lorenzofb.bsky.social - Profile | ThreadSky | a Reddit-style client for Bluesky

NEW: Four months after releasing iOS 18.3.1, Apple has published details about a zero-day that it fixed at the time, but did not publicize. This is the iPhone zero-day used against the two European journalists targeted with Paragon spyware, according to Citizen Lab.

submitted 2 days ago • 2 comments

NEW: Researchers found forensic evidence of Paragon's spyware on the iPhones of two journalists. One is Ciro Pellegrino, who works for @fanpage.it. The other is an unnamed prominent European journalist. Looks like the spyware scandal that for now has focused on Italy may expand further in Europe.

submitted 2 days ago • 2 comments

NEW: Someone has defaced a U.S. Department of Health and Human Services with gay and LGBTQ+-themed AI slop spam. The site has been defaced since at least mid-May, and it appears to be part of wider spam campaign. techcrunch.com/2025/06/11/u...

submitted 3 days ago • 2 comments

NEW: @zackwhittaker.com obtained the internal communication that Whole Foods sent its employees about the cyberattack at distributor UNFI. Company said it may take “several days to resolve” and instructed employees to only tell customers that Whole Foods is having “temporary supply challenges.”

submitted 3 days ago • 1 comment

NEW: US grocery distribution giant United Natural Foods (UNFI) said it's working to bring its systems online after a cyberattack. UNFI, which is Whole Foods' primary distributor, said the hack is affecting its ability to fulfill orders. CEO said it was shipping to customers "on a limited basis."

submitted 4 days ago • 0 comments

NEW: Spyware maker Paragon says it cancelled contracts with Italian spy agencies because government refused help investigating spyware attack on journalist. Italian government says it couldn't accept help because it would compromise national security, exposing confidential data to foreign company.

submitted 5 days ago • 1 comment

New: A security researcher found a bug that revealed the private recovery phone number of almost any Google account. TechCrunch verified the bug w/ the researcher, who quickly brute-forced the phone number of a test Google account we had set up.

submitted 5 days ago • 1 comment

New: KiranaPro's co-founder can't rule out an external hack after the startup's data was mysteriously wiped. Indian grocery delivery startup's data loss saga has more holes than Swiss cheese. techcrunch.com/2025/06/06/a...

submitted 7 days ago • 0 comments

NEW: An Italian parliament inquiry concluded that the Italian government used Paragon's spyware to hack activists working to rescue immigrants. The committee, however, said it did not find any evidence that Italy's intelligence agencies (nor anyone else) spied on journalist Francesco Cancellato.

submitted 7 days ago • 0 comments

Classic winning strategy here.

submitted 7 days ago • 0 comments

🤔

submitted 8 days ago • 0 comments

I made this wishlist of cybersecurity books, both fiction and non-fiction, based on the books I like, and those that have been suggested by folks here and on Mastodon. Let me know if I am missing something. bookshop.org/wishlists/9c...

submitted 9 days ago • 2 comments

NEW: Forensic tool maker Cellebrite says it's acquired startup Corellium for ~$200 million. Cellebrite, which relies on finding zero-days to unlock and extract data from phones, said Corellium's technology will help with “accelerated identification of mobile vulnerabilities and exploits.”

submitted 9 days ago • 1 comment

NEW: Ransomware gang Interlock claims responsibility for the Kettering Health hack, posting some alleged stolen data on its dark web site. Data includes private health information, such as patient names, patient numbers, and clinical summaries written by doctors. techcrunch.com/2025/06/04/r...

submitted 10 days ago • 0 comments

Alright infosec hive mind, I asked this a few years ago on Twitter and I'm curious what books I missed since then. What are your favorite fiction AND non-fiction books about hacking, hackers, and cybersecurity? Previously I was told: 1/3

submitted 10 days ago • 19 comments

Always good to talk to Mikko, he's always interesting but this career change was a surprise. That said, with Russia on the border it's a perfectly understandable move. "I do believe anti-drone technology maybe has more importance, and more meaning to it, right now with the war raging on."

submitted 10 days ago • 2 comments

NEW: Qualcomm says they patched three zero-days that are being actively exploited by hackers, according to Google. Patches are out but it's now up to device manufacturers to push them to users. So many devices are still vulnerable. techcrunch.com/2025/06/03/p...

