Jonathan Leitschuh
@jlleitschuh.bsky.social
First Dan Kaminsky Fellow | Security Researcher for the OSS Ecosystem | Speaker | Dropper of 0days (Responsibly) | @GitHub Star ⭐️ | Opinions=Mine | He/Him
🐍 How does a “Won’t Fix” CVE become a 160-comment thread… and a 5-year-old RCE that finally gets fixed?
It involved deserialization bugs, real payloads, and a phone call from the beach.
The full story of SnakeYAML 2.0 and secure-by-default APIs 👇
🔗 infosecwriteups.com/%EF%B8%8F-in...
It involved deserialization bugs, real payloads, and a phone call from the beach.
The full story of SnakeYAML 2.0 and secure-by-default APIs 👇
🔗 infosecwriteups.com/%EF%B8%8F-in...
June 5, 2025 at 3:24 PM
🐍 How does a “Won’t Fix” CVE become a 160-comment thread… and a 5-year-old RCE that finally gets fixed?
It involved deserialization bugs, real payloads, and a phone call from the beach.
The full story of SnakeYAML 2.0 and secure-by-default APIs 👇
🔗 infosecwriteups.com/%EF%B8%8F-in...
It involved deserialization bugs, real payloads, and a phone call from the beach.
The full story of SnakeYAML 2.0 and secure-by-default APIs 👇
🔗 infosecwriteups.com/%EF%B8%8F-in...
What an absolutely wild story. Cringing at the implications. This is a wild way for a US government agency to be operating
www.npr.org/2025/04/15/n...
www.npr.org/2025/04/15/n...
A whistleblower's disclosure details how DOGE may have taken sensitive labor data
A whistleblower tells Congress and NPR that DOGE may have taken sensitive labor data and hid its tracks. "None of that ... information should ever leave the agency," said a former NLRB official.
www.npr.org
April 16, 2025 at 4:05 PM
What an absolutely wild story. Cringing at the implications. This is a wild way for a US government agency to be operating
www.npr.org/2025/04/15/n...
www.npr.org/2025/04/15/n...
I thought it might be fun to capture all of the falsehoods I've observed over the years regarding CVE in a single place.
Feel free to send this to your CEO next time they use "CVE" and vulnerability interchangeably 😆
medium.com/@jonathan.le...
Feel free to send this to your CEO next time they use "CVE" and vulnerability interchangeably 😆
medium.com/@jonathan.le...
Falsehoods People Believe about CVE’s
CVE ≠ Vulnerability (And 35 Other Confusions Regarding CVE)
medium.com
April 14, 2025 at 3:27 PM
I thought it might be fun to capture all of the falsehoods I've observed over the years regarding CVE in a single place.
Feel free to send this to your CEO next time they use "CVE" and vulnerability interchangeably 😆
medium.com/@jonathan.le...
Feel free to send this to your CEO next time they use "CVE" and vulnerability interchangeably 😆
medium.com/@jonathan.le...
Reposted by Jonathan Leitschuh
BREAKING: The FTC has announced a new rule banning junk fees for tickets and hotels.
This final junk fees rule bans bait-and-switch pricing and all tactics that corporations use to hide the total price of live event tickets, hotels, and vacation rentals.
This final junk fees rule bans bait-and-switch pricing and all tactics that corporations use to hide the total price of live event tickets, hotels, and vacation rentals.
Federal Trade Commission Announces Bipartisan Rule Banning Junk Ticket and Hotel Fees
www.ftc.gov
December 17, 2024 at 3:11 PM
BREAKING: The FTC has announced a new rule banning junk fees for tickets and hotels.
This final junk fees rule bans bait-and-switch pricing and all tactics that corporations use to hide the total price of live event tickets, hotels, and vacation rentals.
This final junk fees rule bans bait-and-switch pricing and all tactics that corporations use to hide the total price of live event tickets, hotels, and vacation rentals.