Jonathan Leitschuh

I found a travel app leaking exact user locations and birthdays via its internal API.

We could pinpoint where people were living and sleeping.

Full write-up 👇
medium.com/bugbountywri...

🐍 How does a “Won’t Fix” CVE become a 160-comment thread… and a 5-year-old RCE that finally gets fixed?

It involved deserialization bugs, real payloads, and a phone call from the beach.

The full story of SnakeYAML 2.0 and secure-by-default APIs 👇

🔗 infosecwriteups.com/%EF%B8%8F-in...

A whistleblower's disclosure details how DOGE may have taken sensitive labor data A whistleblower tells Congress and NPR that DOGE may have taken sensitive labor data and hid its tracks. "None of that ... information should ever leave the agency," said a former NLRB official.

What an absolutely wild story. Cringing at the implications. This is a wild way for a US government agency to be operating

www.npr.org/2025/04/15/n...

Falsehoods People Believe about CVE’s CVE ≠ Vulnerability (And 35 Other Confusions Regarding CVE)

I thought it might be fun to capture all of the falsehoods I've observed over the years regarding CVE in a single place.

Feel free to send this to your CEO next time they use "CVE" and vulnerability interchangeably 😆

medium.com/@jonathan.le...

Federal Trade Commission Announces Bipartisan Rule Banning Junk Ticket and Hotel Fees

BREAKING: The FTC has announced a new rule banning junk fees for tickets and hotels.

This final junk fees rule bans bait-and-switch pricing and all tactics that corporations use to hide the total price of live event tickets, hotels, and vacation rentals.