How Thetford Academy built one of the region’s most successful student robotics programs
Collaborated on an article covering the Thetford Academy Robotics team that I started in high school back in 2011.
Article/Publication / 01-09-2026
Jonathan Leitschuh
United States
Jonathan Leitschuh is a Security Software Engineer and Security Researcher. He was the inaugural Dan Kaminsky Fellow @ Human Security. Jonathan is best known for the July 2019 Zoom Video Conferencing 0-Day Vulnerability. He championed an industry-wide initiative for JVM ecosystem artifact servers to to formally decommission the support of HTTP, in favor of HTTPS exclusively. Jonathan has a degree in Robotics and Computer Science from Worcester Polytechnic Institute. His security research focuses on widespread-common security vulnerabilities impacting OSS. His research has resulted in north of 50 CVEs being assigned in a variety of OSS components. He's a strong proponent for security researchers having and enforcing vulnerability disclosure policies. He has spoken at conferences ranging from BSides, to Black Hat and DEF CON! In his free time, Jonathan sails his Hobie Getaway Catamaran in Boston Harbor.
Community Contributions
Google’s OSV Fix Just Added 500+ New Advisories — All Thanks to One Small Policy Change
A data handling bug in OSV.dev caused disputed CVEs to disappear from vulnerability feeds until a recent fix restored over 500 advisories.
Blogpost / 10-10-2025
Researcher Exposes Zero-Day Clickjacking Vulnerabilities in Major Password Managers
Hacker Demonstrates How Easy It Is To Steal Data From Popular Password Managers
Blogpost / 08-19-2025
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Blogpost / 08-01-2025
What’s an OSS Vulnerability Janitor?
What does it take to sweep up after the industries security vulnerabilities that have been left unpatched or undisclosed?
Blogpost / 07-31-2025
Burn It With Fire: How to Eliminate an Industry-Wide Supply Chain Vulnerability
🔥 The supply chain bug that couldn’t be ignored — so I torched it
Blogpost / 07-02-2025
5 Years, 160 Comments, and the Vulnerability That Refused to Die
How a 5-year-old deserialization flaw, a vacation phone call, and some persistence led to a safer Java ecosystem
Blogpost / 06-05-2025
When Open Source Isn’t: How OpenRewrite Lost Its Way
Moderne quietly relicensed community-contributed OpenRewrite code from Apache 2.0 to a proprietary license, abandoning its open source commitments. This decision risks legal exposure, undermines community trust, and sets a dangerous precedent for OSS stewardship.
Blogpost / 05-25-2025