Jessica Lyons
@jessicalyons.bsky.social
Cybersecurity editor @theregister.com Contact me with tips: jessica.lyons@theregister.com or jess.825 on Signal
Mama bear, book worm, outdoor lover, coffee and wine snob. PNW after decades in Santa Cruz but Blazers fan always.
Mama bear, book worm, outdoor lover, coffee and wine snob. PNW after decades in Santa Cruz but Blazers fan always.
BREAKING: The US Cybersecurity and Infrastructure Security Agency won't attend the annual RSA Conference in March, an agency spokesperson confirmed to The Register.
CISA won't attend infosec industry's biggest conference
exclusive: But ex-CISA boss and new RSAC CEO Jen Easterly will be there
www.theregister.com
January 24, 2026 at 12:27 AM
BREAKING: The US Cybersecurity and Infrastructure Security Agency won't attend the annual RSA Conference in March, an agency spokesperson confirmed to The Register.
ShinyHunters has claimed responsibility for an Okta voice-phishing campaign during which the extortionist crew allegedly gained access to Crunchbase and Betterment.
ShinyHunters claims Okta customer breaches, leaks data
: 'A lot more' victims to come, we're told
www.theregister.com
January 23, 2026 at 7:19 PM
ShinyHunters has claimed responsibility for an Okta voice-phishing campaign during which the extortionist crew allegedly gained access to Crunchbase and Betterment.
Now if ICE would just stop shooting people... www.theregister.com/2026/01/09/h...
January 12, 2026 at 5:23 PM
Now if ICE would just stop shooting people... www.theregister.com/2026/01/09/h...
Reposted by Jessica Lyons
I can now die a satisfied man. I've been quoted in the NYTimes before, but never in The Register (my absolute favorite IT tabloid). Today I was quoted in The Reg. Thank you @jessicalyons.bsky.social for letting me contribute to your article - www.theregister.com/2026/01/08/c...
CrowdStrike buys SGNL, identity security startup, for $740M
: Authentication is basically solved. Authorization is another thing entirely...
www.theregister.com
January 9, 2026 at 1:55 AM
I can now die a satisfied man. I've been quoted in the NYTimes before, but never in The Register (my absolute favorite IT tabloid). Today I was quoted in The Reg. Thank you @jessicalyons.bsky.social for letting me contribute to your article - www.theregister.com/2026/01/08/c...
BREAKING: ESA confirmed yet another massive security breach, and told me via @theregister.com that the data thieves responsible will be subject to a criminal investigation.
European Space Agency initiates criminal probe into breach
exclusive: Two weeks, two major data leaks … not a good look for the European Space Agency
www.theregister.com
January 7, 2026 at 6:13 PM
BREAKING: ESA confirmed yet another massive security breach, and told me via @theregister.com that the data thieves responsible will be subject to a criminal investigation.
This story illustrates the importance of transparency and clear communication when it comes to bug bounties. If we want ethical hackers to report vulns so they can be fixed before the criminals find and exploit them, bug bounties need to keep their end of the bargain.
HackerOne 'ghosted' me over $8,500 bounty: Researcher
: Long after CVEs issued and open source flaws fixed
www.theregister.com
January 7, 2026 at 6:11 PM
This story illustrates the importance of transparency and clear communication when it comes to bug bounties. If we want ethical hackers to report vulns so they can be fixed before the criminals find and exploit them, bug bounties need to keep their end of the bargain.
A cybercrook claims to have breached Pickett and Associates, a Florida-based engineering firm whose clients include major US utilities, and is selling what they claim to be about 139 GB of engineering data about Tampa Electric Company, Duke Energy Florida, and American Electric Power.
Cybercrook claims to sell critical info about utilities
: For the bargain price of 6.5 bitcoin
www.theregister.com
January 2, 2026 at 6:47 PM
A cybercrook claims to have breached Pickett and Associates, a Florida-based engineering firm whose clients include major US utilities, and is selling what they claim to be about 139 GB of engineering data about Tampa Electric Company, Duke Energy Florida, and American Electric Power.
I sat down (virtually) with Remedio CEO Tal Kollender to discuss her former life hacking video games and how that led her to start a security company that uses AI to defend against AI.
Remedio CEO: If you don't think like a hacker, you won't win
interview: In supercharged AI race, defenders need to keep up
www.theregister.com
January 2, 2026 at 6:08 PM
I sat down (virtually) with Remedio CEO Tal Kollender to discuss her former life hacking video games and how that led her to start a security company that uses AI to defend against AI.
