Nostr notes by Zack Whittaker

New, by me at TechCrunch: The developer of the widely popular ...

2026-04-08T21:51:55Z

New, by me at TechCrunch: The developer of the widely popular Wireguard VPN says he is also unable to ship software updates to Windows users after Microsoft locked his account, marking the second high-profile app developer (VeraCrypt) in the past few weeks to face this issue.

https://techcrunch.com/2026/04/08/wireguard-vpn-developer-cant-ship-software-updates-after-microsoft-locks-account/

New, by me: Telehealth giant Hims & Hers confirmed its ...

2026-04-02T21:28:29Z

New, by me: Telehealth giant Hims & Hers confirmed its customer service ticketing system was hacked. A spokesperson said it was a social engineering attack. The hacker stole mostly customer support tickets, including customer names and contact information, but also the contents of customer requests.

https://techcrunch.com/2026/04/02/telehealth-giant-hims-hers-says-its-customer-support-system-was-hacked/

Not a joke: Hasbro was hacked. The American toymaking giant said ...

2026-04-01T14:52:13Z

Not a joke: Hasbro was hacked. The American toymaking giant said in an SEC filing that it may take weeks for it to recover. Much of the company's website appears down.

https://techcrunch.com/2026/04/01/hasbro-hacked-may-take-several-weeks-to-recover/

Google has now linked the hack and hijack of the popular Axios ...

2026-03-31T17:48:28Z

Google has now linked the hack and hijack of the popular Axios npm open-source project to North Korea (UNC1069), which is known for stealing cryptocurrency.

Axios is downloaded tens of millions of times weekly, so this hack is likely widespread.

Our updated story: https://techcrunch.com/2026/03/31/hacker-hijacks-axios-open-source-project-used-by-millions-to-push-malware?nocache=1

Today is International Trans Day of Visibility. Sending my love, ...

2026-03-31T12:15:26Z

Today is International Trans Day of Visibility. Sending my love, support, and solidarity to all my trans and non-binary friends. 🏳️‍⚧️❤️

In at least six instances identified by TechCrunch, first ...

2026-03-25T16:52:09Z

In at least six instances identified by TechCrunch, first responders have had to take control of Waymo vehicles and move them out of traffic during emergency situations.

https://techcrunch.com/2026/03/25/waymo-relies-on-firefighters-and-police-to-bail-out-stuck-robotaxis/

Good reporting from NPR on how U.S. federal agencies are simply ...

2026-03-25T14:23:18Z

Good reporting from NPR on how U.S. federal agencies are simply buying people's private information and location data to use in investigations — without getting warrants.

https://www.npr.org/2026/03/25/nx-s1-5752369/ice-surveillance-data-brokers-congress-anthropic

Loved this blog by @npub1u2v…8zpj and Jan Strozyk reflecting 10 ...

2026-03-25T13:03:34Z

Loved this blog by hakan “:verified:” (npub1u2v…8zpj) and Jan Strozyk reflecting 10 years on from the Panama Papers, and how nerds in the newsroom who knew (or learned!) how to script, scrape, and build tools helped to transform modern journalism. Nowadays, handling and parsing data is an indispensable skill.

https://buttondown.com/readwrite/archive/edition-12-on-the-panama-papers-ten-years-later/

Almost exactly four months ago, I wrote about how the Trump ...

2026-03-25T12:32:43Z

Almost exactly four months ago, I wrote about how the Trump administration was preparing to ban TP-Link routers, citing the company's alleged links to China. Now, the FCC has decided to ban *all* new models of foreign-made routers, even though many U.S.-made routers are also full of security flaws.

https://this.weekinsecurity.com/banning-tp-link-wont-save-america-from-its-own-terrible-cybersecurity/

NEW: Someone has publicly leaked an exploit toolkit called ...

2026-03-23T20:44:31Z

NEW: Someone has publicly leaked an exploit toolkit called DarkSword, which allows any hacker or cybercriminal to easily hack iPhones and iPads running iOS 18.

Apple said it is aware & has issued patches. Security researchers have already tested the code as working.

w/ Lorenzo Franceschi-Bicchierai (npub1xvw…ksg7): https://techcrunch.com/2026/03/23/someone-has-publicly-leaked-an-exploit-kit-that-can-hack-millions-of-iphones/

FBI director Kash Patel confirms the FBI is buying location data ...

2026-03-18T16:58:02Z

FBI director Kash Patel confirms the FBI is buying location data and histories that can be used for tracking people. It's the first time in recent years that the FBI has said it's actively buying this information, without needing a warrant.

https://www.politico.com/news/2026/03/18/fbi-buying-data-track-people-patel-00834080

On my flight back to the U.S. this week, I wrote some words about ...

2026-03-18T12:18:35Z

On my flight back to the U.S. this week, I wrote some words about why age verification laws threaten the security and privacy of everyone on the internet. By requiring people to upload their IDs, governments are sleepwalking the world into an inevitable data disaster.

For my newsletter and blog ~ this week in security ~

Read online: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/

Sign up for my weekly newsletter: https://this.weekinsecurity.com

Breaking from vacation because this is huge/👀. Per Burgess ...

2026-03-11T09:39:59Z

Breaking from vacation because this is huge/👀.

Per Burgess Everett on Bluesky: Sen. Ron Wyden says there's secret classified info in 702 surveillance program about Americans' privacy.

