Author Archives: John Leyden

Millions of hijacked devices powered traffic floods targeting defense systems and beyond The US government has moved to disrupt a cluster of IoT botnets behind some of the largest DDoS attacks ever recorded, including traffic bursts topping 30 terabits… Continue reading Feds disrupt monster IoT botnets behind record-breaking DDoS attacks→

Lack of clear criteria risks encouraging firms to lean on state support instead of worrying about insurance The UK’s cyber watchdog has warned that the government’s £1.5 billion bailout of Jaguar Land Rover (JLR) risks setting a troubling precedent for… Continue reading Jaguar Land Rover’s cyber bailout sets worrying precedent, watchdog warns→

Audit trails aplenty, but no price tag – and no clue how long your data sticks around Opinion  Last week’s UK government consultation on its plans for digital identity had quite a few things missing. It did not include a price estimate – something it s… Continue reading Starmer’s digital ID reboot raises same old questions as its Blair-era ancestor→

He would have gotten away with it too, if it weren’t for a meddling security team’s fear of USB On Call  Each Friday The Register offers a fresh installment of On Call, the reader-contributed column that celebrates the fine art of tech support.… Continue reading While you’re here, could you go out of your way to do an impossible job?→

Last time: Beijing-backed snoops and ransomware crims. Who’s next? Unknown baddies are abusing yet another critical Microsoft SharePoint bug to compromise victims’ SharePoint servers, the US government warned.… Continue reading Unknown attackers exploit yet another critical SharePoint bug→

Chocolate Factory describes concession as an attempt to balance openess with safety It turns out you won’t be limited to Google-verified apps and developers on Android after all. In the face of sustained community dissatisfaction with its developer ver… Continue reading Google gives Android users a way to install unverified apps if they prove they really, really want to→

Iran-linked attackers wiped employees’ devices using Intune The US government has urged companies to better secure Microsoft Intune, an endpoint management tool that was abused in last week’s cyberattack against med-tech firm Stryker.… Continue reading Lock down Microsoft Intune, feds warn after Stryker attack→

Where are you? What are you working on? Why are you doing that? Identity access and management platform Okta announced the general availability of its Okta for AI Agents, which will give customers the ability to do three things: locate agents, see what… Continue reading Okta made a nightmare micromanager for your AI agents→

Darksword is the second iOS exploit chain in a month A new exploit kit targeting iPhone users and stealing their sensitive data is being abused by “multiple” spyware vendors and suspected nation-state goons, security researchers said on Wednesday.… Continue reading State snoops and spyware vendors planting info-stealing malware on iPhones, Google warns→

Interlock’s post-exploit toolkit exposed Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, according t… Continue reading Ransomware crims abused Cisco 0-day weeks before disclosure, says Amazon security boss→