Author Archives: John Leyden

Fortune 500 companies and one US defense contractor got taken for $5m in four-year scam Two Americans have been jailed for a combined 200 months for helping North Korea generate $5 million through fraudulent IT worker schemes.… Continue reading Americans who masterminded Nork IT worker fraud sentenced to 200 months behind bars→

Forged metadata made AI reviewer treat hostile changes as though they came from known maintainer Security boffins say Anthropic’s Claude can be tricked into approving malicious code with just two Git commands by spoofing a trusted developer’s identity…. Continue reading Git identity spoof fools Claude into giving bad code the nod→

Publisher claims misconfigured Salesforce-hosted page leaked data Textbook giant McGraw Hill has landed on a ransomware crew’s leak site after an alleged Salesforce-linked misconfiguration spilled 13.5 million records into the wild.… Continue reading Textbook titan McGraw Hill on ransomware crew’s reading list after 13.5M records exposed→

Just migrate already, would you? But if you can’t, Redmond will take your cash Microsoft will keep delivering security updates for old versions of Exchange Server and Skype for Business Server, after admitting that some customers aren’t ready to make t… Continue reading Microsoft announces product it doesn’t want anyone to buy→

Your cybersecurity is only as good as the physical security of the servers PWNED  Welcome back to Pwned, the column where we immortalize the worst vulns that organizations opened up for themselves. If you’re the kind of person who leaves your car doors… Continue reading Server-room lock was nothing but a crock→

Browser fingerprinting is everywhere Google markets its Chrome browser by citing its superior safety features, but according to privacy consultant Alexander Hanff, Chrome does not protect against browser fingerprinting – a method of tracking people onl… Continue reading Google Chrome lacks protection against one of the most basic and common ways to track users online→

Like the majority of the companies participating, it remains a mystery Last week, Anthropic surprised the world by declaring that its latest model, Mythos, is so good at finding vulns that it would create chaos if released. Now, under the title of Proj… Continue reading Nobody knows how many CVEs Anthropic’s Project Glasswing has actually found→

No reports of active exploitation (yet) Watch out for more Fortinet vulns! Two critical bugs in Fortinet’s sandbox could allow unauthenticated attackers to bypass authentication or execute unauthorized code on vulnerable systems.… Continue reading Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP→

Some customer orgs tell staff to block inbound email from the provider Autovista confirms that it called in outside support to help clean up a ransomware infection currently affecting systems in Europe and Australia.… Continue reading Automotive data biz Autovista blames ransomware for service disruption→

Latest in a string of cases that have earned France an unfortunate title A mother and her ten-year-old son are now free after being kidnapped for around 20 hours while the father was being extorted for hundreds of thousands of euros.… Continue reading French cops free mother and son after 20-hour crypto kidnap ordeal→