Author Archives: John Leyden

Long after CVEs issued and open source flaws fixed Last fall, Jakub Ciolek reported two denial-of-service bugs in Argo CD, a popular Kubernetes controller, via HackerOne’s Internet Bug Bounty (IBB) program. Both were assigned CVEs and have since been f… Continue reading HackerOne ‘ghosted’ me for months over $8,500 bug bounty, says researcher→

Crimson Collective claims ‘sophisticated attack’ Internet service provider Brightspeed confirmed that it’s investigating criminals’ claims that they stole more than a million customers’ records and have listed them for sale for three bitcoin, or about … Continue reading Brightspeed investigates breach as crims post stolen data for sale→

Phishers posing as Booking.com use panic-inducing blue screens to bypass security controls Russia-linked hackers are sneaking malware into European hotels and other hospitality outfits by tricking staff into installing it themselves through fake Window… Continue reading Fake Windows BSODs check in at Europe’s hotels to con staff into running malware→

Order and contact details accessed via ecommerce partner, and phishing has begun Blockchain security biz Ledger says customer information was accessed in a breach at its ecommerce payment partner Global-e, and is warning that other brands using the pla… Continue reading Crypto wallet shop Ledger confirms customer data lifted in Global-e snafu→

Phones, email, and core systems knocked out at Higham Lane in Nuneaton Students at a school in Warwickshire, England, have scored an extended Christmas break after a cyberattack crippled its IT systems, forcing classrooms to close and staff to summon g… Continue reading Students bag extended Christmas break after cyber hit on school IT→

Central government will supposedly be as secure as energy facilities and datacenters under new proposals The UK today launches its Government Cyber Action Plan, committing £210 million ($282 million) to strengthen defenses across digital public service… Continue reading UK injects just £210M into cyber plan to stop Whitehall getting pwnd→

Crim used infostealer to get cloud credentials If you don’t say “yes way” to MFA, the consequences can be disastrous. Sensitive data belonging to about 50 global enterprises is listed for sale – and, in some cases, has already been sold – on the dark w… Continue reading One criminal, 50 hacked organizations, and all because MFA wasn’t turned on→

A subpoena has been issued, apparently Resecurity offered its “congratulations” to the Scattered Lapsus$ Hunters cybercrime crew for falling into its threat intel team’s honeypot – resulting in a subpoena being issued for one of the data thieves. Meanw… Continue reading Congrats, cybercrims: You just fell into a honeypot→

CEO Nikesh Arora’s trip to Tel Aviv last month sparked rumors. Palo Alto Networks is on shopping spree. The company is reportedly considering a $400 million purchase of Israeli cybersecurity start up Koi, which raised $48 million in funding last year. … Continue reading Playing Koi: Palo Alto isn’t saying if it will buy security start-up→

It’s January 2026, and Google is finding innovative new ways to make one of its services worse Important news for Gmail power users: Google is dropping the feature whereby Gmail can collect mail from other email accounts over POP3.… Continue reading Gmail preparing to drop POP3 mail fetching→