NEW: We spoke to the Italian journalist who was targeted on WhatsApp with government spyware made by Paragon.
“I feel violated,” Francesco Cancellato told me. “It is actually quite strange for a journalist to be spied on in a Western democracy.”
Cancellato is the director of Fanpage.it, which last year published a damning investigation on the youth wing of the current far-right government in Italy.
Full story, which includes the text of the notification he received from WhatsApp, here:
http://techcrunch.com/2025/02/03/journalist-targeted-on-whatsapp-by-paragon-spyware-i-feel-violated/
=> More informations about this toot | View the thread
Italian journalist Francesco Cancellato said he was one of the targets of the hacking campaign, after he received the notification from WhatsApp.
"It is also our interest to know, if it is possible to do so, who ordered this espionage activity,” he said.
https://x.com/fcancellato/status/1885424788237082900
=> More informations about this toot | View the thread
We updated the story to include new details from WhatsApp: the targets were in more than two dozen countries, including countries in Europe.
https://techcrunch.com/2025/01/31/whatsapp-says-it-disrupted-a-hacking-campaign-targeting-journalists-with-spyware/
=> More informations about this toot | View the thread
NEW: WhatsApp says it has notified 90 victims, including journalists and members of civil society, that they were targeted with spyware made by Paragon.
The company said the technique used in the campaign, which relied on malicious PDFs sent via chat groups, has now been fixed.
This is the first time that Paragon is linked to alleged abuse of its products.
https://techcrunch.com/2025/01/31/whatsapp-says-it-disrupted-a-hacking-campaign-targeting-journalists-with-spyware/
=> More informations about this toot | View the thread
We uploaded the criminal complaint against the alleged administrator of Nulled, Lucas Sohn, as well as the seizure warrant for the Nulled domain here.
https://www.documentcloud.org/projects/220556-cracked-and-nulled-hacking-forums-takedown/
=> More informations about this toot | View the thread
We updated the story to include Automattic's comment, which they send today.
https://techcrunch.com/2025/01/29/hackers-are-hijacking-wordpress-sites-to-push-windows-and-mac-malware/
=> More informations about this toot | View the thread
NEW: The U.S. Department of Justice says that the hacking forum Cracked, which was seized and shut down, affected 17 million of Americans.
One victims is a woman who was allegedly “cyberstalked,” “sextorted,” and harassed by someone using a tool to search for stolen credentials offered on the forum, according to the DOJ.
https://techcrunch.com/2025/01/30/us-justice-department-says-cybercrime-forum-allegedly-affected-17-million-americans/
=> More informations about this toot | View the thread
NEW: An international coalition of law enforcement agencies announced it has seized and taken down two prominent hacking forums with more than 10 million users.
German police called Cracked and Nulled “the world’s two largest trading platforms for cybercrime.”
Operation has also led to several arrests, searches of properties, as well as seizure of servers, electronic devices, cash, and cryptocurrency.
https://techcrunch.com/2025/01/30/international-police-coalition-takes-down-two-prolific-cybercrime-and-hacking-forums/
=> More informations about this toot | View the thread
NEW: Hackers are hijacking several WordPress sites to "spray and pray" Windows and MacOS infostealing malware, according to a cybersecurity firm.
Company says there are thousands of compromised websites and as of yesterday the hacking campaign was “very much live.”
The websites were displaying a fake Chrome browser update page, we saw one of these pages yesterday.
https://techcrunch.com/2025/01/29/hackers-are-hijacking-wordpress-sites-to-push-windows-and-mac-malware/
=> More informations about this toot | View the thread
NEW: Apple's new iOS 18.3 fixes a zero-day bug that “may have been actively exploited” — meaning hackers were using it to compromise devices.
