Profile avatar
zackwhittaker.com
Security editor, TechCrunch Signal: zackwhittaker.1337 mastodon.social/@zackwhittaker this.weekinsecurity.com
237 posts 13,622 followers 175 following
Prolific Poster
Posts 45 Comments 5

It's been 12 years(!) since the first document leaked by Edward Snowden was published — a classified FISA court order requiring Verizon to hand over phone metadata on a daily rolling basis.

submitted 17 hours ago • 0 comments

Future historians will look back on this period like the end of the Roman Empire but with shitposting

submitted 18 hours ago • 5 comments

So this week, Palantir told me I was banned from its booth at a tech conference (didn’t give a reason) & threatened to call the cops if I came back In recent days, Palantir has been increasingly defensive toward multiple journalists and perceived critics: www.wired.com/story/palant...

submitted 18 hours ago • 39 comments

Rep. Jerry Nadler’s office shared surveillance footage with Gothamist that shows the lead-up to last week’s dramatic confrontation between his staff and federal officers, which ended with a congressional aide being handcuffed: bit.ly/4dLOGSA

submitted 19 hours ago • 1 comment

Something I missed yesterday was that the State Department has offered a $10mil reward for the RedLine infostealer developer The most interesting part is that the US believes he acted "at the direction or under the control of a foreign government." rewardsforjustice.net/rewards/maxi...

submitted 22 hours ago • 0 comments

Good news! The same company building the domestic intelligence data panopticon is going to check you out at your local grocery!

submitted 22 hours ago • 5 comments

NEW: Cellebrite, maker of phone unlocking tech, to buy mobile testing startup Corellium for $170 million.

submitted 1 day ago • 0 comments

NEW: Ransomware gang Interlock claims responsibility for the Kettering Health hack, posting some alleged stolen data on its dark web site. Data includes private health information, such as patient names, patient numbers, and clinical summaries written by doctors. techcrunch.com/2025/06/04/r...

submitted 1 day ago • 0 comments

New from 404 Media: Apple gave governments data related to thousands of push notifications. Governments request this data in attempt to identify person behind devices. Sometimes include unencrypted push notification content www.404media.co/apple-gave-g...

submitted 1 day ago • 6 comments

Lee Enterprises, the newspaper publishing giant that was hit by a ransomware attack in February, causing widespread disruption to dozens of U.S. media outlets, has confirmed the cyberattack resulted in the theft of ~40,000 employees’ personal data.

submitted 1 day ago • 0 comments

UNC6040 is a new financially-driven threat gang "specifically designed to compromise organization’s Salesforce instances for large-scale data theft and subsequent extortion." Expect a wave of extortion attempts at big companies; sounds similar in tactics to the Snowflake data thefts last year.

submitted 1 day ago • 1 comment

Good morning, internet, and welcome to a new publication that @garnethenderson.com and I have been working on for months

submitted 2 days ago • 20 comments

NEW: Qualcomm says they patched three zero-days that are being actively exploited by hackers, according to Google. Patches are out but it's now up to device manufacturers to push them to users. So many devices are still vulnerable. techcrunch.com/2025/06/03/p...

submitted 2 days ago • 0 comments

New: Indian grocery delivery startup KiranaPro has been hacked and all its data has been wiped. The destroyed data included the company’s app code and its servers containing banks of sensitive customer information, including their addresses and payment details. techcrunch.com/2025/06/03/i...

submitted 2 days ago • 3 comments

Indian grocery startup KiranaPro was hit by a destructive cyberattack, and its servers containing customer data wiped. @journalistjagmeet.com spoke with the company's founder.

submitted 2 days ago • 0 comments

NEW: Two weeks after practically shutting down all its computer systems because of a ransomware attack, Kettering Health has yet to recover. Patients report not being able to call doctos, get new prescriptions and refills, and having their MRIs, cancer followups, and others appointments cancelled.

submitted 3 days ago • 1 comment

Elon Musk says XChat is rolling out to all, but questions remain about its alleged security techcrunch.com/2025/...

submitted 3 days ago • 1 comment

some ~personal news~

submitted 3 days ago • 9 comments

New, by me: Compliance startup Vanta said it's fixing a bug that exposed some customer data to other Vanta customers. One Vanta customer told us that they were notified that some of their data was pulled out of their Vanta instance "into other customers’ instances."

submitted 3 days ago • 2 comments

NEW: NSO Group is trying to avoid paying $167 million in damages to WhatsApp. In a court filing last week, the spyware maker asked the judge to order a new trial, or reduce the damages amount, arguing that the decision was “outrageous," and "reflects the improper desire to bankrupt NSO."

submitted 3 days ago • 4 comments

We have finished going through the court docs and hearing transcripts from the WhatsApp v. NSO lawsuit. Here's everything we learned, from how NSO's customers use Pegasus, to the spyware's cost. techcrunch.com/2025/05/30/e...

submitted 4 days ago • 0 comments

Before you log off for the weekend, sign up for my free weekly cybersecurity newsletter ~this week in security~ to catch up on all the cyber news you need to know from the week. Plus, the happy corner of good news and a weekly cyber cat. It's out Sundays and doesn't track email opens or link clicks.

submitted 6 days ago • 0 comments

German law enforcement says it knows the identity of the elusive and notably effective Russian cybercrime boss "Stern." Story with @mattburgess1.bsky.social www.wired.com/story/stern-...

