@jessicalyons
Cybersecurity editor @theregister.com Contact me with tips: jessica.lyons@theregister.com or jess.825 on Signal Mama bear, book worm, outdoor lover, coffee and wine snob. PNW after decades in Santa Cruz but Blazers fan always.
A developer says their company is on the hook for more than $82,000 in unauthorized charges after a stolen Google Gemini API key racked massive usage costs up in just 48 hours.
Thinking back to Ben Franklin, we saw society moving in the right direction for the last 500 years because of our commitment to science, human rights, etc., and that seems to be at the very least slowing down, if not reversing,β Jake Braun told me via The Register.
Two US residents have sued several Homeland Security agencies and officials, including Secretary Kristi Noem, for allegedly using surveillance tools to harass them, branding them as "domestic terrorists," and even showing up at their homes based on license-plate recognition.
BREAKING: Adidas has confirmed it is investigating a third-party breach at one of its partner companies after digital thieves claimed they stole information and technical data from the German sportswear giant.
agreed
CarGurus allegedly suffered a data breach with 1.7 million corporate records stolen, according to a notorious cybercrime crew that posted the online vehicle marketplace on its leak site on Wednesday.
Your supervisor may like using employee monitoring apps to keep tabs on you, but crims like the snooping software even more. Threat actors are now using legit bossware to blend into corporate networks and attempt ransomware deployment.
HT: @huntress.com security operations analyst Michael Tigges
EXCLUSIVE: I spoke with Binary Defense lead threat hunter John Dwyer about a new type of payroll scam where attackers call the help desk, force an MFA token reset, and use the org's own VDI to access HR platforms and reroute paychecks. As John told me: "Every employee on earth becomes a target."
A digital intruder broke into an AWS cloud environment and in just under 10 minutes went from initial access to administrative privileges, thanks to an AI speed assist.
Maybe everything is all about timing, like the time (this week) America's lead cyber-defense agency sounded the alarm on insider threats after it came to light that its senior official uploaded sensitive documents to ChatGPT.
Or maybe it's about hypocrisy.
BREAKING Greg Bovino has been removed as Border Patrol "commander at large" and will return to El Centro Calif, where he is expected to retire soon. A stunning turnaround after Pretti killing. Bovino's traveling blue city crackdown is over www.theatlantic.com/politics/202...
ShinyHunters has targeted around 100 organizations in its latest Okta single sign-on (SSO) credential stealing campaign, according to researchers and the criminal group itself.
For every person that was at the march today there was also someone tailing ICE vehicles or watching over a neighborhood business or doing mutual aid. This crowd is only part of us!
I love this state, I love this city (and I'm including the whole metro in that).
More than 400 tech workers have urged their CEOs to "call the White House and demand ICE leave our cities" after masked federal agents shot and killed Alex Pretti over the weekend and the world's richest and most powerful chief executives remained silent.
BREAKING: The US Cybersecurity and Infrastructure Security Agency won't attend the annual RSA Conference in March, an agency spokesperson confirmed to The Register.
ShinyHunters has claimed responsibility for an Okta voice-phishing campaign during which the extortionist crew allegedly gained access to Crunchbase and Betterment.
Now if ICE would just stop shooting people... www.theregister.com/2026/01/09/h...
I can now die a satisfied man. I've been quoted in the NYTimes before, but never in The Register (my absolute favorite IT tabloid). Today I was quoted in The Reg. Thank you @jessicalyons.bsky.social for letting me contribute to your article - www.theregister.com/2026/01/08/c...
Thank you for your insight!
BREAKING: ESA confirmed yet another massive security breach, and told me via @theregister.com that the data thieves responsible will be subject to a criminal investigation.
This story illustrates the importance of transparency and clear communication when it comes to bug bounties. If we want ethical hackers to report vulns so they can be fixed before the criminals find and exploit them, bug bounties need to keep their end of the bargain.
A cybercrook claims to have breached Pickett and Associates, a Florida-based engineering firm whose clients include major US utilities, and is selling what they claim to be about 139 GB of engineering data about Tampa Electric Company, Duke Energy Florida, and American Electric Power.
I sat down (virtually) with Remedio CEO Tal Kollender to discuss her former life hacking video games and how that led her to start a security company that uses AI to defend against AI.
"In my past life, it would take us 360 days to develop an amazing zero day," Zafran Security CEO Sanaz Yashar told me via @theregister.com. I had a great conversation with the former "hacking architect" whose startup uses AI to map and manage companies' threat exposure - you can read it all here:
"I view this as a canary in the coal mine," Tea co-founder Tim Lewis told me via @theregister.com
Shiny Hunters claims to be behind the breach, while Mixpanel tells us a Pornhub parent company employee - not the analytics provider - last accessed the stolen data: "If this data is in the hands of an unauthorized party, we do not believe that is the result of a security incident at Mixpanel."