Americans "are going to be stunned that it took so long and that Congress has been debating this authority with insufficient information."

FAA 702 already allows warrantless surveillance of Americans' comms. Can't think how this extends. Collection of wholly domestic communications?

https://www.semafor.com/newsletter/03/10/2026/pm-semafor-washington-dc-threat-level

In 2025, I found 3 popular apps leaking sensitive user data ...

2026-03-07T14:32:13Z

In 2025, I found 3 popular apps leaking sensitive user data thanks to simple security bugs. In this *very* deep-dive for subscribers, this is how I use network analysis tools (like Burp) to understand how apps and websites work & share your data — and how you can, too!

I explain how to get started with Burp and similar browser tools, we'll explore API basics, how to understand network requests, and how to get started. I'll also include examples for you to follow along.

https://this.weekinsecurity.com/a-beginners-guide-burp-suite-analyzing-network-traffic-of-apps-and-websites/

Meta is facing a new lawsuit over its AI smart glasses, after a ...

2026-03-05T17:56:53Z

Meta is facing a new lawsuit over its AI smart glasses, after a news investigation found subcontractors are reviewing footage from customers' glasses, which "included sensitive content, like nudity, people having sex, and using the toilet."

https://techcrunch.com/2026/03/05/meta-sued-over-ai-smartglasses-privacy-concerns-after-workers-reviewed-nudity-sex-and-other-footage/

Seems like the whole world is melting down so I'm gonna break ...

2026-03-04T01:28:29Z

Seems like the whole world is melting down so I'm gonna break my longstanding rule of not posting my feet to the internet to post this snap of my incredibly handsome loaf cat.

If you like my reporting, you might also like my free weekly ...

2026-02-28T00:18:55Z

If you like my reporting, you might also like my free weekly cyber newsletter ~ this week in security ~ which packs in all the news you can use from the week, plus sections dedicated to good news and a reader-submitted cyber-cat. Goes out on Sundays by email & RSS. Newsletter archive & blog online. 🐈‍⬛

https://this.weekinsecurity.com

Some independent/local news outlets I read and recommend. Share ...

2026-02-27T13:26:13Z

Some independent/local news outlets I read and recommend. Share yours!

https://www.zetter-zeroday.com
https://citationneeded.news
https://www.lawdork.com
https://krebsonsecurity.com
https://404media.co
https://techdirt.com
https://www.metacurity.com
https://www.thehandbasket.co
https://www.garbageday.email
https://indicator.media
https://www.wheresyoured.at
https://www.courtwatch.news
https://realhackhistory.org
https://www.londoncentric.media
https://privacyguides.org
https://databreaches.net

Despite a FOIA and an appeal, the FBI refuses to say why agents ...

2026-02-25T13:58:36Z

In reply to nevent1q…nh2g
_________________________

Despite a FOIA and an appeal, the FBI refuses to say why agents visited my home or if I was (or am) under investigation for my work. I still can't go to Mexico, or anywhere that relies on its airspace, unsure as to what view authorities there might take if I ever cross into its territory.

https://this.weekinsecurity.com/fbi-agents-visited-my-home-about-an-article-i-wrote-and-now-i-cannot-go-to-mexico/

In 2020, the FBI came to my house to try to ask me questions ...

2026-02-25T13:57:05Z

In 2020, the FBI came to my house to try to ask me questions about a story I'd written. I declined.

I wrote about the back-story of what happened that day and after, my outstanding questions, and why press freedoms have taken a major step back under Trump's second term.

More: https://this.weekinsecurity.com/fbi-agents-visited-my-home-about-an-article-i-wrote-and-now-i-cannot-go-to-mexico/

Trump is "weighing a possible executive order or other action ...

2026-02-24T18:45:47Z

Trump is "weighing a possible executive order or other action that would require banks to collect citizenship information from customers." This order could task banks, reportedly alarmed, with checking IDs of "both new and pre-existing customers who want to maintain a bank account in the U.S."

WTF. https://www.wsj.com/politics/policy/trump-administration-considers-action-requiring-banks-to-collect-citizenship-info-8e26f6d2

Have a peaceful evening, and weekend. ...

2026-02-21T03:13:12Z

Have a peaceful evening, and weekend.

Uhh, whoops. ...

2026-02-18T14:51:06Z

Uhh, whoops. https://techcrunch.com/2026/02/18/microsoft-says-office-bug-exposed-customers-confidential-emails-to-copilot-ai/

Apple reportedly working on creepware, aka surveillance glasses ...

2026-02-17T18:19:13Z

Apple reportedly working on creepware, aka surveillance glasses and other AI-enabled always-on devices.

Not sure how Apple squares these products with its long-standing stance that, "Privacy is a fundamental human right."

https://www.bloomberg.com/news/articles/2026-02-17/apple-ramps-up-work-on-glasses-pendant-and-camera-airpods-for-ai-era?srnd=undefined

I wrote some words for ~ this week in security ~ about how social ...

2026-02-14T14:16:09Z

I wrote some words for ~ this week in security ~ about how social media giants (aka: ad tech companies!) track you around the web, even if you don't have an account or use their apps. Follows from a brilliant column in the BBC about TikTok's use of website "pixels" to track people's browsing activity.

