Author Archives: John Leyden

Exploit hasn’t been picked up by any malware detection engines, CEO tells The Reg A Microsoft zero-day vulnerability that allows an unprivileged user to crash the Windows Remote Access Connection Manager (RasMan) service now has a free, unofficial patc… Continue reading Microsoft RasMan DoS 0-day gets unofficial patch – and a working exploit→

And the earlier React2Shell patch is vulnerable If you’re running React Server Components, you just can’t catch a break. In addition to already-reported flaws, newly discovered bugs allow attackers to hang vulnerable servers and potentially leak Server… Continue reading New React vulns leak secrets, invite DoS attacks→

Critical vulnerabilities found in third-party applications eligible for award under ‘in scope by default’ move Microsoft is overhauling its bug bounty program to reward exploit hunters for finding vulnerabilities across all its products and services, e… Continue reading Microsoft promises more bug payouts, with or without a bounty program→

Justice Department alleges federal auditors were misled over compliance with FedRAMP and DoD requirements The US is suing a former senior manager at Accenture for allegedly misleading the government about the security of an Army cloud platform.… Continue reading Uncle Sam sues ex-Accenture manager over Army cloud security claims→

Rights groups say digital-only record is leaking data and courting trouble Civil society groups are urging the UK’s data watchdog to investigate whether the Home Office’s digital-only eVisa scheme is breaching GDPR, sounding the alarm about systemic da… Continue reading UK watchdog urged to probe GDPR failures in Home Office eVisa rollout→

Wiz says React2Shell attacks accelerating, ranging from cryptominers to state-linked crews Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more th… Continue reading Half of exposed React servers remain unpatched amid active exploitation→

Judge said his fraud was on ‘epic, generational scale’ Terraform Labs founder Do Kwon will spend 15 years in jail after pleading guilty to committing fraud.… Continue reading Crypto-crasher Do Kwon jailed for 15 years over $40bn UST bust→

Operators accidentally left a way for you to get your data back CyberVolk, a pro-Russian hacktivist crew, is back after months of silence with a new ransomware service. There’s some bad news and some good news here.… Continue reading Russian hackers debut simple ransomware service, but store keys in plain text→

No details, no CVE, update your browser now Google issued an emergency fix for a Chrome vulnerability already under exploitation, which marks the world’s most popular browser’s eighth zero-day bug of 2025.… Continue reading Google fixes super-secret 8th Chrome 0-day→

UK data regulator says failures were unacceptable for a company managing the world’s passwords The UK’s Information Commissioner’s Office (ICO) says LastPass must cough up £1.2 million ($1.6 million) after its two-part 2022 data breach compromised info… Continue reading LastPass hammered with £1.2M fine for 2022 breach fiasco→