submitted 11 days ago • 0 comments

New: Indian grocery delivery startup KiranaPro has been hacked and all its data has been wiped. The destroyed data included the company’s app code and its servers containing banks of sensitive customer information, including their addresses and payment details. techcrunch.com/2025/06/03/i...

submitted 11 days ago • 3 comments

NEW: Two weeks after practically shutting down all its computer systems because of a ransomware attack, Kettering Health has yet to recover. Patients report not being able to call doctos, get new prescriptions and refills, and having their MRIs, cancer followups, and others appointments cancelled.

submitted 11 days ago • 1 comment

New, by me: Compliance startup Vanta said it's fixing a bug that exposed some customer data to other Vanta customers. One Vanta customer told us that they were notified that some of their data was pulled out of their Vanta instance "into other customers’ instances."

submitted 12 days ago • 2 comments

After years of people complaining about having to track all the silly names security firms give hacking groups, Microsoft/Crowdstrike/Mandiant say they're finally going to stop this. Oh wait, they're not actually going to stop it, they're just going to create a public glossary to list all the names

submitted 12 days ago • 1 comment

NEW: NSO Group is trying to avoid paying $167 million in damages to WhatsApp. In a court filing last week, the spyware maker asked the judge to order a new trial, or reduce the damages amount, arguing that the decision was “outrageous," and "reflects the improper desire to bankrupt NSO."

submitted 12 days ago • 4 comments

We have finished going through the court docs and hearing transcripts from the WhatsApp v. NSO lawsuit. Here's everything we learned, from how NSO's customers use Pegasus, to the spyware's cost. techcrunch.com/2025/05/30/e...

submitted 12 days ago • 0 comments

Why shouldn’t I watch Ghost In The Shell once more tonight?

submitted 15 days ago • 2 comments

NEW: The U.S. government has announced sanctions against FUNNULL and its administrator. FUNNULL is accused of providing infrastructure for pig butchering crypto scams, as well as being the company behind the Polyfill supply chain attack, which pushed malware to victims who visited certain websites.

submitted 16 days ago • 0 comments

For TechCrunch, I wrote about Thinkst Canary, a bootstrapped maker of honeypots (for catching hackers), which this month marks its 10th anniversary. The company now brings in $20 million in ARR without VC funding or an outbound sales team. Refreshing at a time when cyber is dominated by VC dollars.

submitted 16 days ago • 2 comments

NEW: Victoria's Secret says it's experiencing an unspecified "security incident," as its website and online orders face days of outages. Company told us it enacted its response protocols, engaged third-party experts, and took down its website and some in store services. w/ @lorenzofb.bsky.social:

submitted 16 days ago • 2 comments

New, by me: Data broker giant LexisNexis has revealed that its risk solutions unit (think "know your customer," risk assessing, due diligence, and law enforcement assistance) was breached, affecting the personal data and Social Security numbers of at least 364,000 people.

NEW: Four months after releasing iOS 18.3.1, Apple has published details about a zero-day that it fixed at the time, but did not publicize. This is the iPhone zero-day used against the two European journalists targeted with Paragon spyware, according to Citizen Lab.

NEW: Researchers found forensic evidence of Paragon's spyware on the iPhones of two journalists. One is Ciro Pellegrino, who works for @fanpage.it. The other is an unnamed prominent European journalist. Looks like the spyware scandal that for now has focused on Italy may expand further in Europe.

NEW: Someone has defaced a U.S. Department of Health and Human Services with gay and LGBTQ+-themed AI slop spam. The site has been defaced since at least mid-May, and it appears to be part of wider spam campaign. techcrunch.com/2025/06/11/u...

NEW: US grocery distribution giant United Natural Foods (UNFI) said it's working to bring its systems online after a cyberattack. UNFI, which is Whole Foods' primary distributor, said the hack is affecting its ability to fulfill orders. CEO said it was shipping to customers "on a limited basis."

NEW: Spyware maker Paragon says it cancelled contracts with Italian spy agencies because government refused help investigating spyware attack on journalist. Italian government says it couldn't accept help because it would compromise national security, exposing confidential data to foreign company.

New: A security researcher found a bug that revealed the private recovery phone number of almost any Google account. TechCrunch verified the bug w/ the researcher, who quickly brute-forced the phone number of a test Google account we had set up.