More: https://this.weekinsecurity.com/how-tech-giants-track-you-across-the-web-even-if-you-do-not-use-their-apps/

Sign up (or RSS) for the weekly newsletter, out Sundays. No email open or link click tracking! https://this.weekinsecurity.com

After threatening to ban TP-Link router sales over alleged links ...

2026-02-12T23:04:45Z

After threatening to ban TP-Link router sales over alleged links to China (which TP-Link denies), the Trump administration has reportedly put that ban plan on hold ahead of a summit with China, suggesting it was political leverage and not about cybersecurity.

From me in November: https://this.weekinsecurity.com/banning-tp-link-wont-save-america-from-its-own-terrible-cybersecurity/

From Reuters today: https://reuters.com/business/media-telecom/us-china-trade-detente-fuels-mothballing-key-china-tech-curbs-2026-02-12/ (via Metacurity (npub102x…wzj6))

New, by me: Microsoft has fixed three zero-day bugs in Windows ...

2026-02-11T21:33:52Z

New, by me: Microsoft has fixed three zero-day bugs in Windows and Office that are being actively abused by hackers to break into people's computers. Microsoft said three of the exploits are now public.

Google, which helped find the bugs, said one of them is under “widespread, active exploitation."

https://techcrunch.com/2026/02/11/microsoft-says-hackers-are-exploiting-critical-zero-day-bugs-to-target-windows-and-office-users/

Prosecutors have confirmed for the first time that Peter ...

2026-02-11T18:49:22Z

Prosecutors have confirmed for the first time that Peter Williams, the former boss of L3Harris' Trenchant unit (which makes hacking and surveillance tools for the U.S. govermment and its allies), sold the company's exploits to a Russian broker that were capable of accessing "millions of computers and devices" around the world.

Williams, who pleaded guilty, is expected to be sentenced in the next two weeks.

https://techcrunch.com/2026/02/11/doj-says-trenchant-boss-sold-exploits-to-russian-broker-capable-of-accessing-millions-of-computers-and-devices/

New, by @npub1xvw…ksg7: Google sent personal and financial data ...

2026-02-10T20:48:11Z

New, by Lorenzo Franceschi-Bicchierai (npub1xvw…ksg7): Google sent personal and financial data about a student and journalist, who attended a pro-Palestine protest in 2024, to ICE agents in response to an "administrative subpoena," which had not been approved by a judge.

https://techcrunch.com/2026/02/10/google-sent-personal-and-financial-information-of-student-journalist-to-ice/

For my newsletter and blog, I wrote about how Apple's ...

2026-02-10T13:53:40Z

For my newsletter and blog, I wrote about how Apple's Lockdown Mode, once billed as an "extreme" security protection for iPhones, iPads, Macs and Watches, has passed a major real-world test by blocking the feds from accessing a journalist's phone.

Free to read; with additional words, advice, and guidance for paying subscribers: https://this.weekinsecurity.com/apple-lockdown-mode-once-an-extreme-security-protection-now-a-necessity-for-americans/

Sign up/RSS for the weekly newsletter: https://this.weekinsecurity.com

SCOOP: A hacktivist has scraped more than half a million payment ...

2026-02-09T16:23:36Z

SCOOP: A hacktivist has scraped more than half a million payment records from a comapny that makes consumer-grade spyware and other phone tracking apps, exposing customers' email addresses and partial payment data. TechCrunch verified the scraped data is authentic.

By Lorenzo Franceschi-Bicchierai (npub1xvw…ksg7) and me:

https://techcrunch.com/2026/02/09/hacktivist-scrapes-over-500000-stalkerware-customers-payment-records/

A Politico story out today describes how Oura wearable rings are ...

2026-02-09T14:29:29Z

A Politico story out today describes how Oura wearable rings are winning over Washington, but makes no real mention of their privacy or security risks.

But... in my piece about Oura rings from last year, I explain how Oura puts user data at risk from goverment agencies (like ICE), and hackers.

• Oura data isn't end-to-end encrypted
• Sensitive health data can be accessed by Oura staff
• Oura said it has received government demands for user data.

https://this.weekinsecurity.com/oura-ring-deal-raises-valid-concerns-about-users-health-data-security/

I had no idea that pigeons are so awesome. Sure, they can't ...

2026-02-08T01:32:59Z

In reply to nevent1q…f0ca
_________________________

I had no idea that pigeons are so awesome. Sure, they can't build a nest for shit, but clearly they found a place of safety, took care of each other, loved their babies, and did a great job of raising their young. They're smart and resilient. And I'm really proud of them!

Thanks for reading! /FIN.

And within a week, they were gone! We saw them flapping on the ...

2026-02-08T01:30:55Z

In reply to nevent1q…5ldp
_________________________

And within a week, they were gone! We saw them flapping on the balcony, increasingly getting lift… sometimes flying into our balcony doors (with less frequency; they learned!) On Jan. 8, the second baby pigeon took off into the world.

Me: 🥲

By the first week of January, the fledglings emerged from under ...

2026-02-08T01:28:07Z

In reply to nevent1q…ecvz
_________________________

By the first week of January, the fledglings emerged from under our furniture and started exploring our balcony for the first time. They were pretty confident by the looks of it, and their parents were on the neighbor's balcony keeping watch. (Redacted for opsec.)

And a particularly funny moment when bird meets Birdcam. ...

2026-02-08T01:26:06Z

In reply to nevent1q…a7r9
_________________________

And a particularly funny moment when bird meets Birdcam.

