Jessica Lyons Hardcastle

Santa Cruz

Cybersecurity Editor at The Register

Cybersecurity Editor @TheRegister / @SitPub Not posting on X but you can find me at Bluesky: @jessicalyons.bsky.social

Articles

75+ global orgs hit by suspected Chinese spy crew

2 weeks ago | theregister.com | Jessica Lyons Hardcastle

An IT services company, a European media group, and a South Asian government entity are among the more than 75 companies where China-linked groups have planted malware to access strategic networks should a conflict break out. SentinelLABS, the threat intel and research arm of security shop SentinelOne, uncovered these new clusters of malicious activity when the suspected Chinese spies tried to break into SentinelOne's own servers in October.
ChatGPT for evil: Fake IT resumes, misinfo, and more

3 weeks ago | theregister.com | Jessica Lyons Hardcastle

Fake IT workers possibly linked to North Korea, Beijing-backed cyber operatives, and Russian malware slingers are among the baddies using ChatGPT for evil, according to OpenAI's latest threat report. The AI giant said it quashed 10 operations using its chatbot to conduct social engineering and cyber snooping campaigns, generate spammy social media content, and even develop a multi-stage malware campaign targeting people and organizations around the globe.
US puts $10M bounty on RedLine dev and state-backed crew

3 weeks ago | theregister.com | Jessica Lyons Hardcastle

The US government is offering up to $10 million for information on foreign government-backed threat actors linked to the RedLine malware, including its suspected developer, Maxim Alexandrovich Rudometov.
AT&T investigates claimed sale of 70m customer data dump

3 weeks ago | theregister.com | Jessica Lyons Hardcastle

AT&T is investigating claims that millions of its customers' data are listed for sale on a cybercrime forum in what appears to be a re-release from an earlier hack. "It is not uncommon for cybercriminals to re-package previously disclosed data for financial gain," an AT&T spokesperson told The Register.
Senator hounds Trump’s cyber pick over CISA cuts

3 weeks ago | theregister.com | Jessica Lyons Hardcastle

Sean Cairncross, President Donald Trump's nominee to serve as national cyber director, doubled down on taking offensive cyber actions against foreign adversaries during a Senate homeland security committee nomination hearing on Thursday, and refused to condemn the president's proposed cuts to the main US cyber defense agency. Cairncross is a former White House advisor from Trump's first term and a former Republican National Committee official.
Fake IT support calls hit 20 orgs, end in stolen data

3 weeks ago | theregister.com | Jessica Lyons Hardcastle

A group of financially motivated cyberscammers who specialize in Scattered-Spider-like fake IT support phone calls managed to trick employees at about 20 organizations into installing a modified version of Salesforce's Data Loader that allows the crims to steal sensitive data. Google Threat Intelligence Group (GTIG) tracks this crew as UNC6040, and in research published today said they specialize in voice-phishing campaigns targeting Salesforce instances for large-scale data theft and extortion.
Microsoft et al pledge 'clarity' on cybercrew names - hmph

3 weeks ago | theregister.com | Jessica Lyons Hardcastle

Opinion Microsoft and CrowdStrike made a lot of noise on Monday about teaming up with other threat-intel outfits to "bring clarity to threat-actor naming."It's a great idea that would benefit network defenders tasked with keeping track of the 200-plus nation-state, financially motivated, and hacktivist crews that all the major security vendors and government agencies call by different names. Take Cozy Bear, also dubbed Midnight Blizzard, APT29, or UNC2452, depending on who you ask.
Google pushes emergency fix for high-severity Chrome 0-day

3 weeks ago | theregister.com | Jessica Lyons Hardcastle

Google revealed Monday that it had quietly deployed a configuration change last week to block active exploitation of a Chrome zero-day. Google Threat Analysis Group (TAG) team members Clement Lecigne and Benoît Sevens spotted the high-severity bug, tracked as CVE-2025-5419, on May 27. It's an out-of-bounds read and write vulnerability in Chrome's V8 JavaScript engine that could allow a remote attacker to corrupt memory and potentially hijack execution via a booby-trapped HTML page.
Illicit crypto-miners pouncing on insecure DevOps tools

3 weeks ago | theregister.com | Jessica Lyons Hardcastle

Up to a quarter of all cloud users are at risk of having their computing resources stolen and used to illicitly mine for cryptocurrency, after crims cooked up a campaign that targets publicly accessible DevOps tools. Wiz Threat Research spotted the campaign and attributed it to an attacker it named JINX–0132, which it says exploits misconfigurations and vulnerabilities in multiple applications to deploy mining software.
Senators to Noem: Axing review board puts 'lives at risk'

3 weeks ago | theregister.com | Jessica Lyons Hardcastle

A group of Democratic senators has urged Homeland Security Secretary Kristi Noem to reestablish the Cyber Safety Review Board (CSRB), which had been investigating how China's Salt Typhoon hacked US government and telecommunications networks. President Donald Trump, on his first day in office, axed the review board's members, along with all those on all advisory committees that report to the Department of Homeland Security.