Jessica Lyons
@jessicalyons.bsky.social
Cybersecurity editor @theregister.com Contact me with tips: jessica.lyons@theregister.com or jess.825 on Signal
Mama bear, book worm, outdoor lover, coffee and wine snob. PNW after decades in Santa Cruz but Blazers fan always.
Mama bear, book worm, outdoor lover, coffee and wine snob. PNW after decades in Santa Cruz but Blazers fan always.
EXCLUSIVE: ShinyHunters claimed responsibility for the Gainsight breach that allowed the data thieves to snarf data from hundreds more Salesforce customers: "We've had access to Gainsight for nearly 3 months."
ShinyHunters 'does not like Salesforce at all'
EXCLUSIVE: 'I have compromised other known OAuth apps,' Shiny tells The Reg
www.theregister.com
November 21, 2025 at 7:34 PM
EXCLUSIVE: ShinyHunters claimed responsibility for the Gainsight breach that allowed the data thieves to snarf data from hundreds more Salesforce customers: "We've had access to Gainsight for nearly 3 months."
“This activity is likely related to UNC6240 (aka ShinyHunters),” Google Threat Intelligence Group’s principal analyst Austin Larsen told me via @theregister.com, adding that the threat hunters are “aware of more than 200 potentially affected Salesforce instances.”
Salesforce flags another third-party security incident
: They keep coming back for more
www.theregister.com
November 20, 2025 at 9:55 PM
“This activity is likely related to UNC6240 (aka ShinyHunters),” Google Threat Intelligence Group’s principal analyst Austin Larsen told me via @theregister.com, adding that the threat hunters are “aware of more than 200 potentially affected Salesforce instances.”
There's a "new operational model that's neither traditional cyber attack nor conventional warfare," @Amazon Chief Security Officer Steve Schmidt told me via @theregister.com. "The targeting data collected through cyber means flows directly into kinetic decision making."
Countries use cyber targeting to plan strikes: Amazon CSO
interview: And companies are getting caught in the crossfire
www.theregister.com
November 19, 2025 at 7:10 PM
There's a "new operational model that's neither traditional cyber attack nor conventional warfare," @Amazon Chief Security Officer Steve Schmidt told me via @theregister.com. "The targeting data collected through cyber means flows directly into kinetic decision making."
"The attackers have reached every Ray server we manually inspected, and their activity has been ongoing for weeks," Oligo researcher Avi Lumelsky told me via @theregister.com
Self-replicating botnet attacks Ray clusters
: Using AI to attack AI
www.theregister.com
November 18, 2025 at 11:16 PM
"The attackers have reached every Ray server we manually inspected, and their activity has been ongoing for weeks," Oligo researcher Avi Lumelsky told me via @theregister.com
"For four months, I had concrete evidence that attackers possessed detailed Coinbase customer data," security researcher Jonathan Clark said.
Security researcher calls BS on Coinbase breach timeline
: Claims he reported the attack in January after fraudsters tried to scam him
www.theregister.com
November 17, 2025 at 8:00 PM
"For four months, I had concrete evidence that attackers possessed detailed Coinbase customer data," security researcher Jonathan Clark said.
Yet another supply chain attack has hit the npm registry in what @awscloud.bsky.social describes as "one of the largest package flooding incidents in open source registry history." But instead of injecting credential-stealing code or ransomware, this one is a token farming campaign.
Crims flood npm with 150K+ junk packages to farm TEA tokens
: Amazon spilled the TEA
www.theregister.com
November 14, 2025 at 8:28 PM
Yet another supply chain attack has hit the npm registry in what @awscloud.bsky.social describes as "one of the largest package flooding incidents in open source registry history." But instead of injecting credential-stealing code or ransomware, this one is a token farming campaign.
Instead of paying a ransom demand after getting hit by extortionists last week, payment services provider Checkout.com donated the demanded amount to fund cybercrime research.
Ransomed CTO falls on sword, refuses to pay extortion demand
: Checkout.com will instead donate the amount to fund cybercrime research
www.theregister.com
November 13, 2025 at 11:59 PM
Instead of paying a ransom demand after getting hit by extortionists last week, payment services provider Checkout.com donated the demanded amount to fund cybercrime research.
Digital rights activist Esra'a Al Shafei found FinFisher spyware on her device more than a decade ago. Now she's made it her mission to surveil the companies providing surveillanceware, their customers, and their funders.
Mozilla fellow Esra'a Al Shafei watches the watchers
interview: Esra'a Al Shafei spoke with The Reg about the spy tech 'global trade'
www.theregister.com
November 12, 2025 at 10:06 PM
Digital rights activist Esra'a Al Shafei found FinFisher spyware on her device more than a decade ago. Now she's made it her mission to surveil the companies providing surveillanceware, their customers, and their funders.
too much time on their hands during the shutdown?
