Author Archives: John Leyden

Leak-site bragging meets breach hunters as Have I Been Pwned flags millions of records Carnival Corporation, the world’s largest cruise company, is dealing with choppy waters after Have I Been Pwned flagged what it claimed were 7.5 million unique email… Continue reading ShinyHunters claim they have cruise giant Carnival’s booty as 7.5M emails surface→

Latest in long-running pwning of Cisco kit found in mystery Fed agency A US federal agency was successfully targeted by a previously unknown backdoor malware called Firestarter, according to CISA cybersnoops and their UK counterparts – neither of which… Continue reading Governments on high alert after CISA snuffs out Firestarter backdoor on fed network→

One way to deal with bug hunting LLMs: ditch the old drivers One tactic to deal with LLM-powered vulnerability detection is simple – just speed up the removal of old code. If it’s gone, it no longer matters if it’s buggy.… Continue reading More ancient Linux device support faces the chop→

Chipzilla hopes agents, robots, and edge devices make CPUs cool again… now it has to build the chips Intel is betting on AI to reverse its fortunes, wagering that inference and agentic workloads will restore the CPU to the center of compute – even as… Continue reading Intel bets the farm on AI inference to drag CPU back to the top table→

Ailing scaling blamed by Windows-maker for unreadable missives Microsoft’s update to harden Remote Desktop against phishing attacks has arrived. When users open a Remote Desktop (.rdp) file, they should now see a warning listing all requested connectio… Continue reading Microsoft beefs up Remote Desktop security with … hard-to-read messages→

OpenAI’s first security hire, Ari Herbert-Voss, thinks more automated bug finding will improve security without costing jobs Black Hat Asia  Open source models can find bugs as effectively as Anthropic’s Mythos, according to Ari Herbert-Voss, CEO of AI… Continue reading It’s a myth that you need Mythos to find bugs: Open source models can do it just as well→

Missed flights and more means something has got to give at the border Greece is taking a flexible approach to introducing the European Union’s biometric Entry/Exit System (EES), after some British passport holders missed flights home following the syst… Continue reading Greece relaxes Euro biometric border entry rules amid airport chaos→

Nothing says ‘We want honest opinions’ like a 36,000-letter mailshot with no awkward questions allowed Members of the UK government’s People’s Panel on Digital ID will spend two weekends in Birmingham and three evenings on Zoom discussing how Britain s… Continue reading UK gov pays public £550 to discuss Digital ID – then bans journalists from the room→

FAST16 could be the first cyberweapon, and its effects could be with us today Black Hat Asia  Infosec outfit SentinelOne found malware that tries to induce errors in engineering and physics simulation software and therefore represents an attempt at sab… Continue reading Researchers find cyber-sabotage malware that may predate Stuxnet by five years→

Demonstrated in China, probably applicable elsewhere Black Hat Asia  Developers of rented internet of things infrastructure – stuff like public EV chargers and shared e-bikes – are prioritizing user convenience over security, and leaving themselves exp… Continue reading Weak security means attackers could disable all of a city’s public EV chargers→