About

John Leyden, Journalist

@jleyden

John Leyden has written about networking and security for more than 20 years. Prior to the advent of the interwebs he worked as a crime reporter at a local newspaper in Manchester. John holds a degree in electronic engineering from City University, London.

Get in touch
Bug Bounty Radar // The latest bug bounty programs for March 202328 February 2023 at 19:15 UTCCisco ClamAV anti-malware scanner vulnerable to serious security flaw22 February 2023 at 14:23 UTCDeserialized web security roundup: KeePass dismisses ‘vulnerability’ report, OpenSSL gets patched, and Reddit admits phishing hack10 February 2023 at 16:30 UTCGoogle engineers plot to mitigate prototype pollution06 February 2023 at 15:57 UTCBitwarden responds to encryption design flaw criticism25 January 2023 at 15:47 UTCIoT vendors faulted for slow progress in setting up vulnerability disclosure programs24 January 2023 at 13:22 UTCPopular password managers auto-filled credentials on untrusted websites20 January 2023 at 12:09 UTCSquaring the CircleCI: DevOps platform publishes post-mortem on recent breach16 January 2023 at 16:07 UTCThreema disputes crypto flaws disclosure, prompts security flap11 January 2023 at 15:41 UTCDevs urged to rotate secrets after CircleCI suffers security breach05 January 2023 at 14:38 UTCDeserialized web security roundup – Fortinet, Citrix bugs; another Uber breach; hacking NFTs at Black Hat 16 December 2022 at 17:43 UTCBlack Hat Europe redux: The top web hacking talks for 202212 December 2022 at 17:23 UTCJSON syntax hack allowed SQL injection payloads to be smuggled past WAFs09 December 2022 at 13:17 UTCBlack Hat Europe 2022: A defendable internet is possible, but only with industry makeover07 December 2022 at 15:19 UTCBug Bounty Radar // The latest bug bounty programs for December 202201 December 2022 at 12:39 UTCIntel disputes seriousness of Data Centre Manager authentication flaw29 November 2022 at 16:30 UTCMastodon vulnerable to multiple system configuration problems22 November 2022 at 15:23 UTCHackerOne encourages customers to adopt standard policy to protect hackers from legal problems17 November 2022 at 15:27 UTCZendesk Explore flaws opened the door to account pillage15 November 2022 at 16:10 UTCGoogle Pixel screen-lock hack earns researcher $70k10 November 2022 at 16:14 UTCBoffins rekindle one-time program cryptographic concept04 November 2022 at 14:13 UTCOpenSSL vulnerability downgraded to ‘high’ severity01 November 2022 at 18:54 UTCUpcoming ‘critical’ OpenSSL update prompts feverish speculation28 October 2022 at 14:31 UTCHyperSQL DataBase flaw leaves library vulnerable to RCE24 October 2022 at 14:46 UTCHidden DNS resolver insecurity creates widespread website hijack risk11 October 2022 at 10:51 UTCPatching common vulnerabilities at scale: project promises bulk pull requests29 September 2022 at 13:46 UTCWeb security flaw in Sophos Firewall patched26 September 2022 at 14:02 UTCUber hack linked to hardcoded secrets spotted in PowerShell script16 September 2022 at 15:26 UTCWAPPLES web application firewall faulted for multiple flaws15 September 2022 at 14:43 UTCLet’s Encrypt builds infrastructure to support browser-based certificate revocation revival13 September 2022 at 14:39 UTCVendor disputes seriousness of firewall plugin RCE flaw08 September 2022 at 16:48 UTCA rough guide to launching a career in cybersecurity07 September 2022 at 13:59 UTCIT industry guilty of ‘lack of imagination’ in failure to anticipate cyber-attack evolution12 August 2022 at 15:13 UTCThe best Black Hat and DEF CON talks of all time08 August 2022 at 13:38 UTC‘Password extraction risk’ in identity provider Okta disputed19 July 2022 at 15:00 UTCFantasy Premier League football app introduces 2FA to tackle account takeover hacks15 July 2022 at 14:10 UTCPost-quantum cryptography hits standardization milestone11 July 2022 at 15:02 UTCUntrusted types: Researcher demos trick to beat Trusted Types protection in Google Chrome27 June 2022 at 15:25 UTCOne in every 13 incidents blamed on API insecurity – report22 June 2022 at 16:41 UTCSingle largest disclosure for vulnerabilities in industrial control security reveals 56 flaws21 June 2022 at 16:30 UTC