The FBI is trying to unmask the owner of infamous archiving site Archive.is, according to a subpoena the site posted. No other information given, the site quietly posted the document a few days ago. FBI telling domain registrar to hand over all sorts of ID'ing info
www.404media.co/fbi-tries-to...
www.404media.co/fbi-tries-to...
FBI Tries to Unmask Owner of Infamous Archive.is Site
The FBI has subpoenaed the domain registrar of archive.today, demanding information about the owner.
www.404media.co
November 6, 2025 at 3:39 PM
too much time on their hands during the shutdown?
A ransomware negotiator and an incident response manager at two separate cybersecurity firms have been indicted for allegedly carrying out ransomware attacks of their own against multiple US companies.
Rogue ransomware negotiators accused of extortion attacks
: Rogues committed extortion while working for infosec firms
www.theregister.com
November 3, 2025 at 10:20 PM
A ransomware negotiator and an incident response manager at two separate cybersecurity firms have been indicted for allegedly carrying out ransomware attacks of their own against multiple US companies.
Hacking makes the holidays so much more enjoyable, and nothing says trick or treat quite like pwning LED Halloween masks belonging to every neighborhood kid during candy-collection hours.
Hacking LED Halloween masks is frighteningly easy
: No costume idea? We've got you covered
www.theregister.com
October 30, 2025 at 10:08 PM
Hacking makes the holidays so much more enjoyable, and nothing says trick or treat quite like pwning LED Halloween masks belonging to every neighborhood kid during candy-collection hours.
EXCLUSIVE: A critical, currently unpatched bug in Chromium's Blink rendering engine can be abused to crash many Chromium-based browsers within seconds, causing a denial-of-service condition – and, in some tests, freezing the host system.
Security hole slams Chromium browsers - no fix yet
Exclusive: Edge, Atlas, Brave among those affected
www.theregister.com
October 29, 2025 at 8:28 PM
EXCLUSIVE: A critical, currently unpatched bug in Chromium's Blink rendering engine can be abused to crash many Chromium-based browsers within seconds, causing a denial-of-service condition – and, in some tests, freezing the host system.
A new Android malware strain, Herodotus, steals credentials, logs keystrokes, streams victims' screens, and hijacks input - but with a twist: it mimics human typing by adding random delays between keystrokes to evade behavioral fraud detection systems.
Android malware uses random text delays to look more human
Updated: By appearing more human, it evades detection
www.theregister.com
October 29, 2025 at 8:26 PM
A new Android malware strain, Herodotus, steals credentials, logs keystrokes, streams victims' screens, and hijacks input - but with a twist: it mimics human typing by adding random delays between keystrokes to evade behavioral fraud detection systems.
Researcher Adam Logue discovered the data-stealing exploit, which abuses M365 Copilot's built-in support for Mermaid diagrams and tricks the AI assistant into stealing sensitive tenant data – like emails – via indirect prompt injection. www.theregister.com/2025/10/24/m...
Sneaky Mermaid attack in Microsoft 365 Copilot steals data
: Redmond says it's fixed this particular indirect prompt injection vuln
www.theregister.com
October 24, 2025 at 9:56 PM
Researcher Adam Logue discovered the data-stealing exploit, which abuses M365 Copilot's built-in support for Mermaid diagrams and tricks the AI assistant into stealing sensitive tenant data – like emails – via indirect prompt injection. www.theregister.com/2025/10/24/m...
ATTN: Reporters looking for work who are willing to bite the hand that feeds IT - come work with me at The Reg!
US reporter
Join team Vulture! The Register is seeking a US reporter to follow in our long tradition of biting the hand that feeds IT.
This reporter will be focused on cloud providers, SaaS, and/or AI, with the ...
sitpub.bamboohr.com
October 24, 2025 at 2:54 PM
ATTN: Reporters looking for work who are willing to bite the hand that feeds IT - come work with me at The Reg!
"They didn't wake up and decide to become hackers," Joe Sullivan told me. "A lot of it is that they are coming out of the gaming culture, and it doesn't celebrate winning by the rules. It celebrates winning, period."
Ex-Uber CSO talks teen cyber crims, CISO role with The Reg
interview: Meanwhile Sullivan's legal battle continues
www.theregister.com
October 23, 2025 at 9:04 PM
"They didn't wake up and decide to become hackers," Joe Sullivan told me. "A lot of it is that they are coming out of the gaming culture, and it doesn't celebrate winning by the rules. It celebrates winning, period."
China accused the American spy agency of deploying a "cyber warfare platform" and activating "42 specialized cyberattack weapons to launch a high-intensity cyberattack against multiple internal NTSC network systems" between August 2023 and June 2024.
