Lightnews — Scholar-powered news

Jessica Lyons @jessicalyons.bsky.social · 22h

London cops on Tuesday arrested two teenagers on suspicion of computer misuse and blackmail following a ransomware attack on a chain of London preschools.

Teens arrested in London preschool ransomware attack

: Both men, 17, taken into custody

www.theregister.com

2 7

Jessica Lyons @jessicalyons.bsky.social · 5d

Despite multiple arrests and talk of retirement, a crew now calling itself Scattered LAPSUS$ Hunters has reemerged with a data-leak site listing about 40 companies’ Salesforce environments, and is demanding $989.45 to prevent what it claims is about 1B stolen records.

www.theregister.com

1 2

Jessica Lyons @jessicalyons.bsky.social · 5d

Ret US Navy Rear Admiral Mark Montgomery said it best: "This policy seems more like theatrics and less like readiness."

5

Jessica Lyons @jessicalyons.bsky.social · 5d

Cybersecurity training, beards, and body fat have something in common, according to the Pentagon. They're not helping the US military fight and win wars.

Pentagon relaxes military cybersecurity training

: Beards, body fat, and cyber refreshers now frowned upon

www.theregister.com

3 3 6

Jessica Lyons @jessicalyons.bsky.social · 7d

SCOOP: The US Air Force confirmed it's investigating a "privacy-related issue" amid reports of a Microsoft SharePoint-related breach and subsequent service-wide shutdown, rendering mission files and other critical tools potentially unavailable to service members.

Air Force admits SharePoint privacy issue; reports of breach

Exclusive: Uncle Sam can't quit Redmond

www.theregister.com

1 3 5

Jessica Lyons @jessicalyons.bsky.social · 14d

"As more companies scan their systems, we anticipate we'll be hearing about this campaign for the next one to two years," @mandiant.com CTO Charles Carmakal told me via @theregister.com.

Suspected Chinese spies broke into 'numerous' enterprises

: Mandiant CTO anticipates 'hearing about this campaign for the next one to two years'

www.theregister.com

6 10

Jessica Lyons @jessicalyons.bsky.social · 15d

Las Vegas police arrested an unnamed teen accused of breaking into multiple Las Vegas casino networks in 2023, as part of a series of hacks attributed to Scattered Spider.

Vegas cops book teen allegedly involved in casino hacks

: Not old enough to drink, old enough to be accused of causing millions in damage

www.theregister.com

1 1

Jessica Lyons @jessicalyons.bsky.social · 15d

SolarWinds on Tuesday released a hotfix - again - for a critical, 9.8-severity flaw in its Web Help Desk IT ticketing software that could allow a remote, unauthenticated attacker to run commands on a host machine.

SolarWinds patches critical RCE - for the third time

: Or maybe 3 strikes, you're out?

www.theregister.com

3 9

Jessica Lyons @jessicalyons.bsky.social · 19d

Doesn't sound like the Norks.

Jessica Lyons @jessicalyons.bsky.social · 19d

Perhaps the most incriminating: Somebody took cryptocurrency from a wallet on a server that also held ransom funds and bought gaming gift cards tied to an account in Jubair's name, as well as food-delivery gift cards, which were then used to order takeout to the apartment complex where he lived.

Scattered Spider teen cuffed after crypto splurge on games

: Bad opsec

www.theregister.com

Jessica Lyons @jessicalyons.bsky.social · 21d

Spiders don't change their stripes. Despite gang members' recent retirement claims, Scattered Spider hasn't exited the cybercrime business and instead has shifted focus to the financial sector, with a recent digital intrusion at a US bank.

Scattered Spider gang feigns retirement, breaks into bank

: You didn't really trust the crims to keep their word, did you?

www.theregister.com

1 2 4

Jessica Lyons @jessicalyons.bsky.social · 23d

A new ransomware strain dubbed HybridPetya was able to exploit a patched vulnerability to bypass UEFI Secure Boot on Windows systems, making it the fourth publicly known bootkit capable of punching through the feature and hijacking a PC before the operating system loads.