We're now at Dec. 31 and they're now fledglings, with ...

2026-02-08T01:25:10Z

In reply to nevent1q…6j4q
_________________________

We're now at Dec. 31 and they're now fledglings, with much of their feathers grown and they will soon leave the nest and fly away. (Any time they get excited, or fed, we can hear them chirping from the other side of the glass; our regular reminder that we are pigeon landlords.)

I wasn't kidding when we called it Birdcam. Look at this ...

2026-02-08T01:22:40Z

In reply to nevent1q…024p
_________________________

I wasn't kidding when we called it Birdcam. Look at this little face! (Yes, this video feed was end-to-end encrypted.)

All the while, these pigeon babies are getting bigger, their ...

2026-02-08T01:21:29Z

In reply to nevent1q…jtxv
_________________________

All the while, these pigeon babies are getting bigger, their feathers are developing, and they're getting more inquisitive, gaining independence from their parents.

By Dec. 18, the pigeon parents began leaving the babies on their ...

2026-02-08T01:19:59Z

In reply to nevent1q…2gul
_________________________

By Dec. 18, the pigeon parents began leaving the babies on their own for longer, seemingly to test their boundaries. The more time on their own, the more independent they become (we think). Where are the pigeon parents going? We saw them flying to …the neighboring balcony, just patiently waiting!

By Dec. 17, and these pigeon darlings are fully fledged rowdy ...

2026-02-08T01:17:59Z

In reply to nevent1q…9s2w
_________________________

By Dec. 17, and these pigeon darlings are fully fledged rowdy little fuckers any time they're getting fed. As you can imagine with four of them sharing this space, there's lots of poop — but we didn't want to risk a human presence going in and inadvertently scaring them.

Two weeks in, and… yeah, turns out even pigeon parents need ...

2026-02-08T01:16:37Z

In reply to nevent1q…ucxd
_________________________

Two weeks in, and… yeah, turns out even pigeon parents need their peace, quiet, and a bit of space.

By Dec. 10, the beebs are starting to get bigger and you can see ...

2026-02-08T01:14:56Z

In reply to nevent1q…f588
_________________________

By Dec. 10, the beebs are starting to get bigger and you can see how much they've grown in just over a week. We're not interacting with them at all because we don't want them to get accustomed to humans (and also we really would like our balcony back at some point, lol).

It was getting even colder during the day, around freezing, so we ...

2026-02-08T01:12:58Z

In reply to nevent1q…80ah
_________________________

It was getting even colder during the day, around freezing, so we put outside a raggedy old towel in their not-very-nest. Just trying to be a good pigeon landlord here, move along.

Brief intermission: Here's one whole minute of a pigeon ...

2026-02-08T01:11:07Z

In reply to nevent1q…t95v
_________________________

Brief intermission: Here's one whole minute of a pigeon throwing up into the mouths of its young. This is how they are fed. Baby pigeons have one job, and that is to stay alive. They don't leave the nest until they're fully grown. That's why you never really see baby pigeons out in the world.

They'd just sit here for hours, nesting on top of these tiny ...

2026-02-08T01:07:42Z

In reply to nevent1q…k4hr
_________________________

They'd just sit here for hours, nesting on top of these tiny fluffballs to keep them warm as the temperatures continued to drop, presumably just thinking about how to pay for pigeon college or whatever. We put out some yarn for them in case they wanted to build up their nest. They declined, clearly.

Over the next few days, the pigeon parents would sit on the baby ...

2026-02-08T01:05:33Z

In reply to nevent1q…ng8c
_________________________

Over the next few days, the pigeon parents would sit on the baby pigeons and occasionally swap every few hours, while the other would go out and get food. The baby pigeons would only be uncovered for a few seconds or so. They were tiny little things, so they would get cold very quickly.

Almost exactly a day later… [P...p...p… player four has ...

2026-02-08T01:02:48Z

In reply to nevent1q…ynr3
_________________________

Almost exactly a day later…

[P...p...p… player four has entered the game.] *airhorn*

The egg hatched, and pigeon parent on duty removed it, and there ...

2026-02-08T00:59:27Z

In reply to nevent1q…d826
_________________________

The egg hatched, and pigeon parent on duty removed it, and there it was, the tiniest little baby pigeon. I let out an almighty squee of joy.

Then two weeks later on Dec. 1, Birdcam sent a notification to ...

2026-02-08T00:56:05Z

In reply to nevent1q…7ggx
_________________________

Then two weeks later on Dec. 1, Birdcam sent a notification to new activity. I opened my phone and saw this new video.

Narrator voice: Player three has entered the game.

It was getting colder and colder throughout November, getting ...

2026-02-08T00:54:07Z

In reply to nevent1q…vsx3
_________________________

It was getting colder and colder throughout November, getting down to almost freezing temperatures, high winds, and increasingly harsher weather. I secured some cardboard to the balcony railings so that it would shelter the pigeons from the elements.

OK, so I interfered a little bit, shuddup. :).

Meanwhile, let's take a look at their nest and… granted, ...

2026-02-08T00:52:45Z

In reply to nevent1q…dyjh
_________________________

Meanwhile, let's take a look at their nest and… granted, not much improvement.

(Yes, this is a cybersecurity, cat, and pigeon stan account now.)

We soon found that these pigeons would take turns nesting on ...