New: KiranaPro's co-founder can't rule out an external hack after the startup's data was mysteriously wiped. Indian grocery delivery startup's data loss saga has more holes than Swiss cheese. techcrunch.com/2025/06/06/a...

NEW: An Italian parliament inquiry concluded that the Italian government used Paragon's spyware to hack activists working to rescue immigrants. The committee, however, said it did not find any evidence that Italy's intelligence agencies (nor anyone else) spied on journalist Francesco Cancellato.

Classic winning strategy here.

🤔

I made this wishlist of cybersecurity books, both fiction and non-fiction, based on the books I like, and those that have been suggested by folks here and on Mastodon. Let me know if I am missing something. bookshop.org/wishlists/9c...

NEW: Forensic tool maker Cellebrite says it's acquired startup Corellium for ~$200 million. Cellebrite, which relies on finding zero-days to unlock and extract data from phones, said Corellium's technology will help with “accelerated identification of mobile vulnerabilities and exploits.”

NEW: Ransomware gang Interlock claims responsibility for the Kettering Health hack, posting some alleged stolen data on its dark web site. Data includes private health information, such as patient names, patient numbers, and clinical summaries written by doctors. techcrunch.com/2025/06/04/r...

Alright infosec hive mind, I asked this a few years ago on Twitter and I'm curious what books I missed since then. What are your favorite fiction AND non-fiction books about hacking, hackers, and cybersecurity? Previously I was told: 1/3

Always good to talk to Mikko, he's always interesting but this career change was a surprise. That said, with Russia on the border it's a perfectly understandable move. "I do believe anti-drone technology maybe has more importance, and more meaning to it, right now with the war raging on."

NEW: Qualcomm says they patched three zero-days that are being actively exploited by hackers, according to Google. Patches are out but it's now up to device manufacturers to push them to users. So many devices are still vulnerable. techcrunch.com/2025/06/03/p...

New: Indian grocery delivery startup KiranaPro has been hacked and all its data has been wiped. The destroyed data included the company’s app code and its servers containing banks of sensitive customer information, including their addresses and payment details. techcrunch.com/2025/06/03/i...

NEW: Two weeks after practically shutting down all its computer systems because of a ransomware attack, Kettering Health has yet to recover. Patients report not being able to call doctos, get new prescriptions and refills, and having their MRIs, cancer followups, and others appointments cancelled.

New, by me: Compliance startup Vanta said it's fixing a bug that exposed some customer data to other Vanta customers. One Vanta customer told us that they were notified that some of their data was pulled out of their Vanta instance "into other customers’ instances."

After years of people complaining about having to track all the silly names security firms give hacking groups, Microsoft/Crowdstrike/Mandiant say they're finally going to stop this. Oh wait, they're not actually going to stop it, they're just going to create a public glossary to list all the names

NEW: NSO Group is trying to avoid paying $167 million in damages to WhatsApp. In a court filing last week, the spyware maker asked the judge to order a new trial, or reduce the damages amount, arguing that the decision was “outrageous," and "reflects the improper desire to bankrupt NSO."

We have finished going through the court docs and hearing transcripts from the WhatsApp v. NSO lawsuit. Here's everything we learned, from how NSO's customers use Pegasus, to the spyware's cost. techcrunch.com/2025/05/30/e...

Why shouldn’t I watch Ghost In The Shell once more tonight?

NEW: The U.S. government has announced sanctions against FUNNULL and its administrator. FUNNULL is accused of providing infrastructure for pig butchering crypto scams, as well as being the company behind the Polyfill supply chain attack, which pushed malware to victims who visited certain websites.

For TechCrunch, I wrote about Thinkst Canary, a bootstrapped maker of honeypots (for catching hackers), which this month marks its 10th anniversary. The company now brings in $20 million in ARR without VC funding or an outbound sales team. Refreshing at a time when cyber is dominated by VC dollars.

NEW: Victoria's Secret says it's experiencing an unspecified "security incident," as its website and online orders face days of outages. Company told us it enacted its response protocols, engaged third-party experts, and took down its website and some in store services. w/ @lorenzofb.bsky.social:

New, by me: Data broker giant LexisNexis has revealed that its risk solutions unit (think "know your customer," risk assessing, due diligence, and law enforcement assistance) was breached, affecting the personal data and Social Security numbers of at least 364,000 people.

Is there actually an infosec BlueSky? If so I think I’m missing it.

You say it like it’s a bad thing.