Profile avatar
lorenzofb.bsky.social
Real-time historian of the late cyber capitalist era @TechCrunch. Posts about infosec, surveillance by day. 🍕, ⚽️, 🎸, 🎮 by night. ☎️ Signal: +1 917 257 1382 Past lives: VICE Motherboard, Mashable, WIRED.
357 posts 17,015 followers 2,408 following
Prolific Poster
Conversation Starter
Posts 31 Comments 19

NEW: Researchers found forensic evidence of Paragon's spyware on the iPhones of two journalists. One is Ciro Pellegrino, who works for @fanpage.it. The other is an unnamed prominent European journalist. Looks like the spyware scandal that for now has focused on Italy may expand further in Europe.

submitted 2 hours ago • 1 comment

NEW: Someone has defaced a U.S. Department of Health and Human Services with gay and LGBTQ+-themed AI slop spam. The site has been defaced since at least mid-May, and it appears to be part of wider spam campaign. techcrunch.com/2025/06/11/u...

submitted 20 hours ago • 2 comments

NEW: @zackwhittaker.com obtained the internal communication that Whole Foods sent its employees about the cyberattack at distributor UNFI. Company said it may take “several days to resolve” and instructed employees to only tell customers that Whole Foods is having “temporary supply challenges.”

submitted 1 day ago • 1 comment

NEW: US grocery distribution giant United Natural Foods (UNFI) said it's working to bring its systems online after a cyberattack. UNFI, which is Whole Foods' primary distributor, said the hack is affecting its ability to fulfill orders. CEO said it was shipping to customers "on a limited basis."

submitted 2 days ago • 0 comments

NEW: Spyware maker Paragon says it cancelled contracts with Italian spy agencies because government refused help investigating spyware attack on journalist. Italian government says it couldn't accept help because it would compromise national security, exposing confidential data to foreign company.

submitted 2 days ago • 1 comment

New: A security researcher found a bug that revealed the private recovery phone number of almost any Google account. TechCrunch verified the bug w/ the researcher, who quickly brute-forced the phone number of a test Google account we had set up.

submitted 3 days ago • 1 comment

New: KiranaPro's co-founder can't rule out an external hack after the startup's data was mysteriously wiped. Indian grocery delivery startup's data loss saga has more holes than Swiss cheese. techcrunch.com/2025/06/06/a...

submitted 5 days ago • 0 comments

NEW: An Italian parliament inquiry concluded that the Italian government used Paragon's spyware to hack activists working to rescue immigrants. The committee, however, said it did not find any evidence that Italy's intelligence agencies (nor anyone else) spied on journalist Francesco Cancellato.

submitted 5 days ago • 0 comments

Classic winning strategy here.

submitted 5 days ago • 0 comments

🤔

submitted 6 days ago • 0 comments

I made this wishlist of cybersecurity books, both fiction and non-fiction, based on the books I like, and those that have been suggested by folks here and on Mastodon. Let me know if I am missing something. bookshop.org/wishlists/9c...

submitted 6 days ago • 2 comments

NEW: Forensic tool maker Cellebrite says it's acquired startup Corellium for ~$200 million. Cellebrite, which relies on finding zero-days to unlock and extract data from phones, said Corellium's technology will help with “accelerated identification of mobile vulnerabilities and exploits.”

submitted 7 days ago • 1 comment

NEW: Ransomware gang Interlock claims responsibility for the Kettering Health hack, posting some alleged stolen data on its dark web site. Data includes private health information, such as patient names, patient numbers, and clinical summaries written by doctors. techcrunch.com/2025/06/04/r...

submitted 7 days ago • 0 comments

Alright infosec hive mind, I asked this a few years ago on Twitter and I'm curious what books I missed since then. What are your favorite fiction AND non-fiction books about hacking, hackers, and cybersecurity? Previously I was told: 1/3

submitted 7 days ago • 19 comments

Always good to talk to Mikko, he's always interesting but this career change was a surprise. That said, with Russia on the border it's a perfectly understandable move. "I do believe anti-drone technology maybe has more importance, and more meaning to it, right now with the war raging on."

