Profile avatar
lorenzofb.bsky.social
Real-time historian of the late cyber capitalist era @TechCrunch. Posts about infosec, surveillance by day. 🍕, ⚽️, 🎸, 🎮 by night. ☎️ Signal: +1 917 257 1382 Past lives: VICE Motherboard, Mashable, WIRED.
349 posts 16,986 followers 2,407 following
Regular Contributor
Active Commenter
Posts 29 Comments 21

NEW: An Italian parliament inquiry concluded that the Italian government used Paragon's spyware to hack activists working to rescue immigrants. The committee, however, said it did not find any evidence that Italy's intelligence agencies (nor anyone else) spied on journalist Francesco Cancellato.

submitted 4 hours ago • 0 comments

Classic winning strategy here.

submitted 4 hours ago • 0 comments

🤔

submitted 1 day ago • 0 comments

I made this wishlist of cybersecurity books, both fiction and non-fiction, based on the books I like, and those that have been suggested by folks here and on Mastodon. Let me know if I am missing something. bookshop.org/wishlists/9c...

submitted 1 day ago • 1 comment

NEW: Forensic tool maker Cellebrite says it's acquired startup Corellium for ~$200 million. Cellebrite, which relies on finding zero-days to unlock and extract data from phones, said Corellium's technology will help with “accelerated identification of mobile vulnerabilities and exploits.”

submitted 1 day ago • 1 comment

NEW: Ransomware gang Interlock claims responsibility for the Kettering Health hack, posting some alleged stolen data on its dark web site. Data includes private health information, such as patient names, patient numbers, and clinical summaries written by doctors. techcrunch.com/2025/06/04/r...

submitted 2 days ago • 0 comments

Alright infosec hive mind, I asked this a few years ago on Twitter and I'm curious what books I missed since then. What are your favorite fiction AND non-fiction books about hacking, hackers, and cybersecurity? Previously I was told: 1/3

submitted 2 days ago • 19 comments

Always good to talk to Mikko, he's always interesting but this career change was a surprise. That said, with Russia on the border it's a perfectly understandable move. "I do believe anti-drone technology maybe has more importance, and more meaning to it, right now with the war raging on."

submitted 2 days ago • 2 comments

NEW: Qualcomm says they patched three zero-days that are being actively exploited by hackers, according to Google. Patches are out but it's now up to device manufacturers to push them to users. So many devices are still vulnerable. techcrunch.com/2025/06/03/p...

submitted 3 days ago • 0 comments

New: Indian grocery delivery startup KiranaPro has been hacked and all its data has been wiped. The destroyed data included the company’s app code and its servers containing banks of sensitive customer information, including their addresses and payment details. techcrunch.com/2025/06/03/i...

submitted 3 days ago • 3 comments

NEW: Two weeks after practically shutting down all its computer systems because of a ransomware attack, Kettering Health has yet to recover. Patients report not being able to call doctos, get new prescriptions and refills, and having their MRIs, cancer followups, and others appointments cancelled.

submitted 3 days ago • 1 comment

New, by me: Compliance startup Vanta said it's fixing a bug that exposed some customer data to other Vanta customers. One Vanta customer told us that they were notified that some of their data was pulled out of their Vanta instance "into other customers’ instances."

submitted 4 days ago • 2 comments

After years of people complaining about having to track all the silly names security firms give hacking groups, Microsoft/Crowdstrike/Mandiant say they're finally going to stop this. Oh wait, they're not actually going to stop it, they're just going to create a public glossary to list all the names

submitted 4 days ago • 1 comment

NEW: NSO Group is trying to avoid paying $167 million in damages to WhatsApp. In a court filing last week, the spyware maker asked the judge to order a new trial, or reduce the damages amount, arguing that the decision was “outrageous," and "reflects the improper desire to bankrupt NSO."

submitted 4 days ago • 4 comments

We have finished going through the court docs and hearing transcripts from the WhatsApp v. NSO lawsuit. Here's everything we learned, from how NSO's customers use Pegasus, to the spyware's cost. techcrunch.com/2025/05/30/e...

submitted 4 days ago • 0 comments

Why shouldn’t I watch Ghost In The Shell once more tonight?

submitted 8 days ago • 2 comments

NEW: The U.S. government has announced sanctions against FUNNULL and its administrator. FUNNULL is accused of providing infrastructure for pig butchering crypto scams, as well as being the company behind the Polyfill supply chain attack, which pushed malware to victims who visited certain websites.

submitted 8 days ago • 0 comments

For TechCrunch, I wrote about Thinkst Canary, a bootstrapped maker of honeypots (for catching hackers), which this month marks its 10th anniversary. The company now brings in $20 million in ARR without VC funding or an outbound sales team. Refreshing at a time when cyber is dominated by VC dollars.

submitted 8 days ago • 2 comments

NEW: Victoria's Secret says it's experiencing an unspecified "security incident," as its website and online orders face days of outages. Company told us it enacted its response protocols, engaged third-party experts, and took down its website and some in store services. w/ @lorenzofb.bsky.social:

submitted 9 days ago • 2 comments

New, by me: Data broker giant LexisNexis has revealed that its risk solutions unit (think "know your customer," risk assessing, due diligence, and law enforcement assistance) was breached, affecting the personal data and Social Security numbers of at least 364,000 people.

submitted 9 days ago • 6 comments

Is there actually an infosec BlueSky? If so I think I’m missing it.

submitted 11 days ago • 20 comments

You say it like it’s a bad thing.

submitted 11 days ago • 0 comments

🇪🇸 Hace mas de una década, Kaspersky descubrió un misterioso grupo de hackers al que llamó Careto, que estaba hackeando a Cuba y otros gobiernos. Casi instantaneamente, el grupo desapareció completamente—hasta el año pasado. Kaspersky nunca ha dicho quien està detras de Careto. Ahora lo sabemos.

submitted 11 days ago • 1 comment

Growing up is choosing not to email the dumb Spanish right wing newspaper that copy pasted your article and only included the link — without naming TechCrunch — on two small words. But growing up is also posting this without naming the newspaper and writing: cabrones!

submitted 11 days ago • 0 comments

NEW: More than a decade ago, Kaspersky discovered a mysterious "elite" hacking group it called Careto (aka “The Mask”), which then vanished and only resurfaced last year. We can now reveal that the researchers who investigated it were confident that the Spanish government was behind it.

submitted 14 days ago • 6 comments

Aaaargh. What’s a good alternative?

submitted 15 days ago • 6 comments

New from 404 Media: iconic hacking con HOPE has sold 50% fewer tickets this year, with event just a few months away. Organizers say it's due to U.S. immigration crackdown. A speaker already pulled out, said friends' devices seized at border. Will impact the event www.404media.co/hacker-confe...

submitted 15 days ago • 5 comments

NEW: Sen. Ron Wyden says AT&T, T-Mobile, and Verizon were not notifying senators of surveillance requests, despite being required to do so. Wyden also revealed — without naming it — that one carrier secretly turned over Senate data to law enforcement. techcrunch.com/2025/05/21/w...

submitted 16 days ago • 4 comments

Coinbase confirmed that over 69,000 customers had personal and financial information stolen in its recent data breach.

submitted 16 days ago • 1 comment