2026-02-08T00:51:44Z

In reply to nevent1q…eu3l
_________________________

We soon found that these pigeons would take turns nesting on these eggs, sometimes do a little dance and coo at each other when they would swap, maybe once or twice a day, presumably so they both could go out and eat. To see these birds take such care of their eggs was adorable.

We wanted to keep watch to make sure they were doing OK, while ...

2026-02-08T00:47:37Z

In reply to nevent1q…lu3r
_________________________

We wanted to keep watch to make sure they were doing OK, while not interfering (because nature, y'know?). We knew nothing about pigeons, but were honored that this pigeon chose our balcony to raise their young, so of course this was fine.

Soon after Birdcam went live… holy shit, it's *two* pigeons!

In mid-November, we found our cat Theo transfixed at the window. ...

2026-02-08T00:44:43Z

In reply to nevent1q…4nqv
_________________________

In mid-November, we found our cat Theo transfixed at the window. He was looking at a pigeon and two eggs, just plonked there on the astroturf. As it turns out, pigeons are quite shit at making nests (https://defector.com/why-do-pigeon-nests-look-so-shitty-an-investigation), and it was already starting to get cold out in the NY/NJ area.

The world is on fire, but here's a nice thing. A few months ...

2026-02-08T00:42:35Z

The world is on fire, but here's a nice thing. A few months ago, a pigeon laid two eggs under our outdoor furniture on our balcony. We put a camera in there to keep an eye. The eggs hatched, survived, grew up, flapped their wings, and left the nest. :) Here's what happened & what we learned.

My newsletter https://this.weekinsecurity.com features all of the ...

2026-02-07T13:41:04Z

My newsletter https://this.weekinsecurity.com features all of the most important cybersecurity news, analysis, and reporting that you need to know so you can stay ahead. Plus, good news that you might've missed, and a reader-submitted cyber-cat.

No email link/open tracking!

Sign up (or RSS!) for your weekly dispatch. Out Sundays.

New, by me: I wrote some words for TechCrunch about Sen. Ron ...

2026-02-06T18:09:18Z

New, by me: I wrote some words for TechCrunch about Sen. Ron Wyden's recent unclassified letter to the CIA director, citing his "deep concerns" about the agency's activities. This isn't the first time Wyden has sounded his "siren" — and history tells us why this new letter is likely a big deal.

https://techcrunch.com/2026/02/06/senator-who-has-repeatedly-warned-about-secret-u-s-government-surveillance-sounds-new-alarm-over-cia-activities/

🚨 This is what we call a "Wyden siren." For those who ...

2026-02-04T22:09:50Z

🚨 This is what we call a "Wyden siren." For those who don't know, Ron Wyden (D-OR) is one of the longest serving members of the Senate Intelligence Committee. https://www.wyden.senate.gov/imo/media/doc/wyden_letter_to_d-ciapdf.pdf

I wrote a story about how Homeland Security is using ...

2026-02-03T18:45:06Z

I wrote a story about how Homeland Security is using administrative subpoenas, which aren't subject to judicial oversight, to seek data from tech giants about Trump critics and anonymous accounts of ICE trackers. Features some really great reporting by Bloomberg & Washington Post.

https://techcrunch.com/2026/02/03/homeland-security-is-trying-to-force-tech-companies-to-hand-over-data-about-trump-critics/

NEW: The developer of the long-running and popular open source ...

2026-02-02T18:22:40Z

NEW: The developer of the long-running and popular open source text editor Notepad++ has confirmed that China government-backed hackers hijacked the software's update feature for months during 2025.

The hackers could access computers of victims who were running hijacked versions of Notepad++.

https://techcrunch.com/2026/02/02/notepad-says-chinese-government-hackers-hijacked-its-software-updates-for-months

NEW: A few weeks ago, @npub17l5…4kr3 and I ran a survey asking ...

2026-02-02T12:37:40Z

NEW: A few weeks ago, Dissent Doe :cupofcoffee: (npub17l5…4kr3) and I ran a survey asking security researchers and journalists about the legal and criminal threats they have received for doing their jobs.

Over 100 people responded, and we now have our results.

One of our key findings is that while legal threats and criminal threats are common, most researchers & journalists stood their ground and did not give in to threats.

More: https://this.weekinsecurity.com/new-survey-reveals-how-security-researchers-and-journalists-experience-legal-and-criminal-threats/

Results: https://databreaches.net/2026/02/02/under-pressure-exploring-the-effect-of-legal-and-criminal-threats-on-security-researchers-and-journalists/

PDF: https://databreaches.net/wp-content/uploads/security-researcher-journalist-threats-survey-2026.pdf

NEW, by me: A security and privacy feature rolled out to select ...

2026-01-29T14:53:43Z

NEW, by me: A security and privacy feature rolled out to select models of the latest iPhones and iPads this week will make it more difficult for law enforcement, spies, and malicious hackers to obtain a person's precise location data from their phone provider.

https://techcrunch.com/2026/01/29/apples-new-iphone-and-ipad-security-feature-limits-cell-networks-from-collecting-precise-location-data/

If you could pick one non-U.S. tech, product, or service to ...

2026-01-27T23:12:13Z

If you could pick one non-U.S. tech, product, or service to switch to, what would you recommend, and why? Open-source and self-hosting options welcome!

https://techcrunch.com/2026/01/27/amid-trump-attacks-and-weaponized-sanctions-europeans-look-to-rely-less-on-us-tech/

This is an amazing read about resistance. So many amazing lines ...

