Author Archives: John Leyden

Curious port filtering and traffic patterns suggest advisories weren’t the earliest warning signals sent Telcos likely received advance warning about January’s critical Telnet vulnerability before its public disclosure, according to threat intelligence… Continue reading Were telcos tipped off to *that* ancient Telnet bug? Cyber pros say the signs stack up→

Attackers using social engineering to exploit business processes, rather than tunnelling in via tech Exclusive  When fraudsters go after people’s paychecks, “every employee on earth becomes a target,” according to Binary Defense security sleuth John Dw… Continue reading Payroll pirates are conning help desks to steal workers’ identities and redirect paychecks→

Smug faces across all those who opposed the WordPad-ification of Microsoft’s humble text editor Just months after Microsoft added Markdown support to Notepad, researchers have found the feature can be abused to achieve remote code execution (RCE).… Continue reading Notepad’s new Markdown powers served with a side of remote code execution→

UK government grilled over progress made to prevent a second life-threatening leak Legacy IT issues are hampering key technical measures designed to prevent highly sensitive data leaks, UK government officials say.… Continue reading Legacy systems blamed as ministers promise no repeat of Afghan breach→

Roses are red, violets are blue … now get patching What better way to say I love you than with an update? Attackers exploited a whopping six Microsoft bugs as zero-days prior to Redmond releasing software fixes on February’s Patch Tuesday.… Continue reading Microsoft’s Valentine’s gift to admins: 6 exploited zero-day fixes→

Zero-click prompt injection can leak data when AI agents meet messaging apps, researchers warn AI agents can shop for you, program for you, and, if you’re feeling bold, chat for you in a messaging app. But beware: attackers can use malicious prompts in… Continue reading AI agents spill secrets just by previewing malicious links→

Operation Cyber Guardian involved 100-plus staff across government and industry Singapore spent almost a year flushing a suspected China-linked espionage crew out of its telecom networks in what officials describe as the country’s largest cyber defense… Continue reading Singapore spent 11 months booting China-linked snoops out of telco networks→

HR outsourcer Conduent confirms intruders accessed benefits-related records tied to US personnel Nearly 17,000 Volvo employees had their personal data exposed after cybercriminals breached Conduent, an outsourcing giant that handles workforce benefits … Continue reading Nearly 17,000 Volvo staff dinged in supplier breach→

Troops fitted with new comms kit as part of Project ASGARD British soldiers are to get an array of AI-ready kit that should mean they don’t have to wait to see the “whites of their eyes” before pulling the trigger.… Continue reading British Army splashes $86M on AI gear to speed up the battlefield kill chain→

So many CVEs, so little time Digital intruders exploited buggy SolarWinds Web Help Desk (WHD) instances in December to break into victims’ IT environments, move laterally, and steal high-privilege credentials, according to Microsoft researchers.… Continue reading Someone’s attacking SolarWinds WHD to steal high‑privilege credentials – but we don’t know who or how→