Author Archives: John Leyden

Advocate General urges rethink of PSD2 to speed compensation after scams Analysis  One of the European Union’s top legal advisors is trying to change how banks treat cybercrime victims – meaning they could enjoy greater financial protections sooner tha… Continue reading EU legal eagle says banks should refund cybercrime victims first, argue later→

Reflecting on the relaunch of the UK Cyber Team and introducing the next phase of leadership Partner Content  The UK Cyber Team is a government initiative led by the Department for Science, Innovation and Technology in partnership with SANS Institute. … Continue reading Building the UK’s next generation of cyber talent→

Could steal sensitive personal and financial data After a whopper of a Patch Tuesday last month, with six Microsoft flaws exploited as zero-days, March didn’t exactly roar in like a lion. Just two of the 83 Microsoft CVEs released on Tuesday are listed… Continue reading Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack→

Ransomware, malware-as-a-service, infostealers benefit MOIS, too Iranian government-backed snoops are increasingly using cybercrime malware and ransomware infrastructure in their operations – not just hiding behind criminal masks as a cover for destruc… Continue reading Cybercrime isn’t just a cover for Iran’s government goons – it’s a key part of their operations→

Rapid7 says crims broke into more than 250 sites globally, including a US Senate candidate’s campaign page Cyber baddies quietly compromised legitimate WordPress websites, including the campaign site of a US Senate candidate, turning them into launchpa… Continue reading Crooks compromise WordPress sites to push infostealers via fake CAPTCHA prompts→

Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses A Russian-speaking cyber criminal is targeting corporate HR teams with fake CVs that quietly install malware which can disable security tools before stealing data… Continue reading Fake job applications pack malware that kills endpoint detection before stealing data→

Crooks used simple phone scam to compromise vendor account, spilling personal and financial data belonging to more than 15,000 people A voice-phishing scam targeting one of Ericsson’s service providers has exposed the personal data of more than 15,000 … Continue reading Ericsson blames vendor vishing slip-up for breach exposing thousands of records→

Digital freedom needs a Kali Linux for the rest of us Opinion  The hacker mind is a curious way to be. To have it means to embody endless analytical curiosity, an awareness of any given rule set as just one system among many, and an ability to see any … Continue reading Protecting democracy means democratizing cybersecurity. Bring on the hackers→

Kids profited from tools used to attack popular websites, say officials Polish police have referred seven suspected juvenile cybercriminals to family court over an alleged scheme to flog DDoS kits online.… Continue reading Polish cops bust alleged teen DDoS kit sellers – youngest just 12→

David and Goliath…but with AI agents Researchers at red-team security startup CodeWall say their AI agent hacked McKinsey’s internal AI platform and gained full read and write access to the chatbot in just two hours.… Continue reading AI vs AI: Agent hacked McKinsey’s chatbot and gained full read-write access in just two hours→