2026-01-27T14:31:55Z

This is an amazing read about resistance.

So many amazing lines in this piece, but one that stands out:

"We proved that you can bring a trillion-dollar security apparatus to its knees with one well-aimed rubber cock."

https://www.closertotheedge.net/p/the-dildo-distribution-delegation

After another massive database of usernames and passwords was ...

2026-01-26T14:01:35Z

After another massive database of usernames and passwords was found unprotected and exposed to the internet (without a password of its own, ironic!), I wrote some words about the underlying problem — infostealing malware — and why it powers much of cybercrime today.

Read online: https://this.weekinsecurity.com/another-huge-leak-of-passwords-is-the-tip-of-the-infostealing-iceberg/

Sign up for my weekly newsletter: https://this.weekinsecurity.com

Feels like -5°F (or -20°C) here on the east coast, and my cat ...

2026-01-24T14:51:18Z

Feels like -5°F (or -20°C) here on the east coast, and my cat just wants to sleep.

Always thankful for Techdirt. ...

2026-01-20T17:58:51Z

Always thankful for Techdirt.

https://www.techdirt.com/2026/01/20/everyone-knows-our-mad-kings-greenland-obsession-is-insane-why-wont-congress-stop-it/

NEW, by me: A hacking campaign targeted high-profile Gmail and ...

2026-01-16T17:23:33Z

NEW, by me: A hacking campaign targeted high-profile Gmail and WhatsApp users across the Middle East this week, sent as a phishing lure over WhatsApp.

I obtained a copy of the phishing page and analyzed it with the help of experts. The attack aimed to steal passwords, hijack WhatsApp accounts, and grab victims' location data.

But a bug in the code also *exposed* victims' data, allowing us to see dozens of people who had fallen victim.

More: https://techcrunch.com/2026/01/16/how-a-hacking-campaign-targeted-high-profile-gmail-and-whatsapp-users-across-the-middle-east/

New, by me: Security researcher Eaton Zveare spent weeks trying ...

2026-01-14T16:12:51Z

New, by me: Security researcher Eaton Zveare spent weeks trying to alert a little-known but critical U.S. cargo tech giant that their shipping systems and customers' data were exposed to the web.

After weeks of trying, Zveare asked TechCrunch for help. We were ignored, too. On the third time we emailed the firm's CEO, we included a partial copy of his password to show the seriousness of the flaws.

A couple of hours later, we got a response — from its law firm.

https://techcrunch.com/2026/01/14/us-cargo-tech-company-publicly-exposed-its-shipping-systems-and-customer-data-to-the-web/

This is utterly insane, almost unheard of. This morning, the FBI ...

2026-01-14T14:14:19Z

This is utterly insane, almost unheard of. This morning, the FBI *searched the home* of a Washington Post reporter, and seized her phone and smart watch, as part of an investigation into an alleged leak of classified info. by a government employee. (The federal case appears to be 1:26-mj-00045.)

https://www.washingtonpost.com/national-security/2026/01/14/washington-post-reporter-search/

Daily Beast reports that a DHS whistleblower has leaked the ...

2026-01-13T22:22:26Z

Daily Beast reports that a DHS whistleblower has leaked the personal details of around 4,500 ICE and Border Patrol employees. The data is said to include about 1,800 on-the-ground agents and 150 supervisors.

https://www.thedailybeast.com/personal-details-of-thousands-of-border-patrol-and-ice-goons-allegedly-leaked-in-huge-data-breach/

Betterment was hacked and users' personal data compromised, ...

2026-01-12T18:24:30Z

Betterment was hacked and users' personal data compromised, but you might not know it because the company hid its data breach notice with a "noindex" tag in its web page source code. This tells search engines to ignore the page so people won't see it in search results.

More from TechCrunch: https://techcrunch.com/2026/01/12/fintech-firm-betterment-confirms-data-breach-after-hackers-send-fake-crypto-scam-notification-to-users/

I very much appreciated this essay by Sarah Jeong this morning. ...

2026-01-09T13:33:05Z

I very much appreciated this essay by Sarah Jeong this morning. It's a reminder that reality and truth still matters, even in the face of blatant and brazen lies.

https://www.theverge.com/policy/859055/minneapolis-renee-good-ice-shooting

Are you a security researcher or journalist? We want to hear from ...

2025-12-31T14:30:45Z

Are you a security researcher or journalist? We want to hear from you — please take this survey!

Dissent Doe at DataBreaches, and I, are running this survey to better understand the state of legal demands and criminal threats in cybersecurity. Help us by filling out this survey! (and please share!)

https://forms.gle/yAiNNq2gTqE6ctWU8

New, by @npub1xvw…ksg7 and me: We just published ...

2025-12-26T14:26:37Z

New, by Lorenzo Franceschi-Bicchierai (npub1xvw…ksg7) and me: We just published TechCrunch's annual jealousy list of cybersecurity stories that we *didn’t* publish but wish we had. This is the very best cybersecurity reporting from our friends at competing publications.

https://techcrunch.com/2025/12/26/these-are-the-cybersecurity-stories-we-were-jealous-of-in-2025/

The exposed Uzbek license plate tracking system offers a rare ...