Not details on who was behind it, or who they were targeting. It's the first iPhone in the wild bug of 2025.
https://techcrunch.com/2025/01/28/apple-fixes-zero-day-flaw-affecting-all-devices/
=> More informations about this toot | View the thread
With iOS 18.3, Apple is switching Apple Intelligence on by default (for newer devices). Given how faulty it is, and maybe for other concerns (environment, ethical), you may want to switch it off.
Here's how to do it:
https://techcrunch.com/2025/01/27/how-to-switch-off-apple-intelligence-on-your-iphone-ipad-and-mac/
=> More informations about this toot | View the thread
NEW: A security researcher found a hidden feature in the Waymo app that let her customize the robotaxi's top display.
Waymo restricted access to the feature after Wong tweeted about it.
https://techcrunch.com/2025/01/23/hidden-waymo-feature-let-researcher-customize-robotaxis-display/
=> More informations about this toot | View the thread
UPDATE: In case you thought this was not a politically-motivated decision, here's what DHS just told us:
“Effective immediately, the Department of Homeland Security will no longer tolerate any advisory committee which push agendas that attempt to undermine its national security mission, the President’s agenda or Constitutional rights of Americans.”
=> More informations about this toot | View the thread
NEW: The Trump administration has fired members of the Cyber Safety Review Board, a committee that was lauded for its investigation into the Microsoft hacks of 2023, and was working on the recent Salt Typhoon telco hacks.
One source called it a “horribly shortsighted” decision.
https://techcrunch.com/2025/01/22/trump-administration-fires-members-of-cybersecurity-review-board-in-horribly-shortsighted-decision/
=> More informations about this toot | View the thread
After we wrote about the zero-day/spyware maker Epsilon, which is based in Barcelona, the company has started adding more information on its website.
Offices in: Barcelona, Ottawa, Paris, Saskatoon.
Company says it works with "allied countries" to "do the right thing."
=> More informations about this toot | View the thread
NEW: After the "massive" PowerSchool breach, and partly because of the company initial response, school workers had to band together an help each other investigate the hack.
“We need our friends to act quickly because they can’t really trust PowerSchool’s information right now," said Adam Larsen who does tech at a school that wasn't impacted, but who still helped others out, told me.
https://techcrunch.com/2025/01/18/how-victims-of-powerschools-data-breach-helped-each-other-investigate-massive-hack/
=> More informations about this toot | View the thread
NEW: The U.S., Greece, Poland, and other governments called for regulating and controlling proliferation of spyware at a United Nations Security Council meeting on Tuesday.
This is first time commercial spyware is discussed at the UN Security Council.
China dismissed concerns about spyware, and Russia blamed the United States for creating "a veritable system for global surveillance."
https://techcrunch.com/2025/01/15/governments-call-for-spyware-regulations-in-un-security-council-meeting/
=> More informations about this toot | View the thread
At a meeting of the United Nations Security Council yesterday,
Citizen Lab's John Scott-Railton mentioned our story on Barcelona's spyware ecosystem.
=> More informations about this toot | View the thread
NEW: I looked into how Barcelona became an unexpected hotbed for spyware startups in recent years.
There are now companies led by Israelis, French, and Italian security researchers. We name some in the article.
Some people in civil society see this as a concerning development.
Here's the full story, based on interviews with people who work in the offensive cybersecurity industry, as well as business records:
https://techcrunch.com/2025/01/13/how-barcelona-became-an-unlikely-hub-for-spyware-startups/
=> More informations about this toot | View the thread
NEW: A year after seizing two cryptocurrency mixing services, the U.S. government is now accusing three Russian citizens of money laundering for their roles in operating those websites.
Two of the suspects have been arrested, one remains at large, per DOJ.
https://techcrunch.com/2025/01/10/us-government-charges-operators-of-crypto-mixing-service-used-by-north-korea-and-ransomware-gangs/
=> More informations about this toot | View the thread
=> This profile with reblog | Go to lorenzofb@infosec.exchange account This content has been proxied by September (3851b).Proxy Information
text/gemini
