Profile avatar
lorenzofb.bsky.social
Real-time historian of the late cyber capitalist era @TechCrunch. Posts about infosec, surveillance by day. 🍕, ⚽️, 🎸, 🎮 by night. ☎️ Signal: +1 917 257 1382 Past lives: VICE Motherboard, Mashable, WIRED.
354 posts 17,011 followers 2,408 following
Regular Contributor
Active Commenter

NEW: @zackwhittaker.com obtained the internal communication that Whole Foods sent its employees about the cyberattack at distributor UNFI. Company said it may take “several days to resolve” and instructed employees to only tell customers that Whole Foods is having “temporary supply challenges.”

NEW: US grocery distribution giant United Natural Foods (UNFI) said it's working to bring its systems online after a cyberattack. UNFI, which is Whole Foods' primary distributor, said the hack is affecting its ability to fulfill orders. CEO said it was shipping to customers "on a limited basis."

NEW: Spyware maker Paragon says it cancelled contracts with Italian spy agencies because government refused help investigating spyware attack on journalist. Italian government says it couldn't accept help because it would compromise national security, exposing confidential data to foreign company.

New: A security researcher found a bug that revealed the private recovery phone number of almost any Google account. TechCrunch verified the bug w/ the researcher, who quickly brute-forced the phone number of a test Google account we had set up.

New: KiranaPro's co-founder can't rule out an external hack after the startup's data was mysteriously wiped. Indian grocery delivery startup's data loss saga has more holes than Swiss cheese. techcrunch.com/2025/06/06/a...

NEW: An Italian parliament inquiry concluded that the Italian government used Paragon's spyware to hack activists working to rescue immigrants. The committee, however, said it did not find any evidence that Italy's intelligence agencies (nor anyone else) spied on journalist Francesco Cancellato.

Classic winning strategy here.

🤔

I made this wishlist of cybersecurity books, both fiction and non-fiction, based on the books I like, and those that have been suggested by folks here and on Mastodon. Let me know if I am missing something. bookshop.org/wishlists/9c...

NEW: Forensic tool maker Cellebrite says it's acquired startup Corellium for ~$200 million. Cellebrite, which relies on finding zero-days to unlock and extract data from phones, said Corellium's technology will help with “accelerated identification of mobile vulnerabilities and exploits.”

NEW: Ransomware gang Interlock claims responsibility for the Kettering Health hack, posting some alleged stolen data on its dark web site. Data includes private health information, such as patient names, patient numbers, and clinical summaries written by doctors. techcrunch.com/2025/06/04/r...

Alright infosec hive mind, I asked this a few years ago on Twitter and I'm curious what books I missed since then. What are your favorite fiction AND non-fiction books about hacking, hackers, and cybersecurity? Previously I was told: 1/3

Always good to talk to Mikko, he's always interesting but this career change was a surprise. That said, with Russia on the border it's a perfectly understandable move. "I do believe anti-drone technology maybe has more importance, and more meaning to it, right now with the war raging on."

NEW: Qualcomm says they patched three zero-days that are being actively exploited by hackers, according to Google. Patches are out but it's now up to device manufacturers to push them to users. So many devices are still vulnerable. techcrunch.com/2025/06/03/p...

New: Indian grocery delivery startup KiranaPro has been hacked and all its data has been wiped. The destroyed data included the company’s app code and its servers containing banks of sensitive customer information, including their addresses and payment details. techcrunch.com/2025/06/03/i...

NEW: Two weeks after practically shutting down all its computer systems because of a ransomware attack, Kettering Health has yet to recover. Patients report not being able to call doctos, get new prescriptions and refills, and having their MRIs, cancer followups, and others appointments cancelled.

New, by me: Compliance startup Vanta said it's fixing a bug that exposed some customer data to other Vanta customers. One Vanta customer told us that they were notified that some of their data was pulled out of their Vanta instance "into other customers’ instances."

After years of people complaining about having to track all the silly names security firms give hacking groups, Microsoft/Crowdstrike/Mandiant say they're finally going to stop this. Oh wait, they're not actually going to stop it, they're just going to create a public glossary to list all the names

NEW: NSO Group is trying to avoid paying $167 million in damages to WhatsApp. In a court filing last week, the spyware maker asked the judge to order a new trial, or reduce the damages amount, arguing that the decision was “outrageous," and "reflects the improper desire to bankrupt NSO."

We have finished going through the court docs and hearing transcripts from the WhatsApp v. NSO lawsuit. Here's everything we learned, from how NSO's customers use Pegasus, to the spyware's cost. techcrunch.com/2025/05/30/e...

Why shouldn’t I watch Ghost In The Shell once more tonight?

NEW: The U.S. government has announced sanctions against FUNNULL and its administrator. FUNNULL is accused of providing infrastructure for pig butchering crypto scams, as well as being the company behind the Polyfill supply chain attack, which pushed malware to victims who visited certain websites.

For TechCrunch, I wrote about Thinkst Canary, a bootstrapped maker of honeypots (for catching hackers), which this month marks its 10th anniversary. The company now brings in $20 million in ARR without VC funding or an outbound sales team. Refreshing at a time when cyber is dominated by VC dollars.

NEW: Victoria's Secret says it's experiencing an unspecified "security incident," as its website and online orders face days of outages. Company told us it enacted its response protocols, engaged third-party experts, and took down its website and some in store services. w/ @lorenzofb.bsky.social:

New, by me: Data broker giant LexisNexis has revealed that its risk solutions unit (think "know your customer," risk assessing, due diligence, and law enforcement assistance) was breached, affecting the personal data and Social Security numbers of at least 364,000 people.

Is there actually an infosec BlueSky? If so I think I’m missing it.

You say it like it’s a bad thing.

🇪🇸 Hace mas de una década, Kaspersky descubrió un misterioso grupo de hackers al que llamó Careto, que estaba hackeando a Cuba y otros gobiernos. Casi instantaneamente, el grupo desapareció completamente—hasta el año pasado. Kaspersky nunca ha dicho quien està detras de Careto. Ahora lo sabemos.

Growing up is choosing not to email the dumb Spanish right wing newspaper that copy pasted your article and only included the link — without naming TechCrunch — on two small words. But growing up is also posting this without naming the newspaper and writing: cabrones!