weld.bsky.social - Profile | ThreadSky | a Reddit-style client for Bluesky

Hack_Curio is your go-to for all things hacker culture! Check out “What’s in a Name?”—an article exploring hacker aliases & why the L0pht testified before the U.S. Senate under ours. #hackerhistory hackcur.io/whats-in-a-n...

submitted 11 days ago • 0 comments

I talked to ISMG News about Gen Z: The Next Generation of Ethical Hackers and The Hacking Games's mission to help source nontraditional talent to become cyber defenders. www.bankinfosecurity.com/articles.php...

submitted 30 days ago • 0 comments

The latest episode of The Phillip Wylie Show features @Veracode cofounder and OG hacker Chris Wysopal, aka @WeldPond! @weld.bsky.social. YouTube: youtu.be/r0vGJ164_yQ... Spotify: open.spotify.com/epi... Apple: podcasts.apple.com/u...

submitted 32 days ago • 0 comments

New Netflix series "Zero Day". Robert De Niro plays a former U.S. president tasked with investigating a deadly cyber attack that left 3,402 people dead youtu.be/FOfBiiPdQPI?...

submitted 32 days ago • 3 comments

This is the current state of much SaaS security. Stolen support credentials, which were likely hugely overprivileged, leads to... "The hacker who breached education tech giant PowerSchool claimed in an extortion demand that they stole the personal data of 62.4M students and 9.5M teachers."

submitted 32 days ago • 0 comments

New flavor of CFAA violation just dropped. Bypassing AI content filters to create "illicit" content www.dmnews.com/microsoft-su...

submitted 32 days ago • 0 comments

“The misinfo & disinfo that [CISA] have stubbed their toe into and meddled with should be refocused onto what their job is, and that is to support critical infrastructure … to have the resources and be prepared for those cyberattacks that they will face,” Noem said www.nextgov.com/people/2025/...

submitted 33 days ago • 0 comments

I am on the board of The Hacking Games which is dedicated to training and recruiting the next generation of cybersecurity defenders, particularly among Generations A and Z. The focus is on non-traditional talent which won't have a cybersecurity degree or perhaps any degree. (1/4)

submitted 39 days ago • 1 comment

Targeted malicious packages are a growing problem dev teams need to be aware of. They need an automated solution to detect malicious code before they include these packages & run the code "Snyk security researcher deploys malicious NPM packages targeting Cursor" sourcecodered.com/snyk-malicio...

submitted 40 days ago • 3 comments

I am very excited about this upcoming episode of The Phillip Wylie Show! It features Veracode cofounder and OG hacker Chris Wysopal, aka @weld.bsky.social. This episode drops on 01/20/2025. phillipwylieshow.com/

submitted 41 days ago • 1 comment

During his safe cracking talk at Shmoocon, @deviantollam.bsky.social told the crowd he was the one who sold all of these protection devices to the hotel. Its great to raise awareness to security problems. It is even better to come up with cheap effective solutions. Physical 3rd party patching FTW!

submitted 41 days ago • 4 comments

Excited to see Deception & Operations Planning Frameworks by Russell Handorf presentation @shmoocon shmoocon.org/speakers/

submitted 43 days ago • 2 comments

Shmoocon things

submitted 43 days ago • 2 comments

So excited to be presenting at the last #ShmooCon with @antitree.com this morning @10am - "A Commencement into Real #Kubernetes Security!" shmoocon.org/speakers/#kube

submitted 43 days ago • 3 comments

Wade was taken to a Secret Service lab, where the agents had essentially reassembled his garage, including his makeshift supercomputer. They wanted Wade to explain how it all worked. He proved he was useful in helping them with crimes involving computers. www.semafor.com/article/01/1...

submitted 43 days ago • 0 comments

I wonder if this is a #Shmoocon inspired feature on my hotel room door handle. I’ve never seen it before

submitted 44 days ago • 3 comments

Headed to #Shmoocon!

submitted 44 days ago • 2 comments

Information Disclosure is rarely fixed "Brown was able to use text from a 404 error page shown by the cameras—including unique language and peculiar grammar—to find the IPs of exposed devices on the public internet. I think that is a very unique type of error page that only exists on this device"

submitted 45 days ago • 0 comments

AppSec teams. Here are your improvements for 2025! Boost Security Collaboration: Aligning software engineering & security teams can improve outcomes but most teams say they don't work well together. (1/2)

submitted 45 days ago • 1 comment

Earlier this week, ONCD hinted at a seismic shift: software liability policies are imminent as Biden's term closes. Secure development = safe harbor; insecure practices = legal risk. Will Congress take this up in 2025? Stakes are huge for IT, businesses, and consumers.

submitted 45 days ago • 0 comments

Biden’s final cybersecurity executive order, due this week, takes aim at AI, post-quantum cryptography, and agency-wide threat hunting. Critics question the timing, as federal cyber leadership sees turnover. Bold move or a policy Hail Mary? #Cybersecurity

submitted 45 days ago • 1 comment

U.S. Cyber Trust Mark is coming to products this year. I wish I could put it on my telephone.

submitted 46 days ago • 1 comment

Phylum (now part of Veracode) found 2,499 OSS packages targeting finance and crypto companies last year. Attackers know what OSS you use and are inserting malicious code blog.phylum.io/q3-2024-evol...

submitted 47 days ago • 1 comment

submitted 48 days ago • 1 comment

Devastated to hear about the passing of Amit Yoran. A true visionary in cybersecurity, Amit shaped our industry with his brilliance, leadership, and generosity. Always friendly, always sharing his knowledge—he inspired us all. He will be profoundly missed. Rest in peace. 🙏

submitted 50 days ago • 2 comments

Do organizations that give remote third party access to their systems red team with the assumption that they are compromised?

submitted 54 days ago • 2 comments

Threat actor was able to override security via a key used by a third-party service provider that offers remote technical support to its employees. The compromised third-party service - called BeyondTrust - has since been taken offline. www.bbc.com/news/article...

submitted 55 days ago • 1 comment

I can’t wait to dive into "Where Warlocks Stay Up Late!" This project brings us back to the early ‘90s, capturing rare interviews with legendary pioneers like Mike 'Route' Schiffman and Parmaster. Check out this first glimpse now!" youtu.be/rqvUoqHqxIA?...

submitted 65 days ago • 0 comments

This one is going to have a long tail because there is a code change to make if you are vulnerable. www.darkreading.com/application-...

submitted 66 days ago • 0 comments

Due to U.S. telco networks being compromised, today CISA is recommending: 1. Use only end-to-end encrypted communications 2. Enable Fast Identity Online (FIDO) phishing-resistant authentication 3. Migrate away from SMS-based MFA 4. Use a password manager to store all passwords

submitted 67 days ago • 2 comments

Is this potential ban because the products have more security vulns than average or the update process is poor or is there a fear of backdoors? Make the reasons clear and hold all vendors to the standard.

submitted 67 days ago • 5 comments

This feeling is what hacker STÖK calls “bounty fever.” It’s not only that feeling of finally completing the puzzle, but it's also the hundreds of thousands, if not millions, of dollars at stake. cybernews.com/editorial/ho...

submitted 69 days ago • 0 comments

It's frankly a complete joke that computer science graduates are not exposed to secure programming and secure by design as part of the CS curriculum. Drop a current required course and add this. There really isn't anything more important.

submitted 73 days ago • 7 comments

Registration: docs.google.com/forms/d/e/1F...

submitted 75 days ago • 0 comments