submitted 7 days ago • 3 comments

Before you log off for the weekend, sign up for my free weekly cybersecurity newsletter ~this week in security~ to catch up on all the cyber news you need to know from the week. Plus, the happy corner of good news and a weekly cyber cat. It's out Sundays and doesn't track email opens or link clicks.

submitted 6 days ago • 0 comments

New: White House says it's investigating after a hacker reportedly accessed the phone contacts of Trump's chief of staff Susie Wiles. WH spox. wouldn't say if the feds had any evidence that her contacts were stolen via access a cloud account associated with her phone, or if targeted by spyware.

submitted 6 days ago • 6 comments

Hackers stole contact info from personal phone of White House Chief of Staff Susie Wiles then made calls & sent texts impersonating her to senators, governors and business executives - some of the calls apparently used deepfake to impersonate her voice. The calls/texts were not sent from her phone

submitted 7 days ago • 12 comments

Same.

submitted 7 days ago • 1 comment

SentinelOne has restored services after an hours-long outage today that keep security teams from being to able to monitor the threats on their systems. S1's customers include major gov't agencies and companies. more on @axios.com: www.axios.com/2025/05/29/s...

submitted 7 days ago • 0 comments

NEW: The U.S. government has announced sanctions against FUNNULL and its administrator. FUNNULL is accused of providing infrastructure for pig butchering crypto scams, as well as being the company behind the Polyfill supply chain attack, which pushed malware to victims who visited certain websites.

submitted 7 days ago • 0 comments

I had a fun conversation with Luke recently, check it out!

submitted 7 days ago • 0 comments

For TechCrunch, I wrote about Thinkst Canary, a bootstrapped maker of honeypots (for catching hackers), which this month marks its 10th anniversary. The company now brings in $20 million in ARR without VC funding or an outbound sales team. Refreshing at a time when cyber is dominated by VC dollars.

submitted 7 days ago • 2 comments

NEW: The US government has collected DNA from over 100,000 migrant children—including a 4-year-old—and uploaded their genetic profiles into a national biometric database meant for sex offenders and violent criminals. www.wired.com/story/cbp-dn...

submitted 8 days ago • 20 comments

NEW: Victoria's Secret says it's experiencing an unspecified "security incident," as its website and online orders face days of outages. Company told us it enacted its response protocols, engaged third-party experts, and took down its website and some in store services. w/ @lorenzofb.bsky.social:

submitted 8 days ago • 2 comments

AI will take your job as soon as it figures out what year it is

submitted 8 days ago • 28 comments

New, by me: Data broker giant LexisNexis has revealed that its risk solutions unit (think "know your customer," risk assessing, due diligence, and law enforcement assistance) was breached, affecting the personal data and Social Security numbers of at least 364,000 people.

submitted 8 days ago • 6 comments

Border czar Tom Homan, captain of the "zero tolerance" policy that split migrant parents from their kids, was paid money by the private-prison company that profits off detaining immigrants. Drain the swamp www.washingtonpost.com/business/202... @douglasmac.bsky.social @aaronschaffer.com

submitted 10 days ago • 47 comments

I am currently working too hard so she’s doing everything she can to tell me to ease up

submitted 10 days ago • 3 comments

Check it out. I just published TeleMessage Explorer: a new open source research tool micahflee.com/telemessage-...

submitted 10 days ago • 3 comments

If you're a fan of cyber news but don't know where to begin, my newsletter ~this week in security~ is a weekly roundup of all the cyber news you need to know, plus the happy corner and a weekly featured cyber cat. No email open or link tracking. Out Sundays. Sign up now to get this week's edition.

submitted 32 days ago • 0 comments

“It appeared the Careto hackers were interested in Cuba because during that time there were members of the Basque terrorist organization ETA in the country.” techcrunch.com/2025/05/23/m...

submitted 12 days ago • 1 comment

NEW: More than a decade ago, Kaspersky discovered a mysterious "elite" hacking group it called Careto (aka “The Mask”), which then vanished and only resurfaced last year. We can now reveal that the researchers who investigated it were confident that the Spanish government was behind it.

submitted 14 days ago • 6 comments

NEW by @lorenzofb.bsky.social: A mysterious government hacking group called "Careto" (aka "The Mask") was once one of the "most advanced threats" of its time, but was never publicly linked to a specific government. Researchers privately concluded that Careto was working for the Spanish government.

submitted 14 days ago • 1 comment

Some good news! DanaBot takedown and charges revealed today! This is a massive win for defenders and the community. www.justice.gov/usao-cdca/pr... Proofpoint also published a brief history of DanaBot today, including examples of the espionage overlap. www.proofpoint.com/us/blog/thre...

submitted 14 days ago • 3 comments

If you need a Pocket replacement, Wallabag is a great open-source "read later" service. It's self-hosted, or you can have it hosted for literally a few dollars every year. Well worth it, and I've found Wallabag to be as good as (if not better than) Pocket. wallabag.org

submitted 14 days ago • 1 comment

Looks like the Trump administration's immigration crackdown is already affecting U.S.-based hacker conferences, like HOPE. One speaker has already pulled out from HOPE citing the mass deportation efforts. Curious to see how this'll also affect Black Hat, Def Con and other U.S. cyber & hacker cons.

submitted 14 days ago • 6 comments