Author Archives: John Leyden

Out-of-band or out of control? Microsoft has pushed out an out-of-band update to address the restart loop that hit some Windows Server devices after its April update.… Continue reading Microsoft releases Windows Server update fix to fix its April update fixes→

Blames outfit called Context.ai, which reckons an agentic OAuth tangle caused the incident Vercel, the company that created the open source Next.js web development framework, has a data leak that led to compromise of some customer credentials, and blam… Continue reading Next.js developer Vercel warns of customer credential compromise→

Aren’t we all just prompting tokens of linguistic meaning and hoping the other person isn’t bullshitting us? kettle  It’s a week of the year, which means there’s been the discovery of yet another prompt injection attack that will force supposedly well-… Continue reading Just like phishing for gullible humans, prompt injecting AIs is here to stay→

Passing the buck, and the blame, down the road shows lack of AI companies’ maturity OPINION  AI vendors: “You need to use AI to fight AI threats (and do everything else in your corporate IT environment).” Also AI vendors: “That’s not a security flaw; i… Continue reading I meant to do that! AI vendors shrug off responsibility for vulns→

Bug hiding in plain sight for over a decade lands on KEV list CISA is sounding the alarm on a newly-exploited Apache ActiveMQ bug, ordering federal agencies to patch within two weeks as attackers circle a flaw that’s been quietly lurking for more than … Continue reading CISA tells feds to patch 13-year-old Apache ActiveMQ bug under active attack→

Or, how public information and a €5 tracker exposed an avoidable opsec lapse Militaries around the world spend countless hours training, developing policies, and implementing best operational security practices, so imagine the size of the egg on the fa… Continue reading Opsec oopsie: Dutch navy frigate location outed by mailing it a Bluetooth tracker→

University student says he plans to move to Android, but concedes iOS engineers acting fast Apple is finally working on a fix for a bug that has locked some users out of their iPhones for months, The Register understands.… Continue reading Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug→

Pause your Mythos panic because mainstream models anyone can use already pick holes in popular software Anthropic withheld its Mythos bug-finding model from public release due to concerns that it would enable attackers to find and exploit vulnerabiliti… Continue reading Claude Opus wrote a Chrome exploit for $2,283→

Bug or feature? A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into Anthropic’s official Model Context Protocol (MCP) puts as many as 200,000 servers at risk of complete takeover, accord… Continue reading Anthropic won’t own MCP ‘design flaw’ putting 200K servers at risk, researchers say→

Social engineering: ‘low-cost, hard to patch, and scales well’ North Korean criminals set on stealing Apple users’ credentials and cryptocurrency are using a combination of social engineering and a fake Zoom software update to trick people into manuall… Continue reading North Korea targets macOS users in latest heist→