submitted 8 days ago • 2 comments

NEW: Qualcomm says they patched three zero-days that are being actively exploited by hackers, according to Google. Patches are out but it's now up to device manufacturers to push them to users. So many devices are still vulnerable. techcrunch.com/2025/06/03/p...

submitted 8 days ago • 0 comments

New: Indian grocery delivery startup KiranaPro has been hacked and all its data has been wiped. The destroyed data included the company’s app code and its servers containing banks of sensitive customer information, including their addresses and payment details. techcrunch.com/2025/06/03/i...

submitted 8 days ago • 3 comments

NEW: Two weeks after practically shutting down all its computer systems because of a ransomware attack, Kettering Health has yet to recover. Patients report not being able to call doctos, get new prescriptions and refills, and having their MRIs, cancer followups, and others appointments cancelled.

submitted 9 days ago • 1 comment

New, by me: Compliance startup Vanta said it's fixing a bug that exposed some customer data to other Vanta customers. One Vanta customer told us that they were notified that some of their data was pulled out of their Vanta instance "into other customers’ instances."

submitted 9 days ago • 2 comments

After years of people complaining about having to track all the silly names security firms give hacking groups, Microsoft/Crowdstrike/Mandiant say they're finally going to stop this. Oh wait, they're not actually going to stop it, they're just going to create a public glossary to list all the names

submitted 9 days ago • 1 comment

NEW: NSO Group is trying to avoid paying $167 million in damages to WhatsApp. In a court filing last week, the spyware maker asked the judge to order a new trial, or reduce the damages amount, arguing that the decision was “outrageous," and "reflects the improper desire to bankrupt NSO."

submitted 9 days ago • 4 comments

We have finished going through the court docs and hearing transcripts from the WhatsApp v. NSO lawsuit. Here's everything we learned, from how NSO's customers use Pegasus, to the spyware's cost. techcrunch.com/2025/05/30/e...

submitted 10 days ago • 0 comments

Why shouldn’t I watch Ghost In The Shell once more tonight?

submitted 13 days ago • 2 comments

NEW: The U.S. government has announced sanctions against FUNNULL and its administrator. FUNNULL is accused of providing infrastructure for pig butchering crypto scams, as well as being the company behind the Polyfill supply chain attack, which pushed malware to victims who visited certain websites.

submitted 13 days ago • 0 comments

For TechCrunch, I wrote about Thinkst Canary, a bootstrapped maker of honeypots (for catching hackers), which this month marks its 10th anniversary. The company now brings in $20 million in ARR without VC funding or an outbound sales team. Refreshing at a time when cyber is dominated by VC dollars.

submitted 14 days ago • 2 comments

NEW: Victoria's Secret says it's experiencing an unspecified "security incident," as its website and online orders face days of outages. Company told us it enacted its response protocols, engaged third-party experts, and took down its website and some in store services. w/ @lorenzofb.bsky.social:

submitted 14 days ago • 2 comments

New, by me: Data broker giant LexisNexis has revealed that its risk solutions unit (think "know your customer," risk assessing, due diligence, and law enforcement assistance) was breached, affecting the personal data and Social Security numbers of at least 364,000 people.

submitted 15 days ago • 6 comments

Is there actually an infosec BlueSky? If so I think I’m missing it.

submitted 16 days ago • 19 comments

You say it like it’s a bad thing.

submitted 16 days ago • 0 comments

🇪🇸 Hace mas de una década, Kaspersky descubrió un misterioso grupo de hackers al que llamó Careto, que estaba hackeando a Cuba y otros gobiernos. Casi instantaneamente, el grupo desapareció completamente—hasta el año pasado. Kaspersky nunca ha dicho quien està detras de Careto. Ahora lo sabemos.

submitted 17 days ago • 1 comment

Growing up is choosing not to email the dumb Spanish right wing newspaper that copy pasted your article and only included the link — without naming TechCrunch — on two small words. But growing up is also posting this without naming the newspaper and writing: cabrones!

submitted 17 days ago • 0 comments