Author Archives: John Leyden

GrassMarlin leaks sensitive information, provided your targeting phishing skills are sharp enough The Cybersecurity and Infrastructure Security Agency (CISA) is warning anyone who uses GrassMarlin, a tool developed by the National Security Agency (NSA)… Continue reading CISA flags data-theft bug in NSA-built OT networking tool→

Claude ploughs through months of work in rapid time, helps Wiz researchers nab lucrative award Wiz researchers are set for a tidy payday thanks to their discovery of a high-severity flaw in GitHub’s git infrastructure that handed remote attackers full … Continue reading GitHub: Zounds, a genuinely helpful AI-assisted bug report that isn’t total slop! Here, Wiz, take this wad of cash→

‘Online platforms can rely on our app,’ says Commish, ‘there are no more excuses’ The European Commission has recommended EU member states adopt an age verification app designed to protect children from harmful online content.… Continue reading EU waves through open source age-check tool to keep kids safe online→

32 phone calls, 17 email chains, a 5-day ordeal, and no help during the daddy of all stuffups, claim those affected GoDaddy is currently investigating claims that it handed complete control of a valid 27-year-old domain to another customer, without req… Continue reading GoDaddy customer claims registrar transferred 27-year-old domain without any security checks→

Yet another reason not to feast on OpenClaw Thirty ClawHub skills published by a single author are silently co-opting AI agents and creating a mass cryptocurrency mining swarm – without any malware or user consent.… Continue reading 30 ClawHub skills secretly turn AI agents into a crypto swarm→

‘Full recovery is impossible for anyone, including the attacker’ Organizations hit by the wave of Trivy and LiteLLM supply-chain compromises that paid Vect in hopes of recovering their data likely did not get much back, according to Check Point Researc… Continue reading Don’t pay Vect a ransom – your data’s likely already wiped out→

Names, phone numbers, physical addresses also included in Shiny Hunters alleged data dump Updated  Logistics technology company Pitney Bowes, which makes franking machines for US postage, is the latest scalp claimed by ShinyHunters and its ongoing spre… Continue reading Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak→

Linux vendor touts European independence at SUSECON as majority stakeholder quietly explores its options European-based SUSE devoted much of the annual SUSECON event to its sovereignty-focused pitch – even as reports swirl that its majority stakeholder… Continue reading SUSE’s sovereignty pitch meets an inconvenient $6 billion question→

Vendor confirms repo data exposure after Lapsus$ claims source code, secrets dump Software security testing outfit Checkmarx has become the latest organization caught up in an ongoing attack on security-tool providers. The biz said data posted online a… Continue reading Ongoing supply-chain attack ‘explicitly targeting’ security, dev tools→

Itron, Medtronic disclose breaches in Friday filings Digital intruders recently broke into two major tech suppliers – utility-technology firm Itron and medical-device maker Medtronic – according to filings with federal regulators.… Continue reading Medical and utility tech companies admit digital breakins→