Author Archives: John Leyden

CUPS server shown spilling out remote code execution and root access In the latest chapter on leaky CUPS, a security researcher and his band of bug-hunting agents have found two flaws that can be chained to allow an unauthenticated attacker to remotely… Continue reading AI agents found vulns in this popular Linux and Unix print server→

CISA added the flaw to KEV after Fortinet confirmed exploitation in the wild Fortinet released an emergency patch over the weekend for a critical FortiClient Enterprise Management Server (EMS) bug believed to be under attack since at least March 31.… Continue reading Attackers exploited this critical FortiClient EMS bug as a 0-day→

Pay no attention to that code behind the curtain, says Anthropic as it scrambles to defend its IPO Kettle  When it comes to circling up for this week’s Kettle, what is there to discuss but Anthropic’s accidental release of Claude Code’s source code?… Continue reading Anthropic sure has a mess on its hands thanks to that Claude Code source leak→

True-crime tales of criminals making fools of themselves interview  Cybercrime crews have become almost mystical entities, with security vendors assigning them names like Wizard Spider and Velvet Tempest.… Continue reading Researchers didn’t want to glamorize cybercrims. So they roasted them→

Ex-CISA official tells The Reg: ‘this would weaken the system for managing cyber risk’ The US Cybersecurity and Infrastructure Security Agency’s budget will see yet another deep cut if Congress approves President Trump’s proposal to slash CISA’s spendi… Continue reading Trump wants to take a battle axe to CISA again and slash $707M from budget→

A practical look at securing identities, devices and applications wherever work happens Webinar Promo  The shift to hybrid work has reshaped the enterprise perimeter. Users are logging in from home networks, shared spaces and unmanaged devices, while a… Continue reading Hybrid work, expanded risk: what needs to change→

Source code with a side of Vidar stealer and GhostSocks Tens of thousands of people eagerly downloaded the leaked Claude Code source code this week, and some of those downloads came with a side of credential-stealing malware.… Continue reading They thought they were downloading Claude Code source. They got a nasty dose of malware instead→

Connected devices can leave an otherwise secure network vulnerable Pwned  Welcome to Pwned, The Register’s new column, where we highlight the worst infosec own goals so you can, hopefully, protect against them. Caffeine is an essential tool for most IT… Continue reading The company’s biggest security hole lived in the breakroom→

First public downstream victim, but won’t be the last AI hiring startup Mercor confirmed it was “one of thousands of companies” affected by the LiteLLM supply-chain attack as the fallout from the Trivy compromise continues to spread.… Continue reading AI recruiting biz Mercor says it was ‘one of thousands’ hit in LiteLLM supply-chain attack→

Plus: how to train your human AI interview  Amazon has seen a 40 percent efficiency gain by using AI tools to pentest its products before and after launch, according to security chief CJ Moses.… Continue reading Amazon security boss: AI makes pentesting 40% more efficient→