2025-12-23T15:16:25Z

In reply to nevent1q…rkdr
_________________________

The exposed Uzbek license plate tracking system offers a rare glimpse into how these surveillance systems work, and the security and privacy risks associated with the mass monitoring of vehicles and their owners.

Just this week, 404 Media reported finding publicly exposed Flock cameras in the United States.

https://www.404media.co/flock-exposed-its-ai-powered-cameras-to-the-internet-we-tracked-ourselves/

NEW, by me: Uzbekistan exposed its nationwide license plate ...

2025-12-23T15:07:47Z

NEW, by me: Uzbekistan exposed its nationwide license plate surveillance system to the web, no password needed.

The system reveals around a hundred locations around the country where banks of cameras have been placed, including big cities and rural areas. The system contains raw video footage of millions of vehicles and their occupants.

https://techcrunch.com/2025/12/23/inside-uzbekistans-nationwide-license-plate-surveillance-system/

Absolute horror story of a long-time Apple customer who was ...

2025-12-19T23:54:05Z

Absolute horror story of a long-time Apple customer who was locked out of their devices and account with no recourse after redeeming a suspected bad gift card.

Gift card scams are on the rise & increasingly difficult to spot, and can have devastating consequences.

https://this.weekinsecurity.com/apple-nuking-a-customer-account-over-a-bad-gift-card-is-a-warning-for-everyone/

I'm thrilled to have been featured in the EFF's Breachies ...

2025-12-17T21:33:32Z

I'm thrilled to have been featured in the EFF's Breachies for uncovering security lapses in the info-sharing app TeaOnHer and stalkerware app Catwatchful, along with TechCrunch's security desk's coverage of data breaches at Blue Shield of California, PowerSchool, TransUnion, and more. Thanks, EFF!

https://www.eff.org/deeplinks/2025/12/breachies-2025-worst-weirdest-most-impactful-data-breaches-year

This looks like a particularly spicy shituation affecting Cisco ...

2025-12-17T19:17:28Z

This looks like a particularly spicy shituation affecting Cisco customers:

• 10/10 severity zero-day bug in popular Cisco products
• Cisco says China is exploiting bug to hack customers
• Cyberattacks discovered on Dec. 10; disclosed today
• No patches yet. Compromised devices must be wiped

https://techcrunch.com/2025/12/17/cisco-says-chinese-hackers-are-exploiting-its-customers-with-a-new-zero-day/

These are the questions that TechCrunch asked Mixpanel CEO Jen ...

2025-12-17T16:28:34Z

In reply to nevent1q…x6xv
_________________________

These are the questions that TechCrunch asked Mixpanel CEO Jen Taylor about the company's data breach.

If anyone else wants to follow up with any of these questions, be my guest. Mixpanel is welcome to respond to my emails at any time.

If anyone at Mixpanel wants to respond to any of the emails ...

2025-12-17T16:15:29Z

In reply to nevent1q…s4ht
_________________________

If anyone at Mixpanel wants to respond to any of the emails (including the 19+ specific questions) we've sent to CEO Jen Taylor about the company's data breach, please get in touch.

You can reach me at zack.whittaker@techcrunch.com or email me back from any of the messages we've sent!

With news that the data breach at web and phone analytics giant ...

2025-12-16T21:33:46Z

With news that the data breach at web and phone analytics giant Mixpanel includes the viewing habits of Pornhub users, here's my TechCrunch story from early December about why this data breach is a big deal — and what sort of data Mixpanel tracks about millions of ordinary people every day.

https://techcrunch.com/2025/12/02/a-data-breach-at-analytics-giant-mixpanel-leaves-a-lot-of-open-questions/

NEW, by me: Home Depot exposed access to its internal systems for ...

2025-12-12T16:46:32Z

NEW, by me: Home Depot exposed access to its internal systems for a year after an employee posted a private GitHub token online, likely by mistake.

When a security researcher found it and tried to alert Home Depot, he was ignored. I alerted the company, which revoked access, but wouldn't say if it has logs to detect if anyone else found the key.

More: https://techcrunch.com/2025/12/12/home-depot-exposed-access-to-internal-systems-for-a-year-says-researcher/

We found the bug in how Vetco generates PDF documents for its ...

2025-12-10T13:49:54Z

In reply to nevent1q…44mw
_________________________

We found the bug in how Vetco generates PDF documents for its customers. Its PDF page was public and was indexed by Google, which is how we found it. Worse, an IDOR bug in the URL meant it was possible for anyone to obtain customer data by changing the customer's unique ID by a single digit. 🤦

https://techcrunch.com/2025/12/10/petco-takes-down-vetco-website-after-exposing-customers-personal-information/

NEW: Petco has taken down parts of its Vetco website after we ...

2025-12-10T13:44:43Z

NEW: Petco has taken down parts of its Vetco website after we discovered a masive data leak exposing customers' personally identifiable information (and their pets!) to the open web.

After flagging the leak, Petco still took four days to respond. We estimate millions of customers may be affected.

More: https://techcrunch.com/2025/12/10/petco-takes-down-vetco-website-after-exposing-customers-personal-information/

If there's one thing from my ~two decades in journalism I ...

2025-12-07T00:10:09Z

If there's one thing from my ~two decades in journalism I still think about with the hatred that burns with the heat of a thousand suns, it's "stalkerware," a kind of phone surveillance used against millions of people around the world

When a documentary crew from my native U.K. reached out to me after reading some of my work investigating these illegal operations, I jumped at the chance to chat with them.

