Author Archives: John Leyden

Vuln old enough to drive lands on CISA’s exploited list While Microsoft was rolling out its bumper Patch Tuesday updates this week, US cybersecurity agency CISA was readying an alert about a 17-year-old critical Excel flaw now under exploit.… Continue reading Ancient Excel bug comes out of retirement for active attacks→

Command prefix will require password by default The latest version of Raspberry Pi OS now requires a password for sudo by default.… Continue reading Raspberry Pi OS ends open-door policy for sudo→

Open Rights Group says years of reliance on US giants have left Britain exposed Britain has spent years wiring its public sector into US Big Tech, and a new report says that dependence could quickly become a national security headache.… Continue reading UK told its Big Tech habit is now a national security risk→

Researchers who found the flaws scored beer money bounties and warn the problem is probably pervasive Exclusive  Security researchers hijacked three popular AI agents that integrate with GitHub Actions by using a new type of prompt injection attack to … Continue reading Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven’t warned users→

The company’s new software keeps an eye on your agents and backs up data. Keep your agents close and your agent-monitoring software closer. Commvault’s new AI Protect can discover and monitor AI agents running inside AWS, Azure, and GCP environments an… Continue reading Commvault has a Ctrl+Z for rogue AI agents→

One CVE under attack, one already disclosed by angry bug hunter, and 163 more Attackers exploited a spoofing vulnerability in Microsoft SharePoint Server before Redmond issued a fix as part of April’s mega Patch Tuesday.… Continue reading Microsoft’s massive Patch Tuesday: It’s raining bugs→

Honey, the skids are fighting again Two rival ransomware gangs have locked horns after 0APT threatened to expose people affiliated with Krybit.… Continue reading No honor among thieves as 0APT threatens rival ransomware gang Krybit→

One was patched almost 14 years ago Crooks are exploiting four Microsoft vulnerabilities – one patched 14 years ago and another tied to ransomware activity – according to America’s lead cyber-defense agency, which on Monday gave federal agencies two we… Continue reading Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum→

Google Sites lure leads to bogus root certificate Imagine getting asked to do something by a person in authority. An unknown malware slinger targeting open source software developers via Slack impersonated a real Linux Foundation official and used page… Continue reading Fake Linux leader using Slack to con devs into giving up their secrets→

Travel giant says names, contact details, dates, and hotel messages potentially exposed Booking.com is warning customers that their reservation details may have been exposed to unknown attackers, in the latest reminder that the travel giant still can’t… Continue reading Booking.com warns reservation data may have checked out with intruders→