Lily Hay Newman

Lily Hay Newman is an American journalist who covers cybersecurity, digital privacy, and information security for WIRED magazine. As a senior writer on the publication's security desk, Newman reports on a wide range of topics including data breaches, surveillance technology, government cyber operations, hacking, and emerging threats to digital infrastructure. Her work examines the intersection of technology policy, national security, and the practical implications of vulnerabilities in the systems that underpin modern digital life. Newman's reporting has addressed subjects ranging from the security of password managers and corporate streaming platforms to the state of United States federal cybersecurity policy, the commercial spyware industry, and the risks introduced by AI-generated code. Through her sustained coverage at one of the most prominent technology publications in the world, she has become a recognizable byline in the cybersecurity journalism space, producing both in-depth investigative features and regular news analysis that tracks the rapidly evolving threat landscape facing individuals, corporations, and governments.

Career

WIRED

Newman works as a senior writer at WIRED, where she is a member of the magazine's security team. Her beat encompasses cybersecurity, digital privacy, surveillance, hacking, and information security policy. She contributes both long-form investigative articles and shorter news pieces, including the recurring "Security News This Week" roundup column that synthesizes the most significant cybersecurity developments for a general audience.

Her reporting has covered a broad spectrum of cybersecurity issues. In January 2026, Newman reported on the discovery of an unsecured database containing approximately 149 million usernames and passwords, which a security researcher described as a "dream wish list for criminals." The exposed credentials included login information for Gmail, Facebook, and banking services, highlighting the persistent risks posed by improperly secured data stores.^[1]

Newman has also reported extensively on threats to digital privacy arising from decisions made by major technology companies. In March 2026, she covered Meta's decision to remove end-to-end encryption from Instagram direct messages, a move the company attributed to low user opt-in rates. Newman's reporting highlighted the concerns raised by privacy and security experts, who feared the decision could set a precedent that would undermine encrypted communications more broadly across the technology industry.^[2]

Her coverage of government cybersecurity policy has been a recurring theme. In a December 2025 article, Newman examined growing concerns among experts and officials that United States federal cybersecurity efforts were stagnating or deteriorating. The piece explored the effects of government staffing cuts, institutional instability, and a prolonged government shutdown on the country's digital defense capabilities, raising questions about whether these disruptions were creating openings for adversaries.^[3]

Newman has also tracked the intersection of cybersecurity with emerging technology trends. In October 2025, she reported on the security risks associated with "vibe coding"—the practice of using artificial intelligence tools to generate software code. Drawing a parallel with the earlier adoption of open-source components in software development, Newman's article explored how developers' increasing reliance on AI-generated code introduced new categories of risk, as the provenance and security of such code could be difficult to verify.^[4]

Her investigative work has extended to identifying previously unknown vulnerabilities in corporate technology infrastructure. In August 2025, Newman reported on research by a security professional who discovered that flawed API configurations in corporate livestreaming platforms could expose sensitive data. The misconfiguration, described as widespread across the corporate streaming industry, potentially allowed unauthorized access to internal communications and proprietary content.^[5]

Newman's "Security News This Week" column provides regular roundups of significant cybersecurity developments. In a September 2025 edition, she reported on the discovery of a dangerous worm spreading through software packages, an investigation into how American technology companies had reportedly assisted in building China's surveillance infrastructure, and developments involving alleged cybercriminals.^[6] In another installment from February 2026, the column covered vulnerabilities discovered in password managers, the cybersecurity community's response to revelations from the Epstein files, and the United States State Department's plans to develop an online anti-censorship portal.^[7]

The commercial spyware industry has been another area of sustained focus in Newman's reporting. In October 2025, she covered news that a producer associated with the film Happy Gilmore had acquired NSO Group, the Israeli company that developed the Pegasus spyware tool. The same article also addressed the reassignment of United States government cybersecurity personnel to immigration-related duties and the exposure of sensitive age-verification data belonging to Discord users through a hack.^[8]

Coverage of Cyberwarfare and National Security

Newman's reporting at WIRED has intersected with broader debates in the cybersecurity field about the nature and definition of cyberwarfare. The concept of cyberwarfare—the use of cyberattacks against adversary states to cause harm comparable to conventional military conflict or to disrupt critical computer systems—has been the subject of significant academic and policy discussion. Scholars and practitioners have debated whether any cyberattack to date has met the threshold to be classified as an act of war, with some experts arguing that the term "cyberwarfare" is itself a misnomer given the absence of attacks that have produced destruction on the scale of traditional armed conflict.^[9]

The debate over cyberwarfare definitions has practical consequences for the issues Newman covers. Former United States cybersecurity coordinator Howard Schmidt stated in 2010 that "there is no cyberwar," reflecting one school of thought that views the concept as overly alarmist.^[10] Other researchers have contended that cyberattacks causing physical damage to people and property in the real world constitute a form of warfare that demands appropriate policy responses.^[11] The International Committee of the Red Cross has addressed the applicability of international humanitarian law to cyber operations, noting the growing capability of states to conduct offensive and defensive cyber operations.^[12]

Multiple nations—including the United States, United Kingdom, Russia, China, Israel, Iran, and North Korea—have developed active cyber capabilities for both offensive and defensive purposes. As states have increasingly explored the integration of cyber operations with conventional military capabilities, the risk of physical confrontation arising from or accompanying a cyber operation has grown. Newman's reporting on topics such as the state of federal cybersecurity, surveillance technology, and government cyber policy provides ongoing coverage of these developments for a public audience.

The evolving nature of cyber threats has also been examined by scholars who have studied the implications of emerging technologies—such as the Internet of Things—for future conflict scenarios.^[13] Academic research published in outlets such as IEEE and the Bulletin of the Atomic Scientists has explored topics including privacy and security challenges in networked environments and the strategic dimensions of state-sponsored cyber operations.^[14][15] Lucas Kello's book The Virtual Weapon and International Order, published by Yale University Press, examined how cyber capabilities are reshaping international relations and the challenges they pose for existing frameworks of statecraft and conflict.^[16]

These academic and policy debates form the backdrop against which Newman's journalism operates. Her coverage of data breaches, government staffing decisions, commercial spyware, and emerging technological risks provides a journalistic account of how theoretical questions about cyber conflict and digital security manifest in practice.

Recognition

Newman's work at WIRED has placed her among the recognized cybersecurity journalists in American technology media. The WIRED security desk, of which she is a senior member, is one of the most prominent cybersecurity news operations in the industry. Her articles have been cited and referenced by other journalists, researchers, and policymakers working in the information security space. The breadth of her reporting—spanning consumer security, corporate vulnerabilities, government policy, surveillance technology, and emerging threats from AI-generated code—reflects the growing importance of cybersecurity journalism in informing public understanding of digital risks.

The Economist has noted the challenges facing researchers and journalists working at the intersection of computer science and security policy, describing academia as "still grappling with problems that beset computers and networks."^[17] Newman's work occupies this same space, translating complex technical findings and policy developments into accessible reporting for a general audience.

References