked at GPT-5 and GPT-5 mini. It would be interesting to look at codex to.
November 18, 2025 at 6:05 PM
We looked at GPT-5 and GPT-5 mini. It would be interesting to look at codex to.
Delchi and I having a pre-party discussion at @L0phtHeavyInd circa 1999
November 15, 2025 at 5:02 PM
Delchi and I having a pre-party discussion at @L0phtHeavyInd circa 1999
He lived in the pages too, as “The Voltoids Guy” in Voltaire’s Oh My Goth and “Lord Delchi” in GloomCookie, before becoming a comic creator himself with his comic Noduttu.
Rest easy, old friend. The dance floor, the lab, and the shadows won’t be the same without you.
Hail and farewell, traveler.
Rest easy, old friend. The dance floor, the lab, and the shadows won’t be the same without you.
Hail and farewell, traveler.
November 15, 2025 at 4:53 PM
He lived in the pages too, as “The Voltoids Guy” in Voltaire’s Oh My Goth and “Lord Delchi” in GloomCookie, before becoming a comic creator himself with his comic Noduttu.
Rest easy, old friend. The dance floor, the lab, and the shadows won’t be the same without you.
Hail and farewell, traveler.
Rest easy, old friend. The dance floor, the lab, and the shadows won’t be the same without you.
Hail and farewell, traveler.
He was just as legendary in the NYC goth scene: From the earliest days spinning ethereal sets at Parallax, Long Black Veil, Sanctum at CBGB’s Basement, and his own Bitter Paradise at Downtime—Delchi was a pillar of the night.
November 15, 2025 at 4:53 PM
He was just as legendary in the NYC goth scene: From the earliest days spinning ethereal sets at Parallax, Long Black Veil, Sanctum at CBGB’s Basement, and his own Bitter Paradise at Downtime—Delchi was a pillar of the night.
Delchi was an early researcher tearing apart IoT and other devices for the sheer love of understanding how things break.
November 15, 2025 at 4:53 PM
Delchi was an early researcher tearing apart IoT and other devices for the sheer love of understanding how things break.
Red team was caught!
November 14, 2025 at 3:51 PM
Red team was caught!
Is it time to update Coordinated Vulnerability Disclosure standards to be Coordinated Vulnerability and Patch Disclosure.
In the early days of L0pht/@stake we often had a Mitigation/Fix section in our vulnerability reports.
In the early days of L0pht/@stake we often had a Mitigation/Fix section in our vulnerability reports.
November 4, 2025 at 5:23 PM
Is it time to update Coordinated Vulnerability Disclosure standards to be Coordinated Vulnerability and Patch Disclosure.
In the early days of L0pht/@stake we often had a Mitigation/Fix section in our vulnerability reports.
In the early days of L0pht/@stake we often had a Mitigation/Fix section in our vulnerability reports.