Author Archives: John Leyden

Plus: Court papers reveal nonprofit paid a ransom worth nearly $26.8 million The third of three former ransomware negotiators accused of assisting the ALPHV/BlackCat ransomware gang in extorting US businesses has pleaded guilty, months after his two co… Continue reading Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords→

CEO suspects silicon sidekick behind ‘surprising velocity’ breach – cyber crims shop stolen data for $2M Vercel’s CEO reckons the crooks behind its recent breach likely had a helping hand from AI, saying the attackers moved with “surprising velocity” a… Continue reading AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account→

Mexican IT services firm admits it was hacked, but says client operations weren’t affected A Mexican IT infrastructure and digital transformation biz is on clean-up duty after a criminal posted screenshots of what they claimed was company video surveil… Continue reading Crook claims to leak ‘video surveillance footage’ of companies→

No facial recognition privacy intrusions either! Well, maybe a little London’s Metropolitan Police is trialing new retail technology to help curtail the city’s pervasive shoplifting problem… and it doesn’t rely on live facial recognition (LFR).… Continue reading Met police trials snoop tech platform in push to cuff more London shoplifters→

Fake emails already doing the rounds as ransomware crew boasts about what it allegedly stole UK enterprise software consultancy The Adaptavist Group is investigating a security breach after an intruder logged in with stolen credentials, while a ransomw… Continue reading Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul→

Admins are tired of taking photos, so this enables secure on-site unattended enrolment Japanese industrial giant Panasonic has created a new form of QR code it says will only work on designated devices and environments.… Continue reading Panasonic creates device-locked QR codes to speed facial biometric capture→

And China is loving it Iranian media is claiming that the US used backdoors and/or botnets to disable networking equipment during the current war, and Chinese state media is dining out on the allegations.… Continue reading Iran claims US used backdoors to knock out networking equipment during war→

A lesson in how not to respond to vulnerability reports UPDATED  Vibe-coding platform Lovable is pooh-poohing a researcher’s finding that anyone could open a free account on the service and read other users’ sensitive info, including credentials, chat … Continue reading Vibe coding upstart Lovable denies data leak, cites ‘intentional behavior,’ then throws HackerOne under the bus→

Installation and pre-approval without consent looks dubious under EU law One app should not modify another app without asking for and receiving your explicit consent. Yet Anthropic’s Claude Desktop for macOS installs files that affect other vendors’ ap… Continue reading Claude Desktop changes app access settings for browsers you don’t even have installed yet→

Tyler Buchanan admits role in scheme that stole at least $8 million in virtual currency A Scottish man linked to the Scattered Spider cybercrime crew has pleaded guilty in the US to a phishing and SIM-swap scheme that stole at least $8 million in crypt… Continue reading Scot becomes second Scattered Spider-linked crook to plead guilty in US→