Author Archives: John Leyden

Discovery is getting cheaper. Validation and patching aren’t What good is finding a hole if you can’t fix it? Anthropic last week talked up Claude Code’s improved ability to find software vulnerabilities and propose patches. But security researchers sa… Continue reading AI has gotten good at finding bugs, not so good at swatting them→

SolarWinds + file transfer software = what attackers’ dreams are made of If you run SolarWinds’ Serv-U, you should patch promptly. Four critical vulnerabilities in the file transfer software can allow attackers to execute code as root.… Continue reading Patch these 4 critical, make-me-root SolarWinds bugs ASAP→

New ransomware of choice, same critical targets North Korea’s Lazarus Group appears to have added another tool to its kit. It has begun using Medusa ransomware in extortion attacks targeting at least one US healthcare organization and an unnamed victim… Continue reading North Korea’s Lazarus Group targets healthcare orgs with Medusa ransomware→

When a one-line fix triggers thousands of PRs, something’s off A Go library maintainer has urged developers to turn off GitHub’s Dependabot, arguing that false positives from the dependency-scanning tool “reduce security by causing alert fatigue.”… Continue reading Go library maintainer brands GitHub’s Dependabot a ‘noise machine’→

When a one-line fix triggers thousands of PRs, something’s off A Go library maintainer has urged developers to turn off GitHub’s Dependabot, arguing that false positives from the dependency-scanning tool “reduce security by causing alert fatigue.”… Continue reading Go library maintainer brands GitHub’s Dependabot a ‘noise machine’→

Social media giant retorts it doesn’t want to collect ‘private’ data, and plans to appeal The UK’s data protection regulator has fined social media giant Reddit £14.47 million ($19.5 million) over its use of children’s data.… Continue reading UK data watchdog fines Reddit £14.47M for letting kids slip past the gate→

Public prosecutor mulls sentencing following investigations into two separate attacks Two South Korean teenagers were this week charged with breaching Seoul’s public bike service, Ttareungyi.… Continue reading Korean cops charge teens over bike hire breach that exposed data on 4.62M riders→

Visa applications down, executives emigrating, and AI blamed for the rest The number of international workers applying for a visa to work in the UK’s tech sector dropped 11 percent between Q2 and Q3 2025, and was down 6 percent year-on-year, according … Continue reading UK tech hit by double trouble: Fewer foreign techies amid skills squeeze→

We like our surface-to-air weapons affordable Britain has joined a handful of European allies in a program to develop low-cost air defense systems, including autonomous drones or missiles, with project delivery of the first elements scheduled for as ea… Continue reading Euro allies aiming to rapidly build low-cost air defense weapons→

Not the first of its kind ai-pocalypse  Anthropic sent the infosec community into a tizzy on Friday when it rolled out Claude Code Security, a new feature that scans codebases for vulnerabilities and suggests patches to fix the issues.… Continue reading Infosec community panics as Anthropic rolls out Claude code security checker→