Chris Merkel 🐀👨🏼‍🍳

@[email protected]
684 Followers
1.2K Following
1,052 Posts

Dad, beautiful nerd, storyteller.

AppSec, CloudSec, DevOps, DFIR, rainbow teaming, recreational hacking and dubious career advice.

By day, I lead teams comprised of the most talented people working in this industry.

Beyond that, I lead and volunteer my time doing career development work across many different venues.

Nerdy stuff I do for fun:
- Malware analysis
- Shodan safari
- Photo and video restoration

Pronounshe/him/his
Threadshttps://www.threads.net/@chris__merkel__cyber
CheetosFlamin' Hot
I just dowhat the rat tells me
Chris Merkel 🐀👨🏼‍🍳Mar 18
How long do you think before tech executives realize that they money they took from laying off developers was only enough to cover the cost of a few days LLM use?
Chris Merkel 🐀👨🏼‍🍳Mar 11
Cyberattacks that have the possibility of disrupting the supply chain for hip replacements seems like it might be a "surgical strike" against Trump's core demographic.
Chris Merkel 🐀👨🏼‍🍳Mar 11
This is the pinnacle of self-deprecating humor.
Chris Merkel 🐀👨🏼‍🍳Mar 6
Thinkpiece: How the appointment of Jawbone McBanjofuck going to affect long term strategy at CISA, 5 pros, 4 cons and one conclusion you'll have to see to believe.
Chris Merkel 🐀👨🏼‍🍳Mar 6
The reason you never leave your computer unlocked is because a threat actor will walk up to it and put a very small gap in your display arrangement, preventing your mouse from moving from one screen to the other.
Chris Merkel 🐀👨🏼‍🍳Mar 5
Just ordered a Macbook Neo for my personal daily driver. Mostly cloud-native, so on-box processing is always minimal, great for development work, AI projects, etc. Right now my PDD is a 5 yo Dell running Ubuntu. Better battery, ARM efficiency, long supported life and it's 600 bucks. What's not to love?
Chris Merkel 🐀👨🏼‍🍳Mar 5

Every day is like a loot box drop in software supply chain security

https://app.opencve.io/cve/CVE-2026-29000

CVE-2026-29000 - Vulnerability Details - OpenCVE

pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.

Chris Merkel 🐀👨🏼‍🍳Feb 23
Content pirates upset about content piracy.
Chris Merkel 🐀👨🏼‍🍳Feb 20
The PRC responds: "Hold my baijiu"
Chris Merkel 🐀👨🏼‍🍳Feb 19

This is the cyber equivalent of "this is what [horrific personal tragedy] taught me about B2B sales"

yall please. just don't.