Here's what I've learned in five years reporting on stalkerware.

https://this.weekinsecurity.com/i-have-investigated-stalkerware-for-five-years-here-is-what-i-have-learned/

Before you log off (or not, for the extremely online), sign up ...

2025-12-06T01:57:27Z

Before you log off (or not, for the extremely online), sign up (or RSS) for my newsletter https://this.weekinsecurity.com for your comprensive guide to the week in cyber — featuring all the news you need to know, and all the stuff you might've missed, and more — hand curated by me. Out Sundays. 🐈‍⬛

I've never understood why some data breach notices say things ...

2025-12-04T20:53:21Z

I've never understood why some data breach notices say things like, "We have no reason to believe that your information was misused..." Like, why do you think a Russian ransomware gang would steal reams of your customers' Social Security numbers? For shits and giggles? No, they're using it for crime. Lots of crime.

Business Insider reports that Oura is planning to expand its Oura ...

2025-11-28T15:14:48Z

Business Insider reports that Oura is planning to expand its Oura wearable rings beyond health tracking to allow for payments, authentication, and more.

Well, Capitan Buzzkill (me) here wrote about Oura's security and privacy practices earlier this year, and found:

• Oura rings *don't* end-to-end encrypt users' health data;
• As such, Oura *can* access its users' data;
• Oura told me that the company *has* received U.S. government demands for users' data.

More: https://this.weekinsecurity.com/oura-ring-deal-raises-valid-concerns-about-users-health-data-security/

New, by me: Router maker TP-Link faces a potential U.S.-wide ban ...

2025-11-26T13:26:24Z

New, by me: Router maker TP-Link faces a potential U.S.-wide ban over its alleged links to China. In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere). Please share!

Read more: https://this.weekinsecurity.com/banning-tp-link-wont-save-america-from-its-own-terrible-cybersecurity

Sign up/RSS for my weekly newsletter: https://this.weekinsecurity.com/

NEW: U.S. banking giants and mortgage lenders are scrambling to ...

2025-11-24T14:23:10Z

NEW: U.S. banking giants and mortgage lenders are scrambling to figure out how much of their customers' non-public banking data was stolen during a cyberattack on a financial tech firm earlier this month.

Customers of at least JPMorgan Chase, Citigroup, and Morgan Stanley are said to be affected.

https://techcrunch.com/2025/11/24/us-banks-scramble-to-assess-data-theft-after-hackers-breach-financial-tech-firm/

New, by me: Protei, a Russian-founded telecoms provider and ...

2025-11-17T13:56:16Z

New, by me: Protei, a Russian-founded telecoms provider and supplier of surveillance and web monitoring technologies, was breached, its website defaced, and its servers raided.

"Another DPI/SORM provider bites the dust," read the company's defaced website.

https://techcrunch.com/2025/11/17/surveillance-tech-provider-protei-was-hacked-its-data-stolen-and-its-website-defaced/

For my blog and newsletter, I wrote about why there have been so ...

2025-11-14T13:08:38Z

For my blog and newsletter, I wrote about why there have been so many data breaches and security lapses this year *alone* involving the mass-exposure of people's driver's licenses and passports — including new details about an exposure of 223,000 government-issued IDs as recently as this week.

Read more: https://this.weekinsecurity.com/it-is-far-too-easy-to-find-leaked-passports-and-drivers-licenses-online/

Sign up/RSS/subscribe: https://this.weekinsecurity.com

My new hacker handle just dropped. ...

2025-11-13T12:55:02Z

My new hacker handle just dropped.

Looks like Elon Musk botched X's passkey and security key ...

2025-11-12T19:43:43Z

Looks like Elon Musk botched X's passkey and security key switchover, and users are reporting that they're getting stuck in endless loops and, in some cases, getting locked out of their accounts.

https://techcrunch.com/2025/11/12/elon-musks-x-botched-its-security-key-switchover-locking-users-out/

According to Nevada's report into its recent ransomware ...

2025-11-11T13:00:36Z

According to Nevada's report into its recent ransomware attack, a state employee "searched Google for a system administration tool to download and was instead shown a malicious advertisement that led to a fraudulent website impersonating the legitimate project."

Yeah, that happens a lot! An ad-blocker is one of your top security and privacy defenses online. If you work in an enterprise org, consider rolling out an ad-blocker to your company network!

Here's more from me: https://this.weekinsecurity.com/why-ad-blockers-are-a-top-security-and-privacy-defense-for-everyone/

Politico is reporting that the breach at the Congressional Budget ...

2025-11-10T21:40:27Z

Politico is reporting that the breach at the Congressional Budget Office is "ongoing."

“Do NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email to CBO staff reads.

https://www.politico.com/live-updates/2025/11/10/congress/cbo-still-under-threat-00644930

We used to think of government spyware targeting only a select ...

2025-11-10T14:41:33Z

We used to think of government spyware targeting only a select few, like terrorists and organized criminals.

But over years, government spyware has been used to hack the phones of journalists, activists, lawyers, politicians, and seemingly regular people — and the pool of victims targeted by governments is quite wide, and larger than people might think.

Here's an explainer by Lorenzo Franceschi-Bicchierai (npub1xvw…ksg7) as to why.

https://techcrunch.com/2025/11/10/why-a-lot-of-people-are-getting-hacked-with-government-spyware/