Author Archives: John Leyden

Fix didn’t quite do the job – attackers spotted logging in Fortinet has confirmed that attackers are actively bypassing a December patch for a critical FortiCloud single sign-on (SSO) authentication flaw after customers reported suspicious logins on de… Continue reading Fortinet admits FortiGate SSO bug still exploitable despite December patch→

Direct debits? Maybe February. Birth certificates? Dream on. Council tax bills? Oh, those are coming Hammersmith & Fulham Council says payments are now being processed as usual, two months after a cyberattack that affected multiple boroughs in the … Continue reading London boroughs limping back online months after cyberattack→

Much owed to the few, but takeup is under 1% More than 15,000 former members of the UK’s armed forces have successfully applied for a digital version of their veterans ID card since its launch in October, according to the Government Digital Service (GD… Continue reading Marching orders delayed: Veterans’ Digital ID off to a slow start→

Teach a crook to phish… Criminals can more easily pull off social engineering scams and other forms of identity fraud thanks to custom voice-phishing kits being sold on dark web forums and messaging platforms.… Continue reading Crims hit the easy button for Scattered-Spider style helpdesk scams→

Logging in, not breaking in Unknown attackers are abusing Microsoft SharePoint file-sharing services to target multiple energy-sector organizations, harvest user credentials, take over corporate inboxes, and then send hundreds of phishing emails from c… Continue reading Crims compromised energy firms’ Microsoft accounts, sent 600 phishing emails→

Admins say attackers are still getting in despite recent patches FortiGate firewalls are getting quietly reconfigured and stripped down by miscreants who’ve figured out how to sidestep SSO protections and grab sensitive settings right out of the box.… Continue reading FortiGate firewalls hit by silent SSO intrusions and config theft→

Regulators logged over 400 personal data breach notifications a day for first time since law came into force GDPR fines pushed past the £1 billion (€1.2 billion) mark in 2025 as Europe’s regulators were deluged with more than 400 data breach notificati… Continue reading Europe’s GDPR cops dished out €1.2B in fines last year as data breaches piled up→

Mind the cyber gap – similar flaws highlighted multiple years in a row Concerned about the orgs that safeguard your money? The UK’s annual cybersecurity review for 2025 suggests you should be. Despite years of regulation, financial organizations contin… Continue reading Bank of England: Financial sector failing to implement basic cybersecurity controls→

Critical vuln flew under the radar for a decade A recently disclosed critical vulnerability in the GNU InetUtils telnet daemon (telnetd) is “trivial” to exploit, experts say.… Continue reading Ancient telnet bug happily hands out root to attackers→

The critical-rated flaw leaves unpatched systems open to full takeover Cisco has finally shipped a fix for a critical-rated zero-day in its Unified Communications gear, a flaw that’s already being weaponized in the wild, and which CISA previously flagg… Continue reading Another week, another emergency patch as Cisco plugs Unified Comms zero-day→