HybridPetya ransomware dodges UEFI Secure Boot

: Although it hasn't been seen in the wild yet

www.theregister.com

2

Jessica Lyons @jessicalyons.bsky.social · 27d

"We have observed high-confidence account takeovers in multiple entities," as new phishing service makes it really easy for criminals to hijack Google and Microsoft accounts.

www.theregister.com

6 9

Jessica Lyons @jessicalyons.bsky.social · 27d

"Like Cobalt Strike, it can be used for legitimate purposes but it is also ready to be used maliciously without expertise needed since it is fully automated," Dan Regalado, principal AI security researcher at Straiker, told me via @theregister.com

AI-powered penetration tool downloaded 10K times

: Shady, China-based company, all the apps needed for a fully automated attack - sounds totally legit

www.theregister.com

3

Jessica Lyons @jessicalyons.bsky.social · 29d

Sensitive info from hundreds of thousands of gym customers and staff – including names, financial details, and potentially biometric data in the form of audio recordings – was left sitting in an unencrypted, non-password protected database, according to a security researcher who shut it down.

Call audio from gym members, employees in open database

Exclusive: HelloGym's data security clearly skipped leg day

www.theregister.com

2

Jessica Lyons @jessicalyons.bsky.social · Sep 8

"This is literally, exactly the code that I wrote, and it's the same functions and the same prompts," NYU engineering student and doctoral candidate Md Raz told me via @theregister.com. "And they think it's a real attack."

The crazy, true story behind the first AI-powered ransomware

interview: tldr; boffins did it

www.theregister.com

1 4 5

Jessica Lyons @jessicalyons.bsky.social · Sep 3

"Like other security frameworks, it can be misused, but it does not include pre-built zero-day exploits," the developer of HexStrike AI told me amid reports of criminals using the red-teaming tool against Citrix NetScaler bugs within hours of disclosure.

Crims boast of using HexStrike AI against Citrix bugs

: LLMs and 0-days - what could possibly go wrong?

www.theregister.com

1 2

Jessica Lyons @jessicalyons.bsky.social · Sep 3

It looks like you’re ransoming data. Would you like some help?

Here's how ransomware crims are abusing AI tools

: AI-powered ransomware, extortion chatbots, vibe hacking … just wait until agents replace affiliates

www.theregister.com

1 1 3

Jessica Lyons @jessicalyons.bsky.social · Aug 29

Amazon today said it disrupted an intel-gathering attempt by Russia's APT29 to trick Microsoft users into unwittingly granting the Kremlin-backed cyberspies access to their accounts and data.

AWS nails Russia's Cozy Bear trying to nick Microsoft creds

: Look who's visiting the watering hole these days

www.theregister.com

3 7

Jessica Lyons @jessicalyons.bsky.social · Aug 29

"There's a good chance this espionage campaign has stolen information from nearly every American," Michael Machtinger, deputy assistant director for the FBI's cyber division, told me via @theregister.com

FBI cyber cop: Salt Typhoon pwned 'nearly every American'

: Plus millions of other people across 80+ countries

www.theregister.com

1 4 8

Reposted by Jessica Lyons

The Register @theregister.com · Aug 28

Older developers are down with the vibe coding vibe

They use AI more but also check it more For those who thought AI vibe coding was just for the youngsters, newly published research shows that developers with over 10 years of experience are more than twice as likely to do it.…

dlvr.it

3 2 12

Jessica Lyons @jessicalyons.bsky.social · Aug 26

ESET malware researchers Anton Cherepanov and Peter Strycek discovered what they describe as the "first known AI-powered ransomware," which they named PromptLock. The good news is that the malware doesn't appear to be fully functional — yet. www.theregister.com/2025/08/26/f...

First AI-powered ransomware PoC spotted

: Oh, look, a use case for OpenAI's gpt-oss-20b model

www.theregister.com

6 6

Jessica Lyons @jessicalyons.bsky.social · Aug 26

Cybercriminals are targeting critical US manufacturers and supply-chain companies, looking to steal sensitive IP and other data. Their attack involves a novel twist on phishing — and a photo of White House butlers.

ZipLine cyber attack uses White House butler pic

: 'Many dozens' targeted in ongoing campaign, CheckPoint researcher tells The Reg

www.theregister.com

2

Jessica Lyons @jessicalyons.bsky.social · Aug 20

Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to leak secrets, including API keys from a developer's machine, and run arbitrary code.

AWS patches Q Developer after prompt injection, RCE demo

: Move along, nothing to see here

www.theregister.com

2 2

Jessica Lyons @jessicalyons.bsky.social · Aug 19

A now-patched flaw in popular AI model runner Ollama allows drive-by attacks in which a miscreant uses a malicious website to remotely target people's personal computers, spy on their local chats, and even control the models the victim's app talks to. HT to GitLab's Chris Moberly who found the bug.

Ollama bug allows drive-by attacks - patch now

: Reconfigure local app settings via a 'simple' POST request

www.theregister.com

2