China accuses US of cyberattacks after alleged NSA hack
: 'US is … the greatest source of chaos in cyberspace'
www.theregister.com
October 20, 2025 at 9:32 PM
China accused the American spy agency of deploying a "cyber warfare platform" and activating "42 specialized cyberattack weapons to launch a high-intensity cyberattack against multiple internal NTSC network systems" between August 2023 and June 2024.
Dark day indeed. Democracy requires a free press.
“The Defense Department has confiscated the badges of the Pentagon reporters from virtually every major media organization in America,” the Pentagon Press Association said
October 16, 2025 at 6:39 PM
Dark day indeed. Democracy requires a free press.
An unidentified nation-state hacking crew targeting vulnerable F5 products to break into US government networks poses an "imminent risk" to federal agencies, American cyber officials warned on Wednesday – while also blaming Democrats for the ongoing government shutdownl.
CISA exec blames hackers, Democrats for network risk
: Federal agencies have seven days to patch F5 products
www.theregister.com
October 16, 2025 at 1:53 PM
An unidentified nation-state hacking crew targeting vulnerable F5 products to break into US government networks poses an "imminent risk" to federal agencies, American cyber officials warned on Wednesday – while also blaming Democrats for the ongoing government shutdownl.
Security shop F5 today said "highly sophisticated nation-state" hackers broke into its network and stole BIG-IP source code, undisclosed vulnerability details, and customer configuration data belonging to a "small percentage" of its users.
'Highly sophisticated' government goons hacked F5
: And they swiped a limited amount of customers' config data
www.theregister.com
October 15, 2025 at 3:55 PM
Security shop F5 today said "highly sophisticated nation-state" hackers broke into its network and stole BIG-IP source code, undisclosed vulnerability details, and customer configuration data belonging to a "small percentage" of its users.
EXCLUSIVE: I spoke with @spycloudlabs.bsky.social researcher Aurora Johnson and @urlscan-bot.bsky.social researcher Jake Sloane about DIY phishing kit YYlaiyu that impersonates 97 different brands across 2,158 domains: " They're hitting globally, so almost no one is safe."
Phishing kit YYlaiyu impersonates 97 brands for fraud
Exclusive: Researchers tracking 2,158 domains hosting YYlaiyu phishing pages
www.theregister.com
October 10, 2025 at 10:14 PM
EXCLUSIVE: I spoke with @spycloudlabs.bsky.social researcher Aurora Johnson and @urlscan-bot.bsky.social researcher Jake Sloane about DIY phishing kit YYlaiyu that impersonates 97 different brands across 2,158 domains: " They're hitting globally, so almost no one is safe."
London cops on Tuesday arrested two teenagers on suspicion of computer misuse and blackmail following a ransomware attack on a chain of London preschools.
Teens arrested in London preschool ransomware attack
: Both men, 17, taken into custody
www.theregister.com
October 7, 2025 at 11:20 PM
London cops on Tuesday arrested two teenagers on suspicion of computer misuse and blackmail following a ransomware attack on a chain of London preschools.
Despite multiple arrests and talk of retirement, a crew now calling itself Scattered LAPSUS$ Hunters has reemerged with a data-leak site listing about 40 companies’ Salesforce environments, and is demanding $989.45 to prevent what it claims is about 1B stolen records.
www.theregister.com
October 3, 2025 at 9:52 PM
Despite multiple arrests and talk of retirement, a crew now calling itself Scattered LAPSUS$ Hunters has reemerged with a data-leak site listing about 40 companies’ Salesforce environments, and is demanding $989.45 to prevent what it claims is about 1B stolen records.
Cybersecurity training, beards, and body fat have something in common, according to the Pentagon. They're not helping the US military fight and win wars.
Pentagon relaxes military cybersecurity training
: Beards, body fat, and cyber refreshers now frowned upon
www.theregister.com
October 2, 2025 at 11:11 PM
Cybersecurity training, beards, and body fat have something in common, according to the Pentagon. They're not helping the US military fight and win wars.
SCOOP: The US Air Force confirmed it's investigating a "privacy-related issue" amid reports of a Microsoft SharePoint-related breach and subsequent service-wide shutdown, rendering mission files and other critical tools potentially unavailable to service members.
Air Force admits SharePoint privacy issue; reports of breach
Exclusive: Uncle Sam can't quit Redmond
www.theregister.com
October 1, 2025 at 6:10 PM
SCOOP: The US Air Force confirmed it's investigating a "privacy-related issue" amid reports of a Microsoft SharePoint-related breach and subsequent service-wide shutdown, rendering mission files and other critical tools potentially unavailable to service members.