Author Archives: John Leyden

Two computer crime allegations follow up to 18M lines of data surfacing online French prosecutors say police detained a 15-year-old on April 25 over the alleged theft of millions of records from France Titres (ANTS), the agency handling secure document… Continue reading French prosecutors link 15-year-old to mega-breach at state’s secure document agency→

Turns out the real problem is not AI but staff still clicking on dodgy emails from ‘IT support’ Nearly half of UK businesses are still getting breached, and in many cases, the attacker’s big breakthrough is an employee clicking “sure, why not” on a fak… Continue reading Nearly half of UK businesses pwned last year as phishing keeps doing the job like it’s 2005→

Just in time for the Trump-Xi summit Exclusive  A novel China-linked threat group infiltrated more than a dozen critical networks in Poland, Asian countries, and possibly beyond, beginning in December 2024 and with activity uncovered as recently as thi… Continue reading What type of ‘C2 on a sleep cycle’ do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia→

Emergency patches out now for those managing the millions of domains assumed to be affected Emergency patches are available for a critical vulnerability in cPanel and WHM that allows attackers to bypass authentication and gain root access to servers ma… Continue reading Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day→

Investigation finds no single cause for soldiers falling ill, just bad bolts, cold air, and apparently the soldiers themselves Britain’s notorious Ajax armored vehicles are being accepted back from the manufacturer after investigations found no single … Continue reading Britain’s £6B armoured sickener Ajax cleared for duty despite injuring troops→

Great idea, guys. Let’s keep all of the data in an Excel file with weak password protection PWNED  Welcome, once again, to PWNED, the weekly column where we recount the adventures of IT explorers who found their own pile of quicksand and then jumped ri… Continue reading Finance company stores DB credentials in helpfully labeled spreadsheet→

Patches land for authencesn flaw enabling local privilege escalation Developers of major Linux distributions have begun shipping patches to address a local privilege escalation (LPE) vulnerability arising from a logic flaw.… Continue reading Linux cryptographic code flaw offers fast route to root→

ORNL says portable detector kit can separate real GPS signals from fake ones even at equal strength GPS spoofing, which sends fake satellite-like signals, and GPS jamming, which drowns receivers in noise, are increasingly serious problems. Researchers … Continue reading Researchers move in the right direction, develop powerful GPS interference alarm→

Second try’s a charm? Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are exploiting a zero-click Windows flaw that can expose sensitive information on vulnerable systems.… Continue reading Microsoft’s patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack→

Microsoft readies the axe once again for yesterday’s security Microsoft has warned users still clinging to legacy TLS versions that the end is nigh for TLS 1.0 and 1.1 on POP3 and IMAP4 connections to Exchange Online.… Continue reading Legacy TLS tour continues with Exchange Online blocking old versions from July 2026→