"In my past life, it would take us 360 days to develop an amazing zero day," Zafran Security CEO Sanaz Yashar told me via @theregister.com. I had a great conversation with the former "hacking architect" whose startup uses AI to map and manage companies' threat exposure - you can read it all here:
Spy turned startup CEO: 'The WannaCry of AI will happen'
Interview: Ah, the good old days when 0-day development took a year
www.theregister.com
December 22, 2025 at 7:50 PM
"In my past life, it would take us 360 days to develop an amazing zero day," Zafran Security CEO Sanaz Yashar told me via @theregister.com. I had a great conversation with the former "hacking architect" whose startup uses AI to map and manage companies' threat exposure - you can read it all here:
"I view this as a canary in the coal mine," Tea co-founder Tim Lewis told me via @theregister.com
CEO spills the Tea about massive token farming campaigns
interview: Plus: automated SBOMs, $250,000 bounties ahead
www.theregister.com
December 18, 2025 at 11:07 PM
"I view this as a canary in the coal mine," Tea co-founder Tim Lewis told me via @theregister.com
Shiny Hunters claims to be behind the breach, while Mixpanel tells us a Pornhub parent company employee - not the analytics provider - last accessed the stolen data: "If this data is in the hands of an unauthorized party, we do not believe that is the result of a security incident at Mixpanel."
Analytics provider: We didn't expose stolen smut data
: An employee of the adult site could be responsible.
www.theregister.com
December 16, 2025 at 10:07 PM
Shiny Hunters claims to be behind the breach, while Mixpanel tells us a Pornhub parent company employee - not the analytics provider - last accessed the stolen data: "If this data is in the hands of an unauthorized party, we do not believe that is the result of a security incident at Mixpanel."
At least five more Chinese spy crews, Iran-linked goons, and financially motivated criminals are now attacking React2Shell, according to Google's threat intel team.
React2Shell vuln exploited by China, Iran, Google warns
: Who hasn't exploited this max-severity flaw?
www.theregister.com
December 15, 2025 at 8:41 PM
At least five more Chinese spy crews, Iran-linked goons, and financially motivated criminals are now attacking React2Shell, according to Google's threat intel team.
If you're running React Server Components, you just can't catch a break. In addition to already-reported flaws, newly discovered bugs allow attackers to hang vulnerable servers and potentially leak Server Function source code, so anyone using RSC or frameworks that support it should patch quickly.
New React vulns leak secrets, invite DoS attacks
: And the earlier React2Shell patch is vulnerable
www.theregister.com
December 12, 2025 at 6:27 PM
If you're running React Server Components, you just can't catch a break. In addition to already-reported flaws, newly discovered bugs allow attackers to hang vulnerable servers and potentially leak Server Function source code, so anyone using RSC or frameworks that support it should patch quickly.
Attackers are actively exploiting a zero-day bug in Gogs, a popular self-hosted Git service, and the open source project doesn't yet have a fix.
700+ self-hosted Git instances battered in 0-day attacks
: More than half of internet-exposed instances already compromised
www.theregister.com
December 10, 2025 at 9:49 PM
Attackers are actively exploiting a zero-day bug in Gogs, a popular self-hosted Git service, and the open source project doesn't yet have a fix.
A Ukrainian woman accused of hacking US public drinking water systems and a meat processing facility on behalf of Kremlin-backed cyber groups was extradited to the US earlier this year and will stand trial in early 2026.
US extradites Ukrainian accused of hacking for Russia
: The digital intrusion allegedly caused thousands of pounds of meat to spoil and triggered an ammonia leak in the facility
www.theregister.com
December 10, 2025 at 5:59 PM
A Ukrainian woman accused of hacking US public drinking water systems and a meat processing facility on behalf of Kremlin-backed cyber groups was extradited to the US earlier this year and will stand trial in early 2026.
Imagine botnets in physical form and you've got a pretty good idea of what could go wrong with the influx of AI-infused humanoid robots expected to integrate into society over the next few decades. I spoke with Insikt Group risk guru Joseph Rooke about this (slightly horrifying) future.
'Botnets in physical form' are top humanoid robot risk
Interview: Have we learned nothing from sci-fi films and TV shows?
www.theregister.com
December 9, 2025 at 3:48 PM
Imagine botnets in physical form and you've got a pretty good idea of what could go wrong with the influx of AI-infused humanoid robots expected to integrate into society over the next few decades. I spoke with Insikt Group risk guru Joseph Rooke about this (slightly horrifying) future.
"We believe dozens of organizations in the US have been impacted by Brickstorm, not including downstream victims," Google Threat Intelligence Group principal analyst Austin Larsen told me via @theregister.com
PRC spies Brickstromed their way into critical US networks
: 'Dozens' of US orgs infected
www.theregister.com
December 4, 2025 at 10:31 PM
"We believe dozens of organizations in the US have been impacted by Brickstorm, not including downstream victims," Google Threat Intelligence Group principal analyst Austin Larsen told me via @theregister.com
Vetting staff who handle sensitive government systems is wise, and so is cutting off their access the moment they're fired. A federal contractor learned this the hard way when twins previously convicted of hacking-related offenses allegedly used lingering access to delete 96 government databases.
Twin brothers charged with deleting 96 US govt databases
: And then they asked an AI to help cover their tracks
www.theregister.com
December 4, 2025 at 10:28 PM
Vetting staff who handle sensitive government systems is wise, and so is cutting off their access the moment they're fired. A federal contractor learned this the hard way when twins previously convicted of hacking-related offenses allegedly used lingering access to delete 96 government databases.
Afraid of connecting to public Wi-Fi? Terrified to turn your Bluetooth on? You may be falling for "hacklore." Dozens of CISOs and ex-CISA officials have launched an effort to dispel these myths and show you how not to get hacked for real.
Ex-CISA officials, CISOs aim to stop the spread of hacklore
: Don't believe everything you read
www.theregister.com
November 25, 2025 at 3:49 PM
Afraid of connecting to public Wi-Fi? Terrified to turn your Bluetooth on? You may be falling for "hacklore." Dozens of CISOs and ex-CISA officials have launched an effort to dispel these myths and show you how not to get hacked for real.
A series of "trivial-to-exploit" vulnerabilities in Fluent Bit, an open source log collection tool that runs in every major cloud and AI lab, was left open for years, giving attackers an exploit chain to completely disrupt cloud services and alter data.
Years-old bugs in open source took out major clouds at risk
: Fluent Bit has 15B+ deployments … and 5 newly assigned CVEs
www.theregister.com
November 25, 2025 at 2:37 PM
A series of "trivial-to-exploit" vulnerabilities in Fluent Bit, an open source log collection tool that runs in every major cloud and AI lab, was left open for years, giving attackers an exploit chain to completely disrupt cloud services and alter data.
EXCLUSIVE: ShinyHunters claimed responsibility for the Gainsight breach that allowed the data thieves to snarf data from hundreds more Salesforce customers: "We've had access to Gainsight for nearly 3 months."
ShinyHunters 'does not like Salesforce at all'
EXCLUSIVE: 'I have compromised other known OAuth apps,' Shiny tells The Reg
www.theregister.com
November 21, 2025 at 7:34 PM
EXCLUSIVE: ShinyHunters claimed responsibility for the Gainsight breach that allowed the data thieves to snarf data from hundreds more Salesforce customers: "We've had access to Gainsight for nearly 3 months."
“This activity is likely related to UNC6240 (aka ShinyHunters),” Google Threat Intelligence Group’s principal analyst Austin Larsen told me via @theregister.com, adding that the threat hunters are “aware of more than 200 potentially affected Salesforce instances.”
Salesforce flags another third-party security incident
: They keep coming back for more
www.theregister.com
November 20, 2025 at 9:55 PM
“This activity is likely related to UNC6240 (aka ShinyHunters),” Google Threat Intelligence Group’s principal analyst Austin Larsen told me via @theregister.com, adding that the threat hunters are “aware of more than 200 potentially affected Salesforce instances.”
There's a "new operational model that's neither traditional cyber attack nor conventional warfare," @Amazon Chief Security Officer Steve Schmidt told me via @theregister.com. "The targeting data collected through cyber means flows directly into kinetic decision making."
Countries use cyber targeting to plan strikes: Amazon CSO
interview: And companies are getting caught in the crossfire
www.theregister.com
November 19, 2025 at 7:10 PM
There's a "new operational model that's neither traditional cyber attack nor conventional warfare," @Amazon Chief Security Officer Steve Schmidt told me via @theregister.com. "The targeting data collected through cyber means flows directly into kinetic decision making."
"The attackers have reached every Ray server we manually inspected, and their activity has been ongoing for weeks," Oligo researcher Avi Lumelsky told me via @theregister.com
Self-replicating botnet attacks Ray clusters
: Using AI to attack AI
www.theregister.com
November 18, 2025 at 11:16 PM
"The attackers have reached every Ray server we manually inspected, and their activity has been ongoing for weeks," Oligo researcher Avi Lumelsky told me via @theregister.com
"For four months, I had concrete evidence that attackers possessed detailed Coinbase customer data," security researcher Jonathan Clark said.
Security researcher calls BS on Coinbase breach timeline
: Claims he reported the attack in January after fraudsters tried to scam him
www.theregister.com
November 17, 2025 at 8:00 PM
"For four months, I had concrete evidence that attackers possessed detailed Coinbase customer data," security researcher Jonathan Clark said.