Lorenzo Franceschi-Bicchierai
@lorenzofb.bsky.social
Real-time historian of the late cyber capitalist era @TechCrunch, writing about the intersection of hackers, human rights, and spies.
Also writing a book about Hacking Team and the history of government spyware.
☎️ Signal: +1 917 257 1382
Also writing a book about Hacking Team and the history of government spyware.
☎️ Signal: +1 917 257 1382
Pinned
Do you have any tips about cybersecurity, surveillance, spyware, zero-days...all things cyber?
Contact me here:
☎️ Signal: + 1 917 257 1382
📷Keybase/Telegram: lorenzofb
Contact me here:
☎️ Signal: + 1 917 257 1382
📷Keybase/Telegram: lorenzofb
Reposted by Lorenzo Franceschi-Bicchierai
NEW: A hacking campaign targeted high-profile Gmail and WhatsApp users across the Middle East this week.
I obtained a copy of the phishing page & analyzed it with the help of experts. The page stole passwords, hijacked WhatsApp accounts, and took location data.
A bug also *exposed* victims' data.
I obtained a copy of the phishing page & analyzed it with the help of experts. The page stole passwords, hijacked WhatsApp accounts, and took location data.
A bug also *exposed* victims' data.
How a hacking campaign targeted high-profile Gmail and WhatsApp users across the Middle East | TechCrunch
The phishing campaign targeted users on WhatsApp, including an Iranian-British activist, and stole the credentials of a Lebanese cabinet minister and at least one journalist.
techcrunch.com
January 16, 2026 at 5:24 PM
NEW: A hacking campaign targeted high-profile Gmail and WhatsApp users across the Middle East this week.
I obtained a copy of the phishing page & analyzed it with the help of experts. The page stole passwords, hijacked WhatsApp accounts, and took location data.
A bug also *exposed* victims' data.
I obtained a copy of the phishing page & analyzed it with the help of experts. The page stole passwords, hijacked WhatsApp accounts, and took location data.
A bug also *exposed* victims' data.
Reposted by Lorenzo Franceschi-Bicchierai
New: meet ELITE, the Palantir app ICE is using to find neighborhoods to raid. Map interface; officers search for immigrants; click person to bring up individual dossier. This is clearest link between what Palantir is building and ICE's activities on the ground yet www.404media.co/elite-the-pa...
‘ELITE’: The Palantir App ICE Uses to Find Neighborhoods to Raid
Internal ICE material and testimony from an official obtained by 404 Media provides the clearest link yet between the technological infrastructure Palantir is building for ICE and the agency’s activit...
www.404media.co
January 15, 2026 at 2:06 PM
New: meet ELITE, the Palantir app ICE is using to find neighborhoods to raid. Map interface; officers search for immigrants; click person to bring up individual dossier. This is clearest link between what Palantir is building and ICE's activities on the ground yet www.404media.co/elite-the-pa...
NEW: Iran is entering its second week (170 hours and counting) of a nationwide internet blackout, now one of the longest in history.
The ongoing shutdown is helping the Iranian authorities hide their brutal crackdown on protesters, which has killed more than 2,000 people according to one estimate.
The ongoing shutdown is helping the Iranian authorities hide their brutal crackdown on protesters, which has killed more than 2,000 people according to one estimate.
Iran’s internet shutdown is now one of its longest ever, as protests continue | TechCrunch
Iran’s government-imposed internet shutdown enters its second week as authorities continue their violent crackdown on protesters.
techcrunch.com
January 15, 2026 at 6:51 PM
NEW: Iran is entering its second week (170 hours and counting) of a nationwide internet blackout, now one of the longest in history.
The ongoing shutdown is helping the Iranian authorities hide their brutal crackdown on protesters, which has killed more than 2,000 people according to one estimate.
The ongoing shutdown is helping the Iranian authorities hide their brutal crackdown on protesters, which has killed more than 2,000 people according to one estimate.
Reposted by Lorenzo Franceschi-Bicchierai
🇨🇴Colombia's Justice Minister said on 13 January that his phone was hacked with Pegasus #spyware, linking it to his investigation into suspected collusion between senior officials and left-wing guerillas.
www.straitstimes.com/world/second...
www.straitstimes.com/world/second...
Second Colombia minister claims cellphone hacked with Pegasus spyware
Justice Minister Andres Idarraga says his phone was tapped in 2025 using the Israeli spyware. Read more at straitstimes.com. Read more at straitstimes.com.
www.straitstimes.com
January 14, 2026 at 2:37 AM
🇨🇴Colombia's Justice Minister said on 13 January that his phone was hacked with Pegasus #spyware, linking it to his investigation into suspected collusion between senior officials and left-wing guerillas.
www.straitstimes.com/world/second...
www.straitstimes.com/world/second...
Reposted by Lorenzo Franceschi-Bicchierai
New, by me: Security researcher Eaton Zveare spent weeks trying to alert a little-known but critical U.S. cargo tech giant that their shipping systems and customers' data were exposed to the web.
After weeks of trying, Zveare asked TechCrunch for help. We heard back! ...from the company's law firm.
After weeks of trying, Zveare asked TechCrunch for help. We heard back! ...from the company's law firm.
Exclusive: US cargo tech company publicly exposed its shipping systems and customer data to the web
Shipping tech company Bluspark left internal plaintext passwords, including those of executives, exposed to the internet, at a time when hacks in the shipping industry are on the rise.
techcrunch.com
January 14, 2026 at 4:14 PM
New, by me: Security researcher Eaton Zveare spent weeks trying to alert a little-known but critical U.S. cargo tech giant that their shipping systems and customers' data were exposed to the web.
After weeks of trying, Zveare asked TechCrunch for help. We heard back! ...from the company's law firm.
After weeks of trying, Zveare asked TechCrunch for help. We heard back! ...from the company's law firm.
NEW: 24-year-old Nicholas Moore will plead guilty to hacking the U.S. Supreme Court electronic filing system in 2023.
There aren't a lot of public details about this case for now. It will be interesting to find out what he accessed or stole.
techcrunch.com/2026/01/13/m...
There aren't a lot of public details about this case for now. It will be interesting to find out what he accessed or stole.
techcrunch.com/2026/01/13/m...
Man to plead guilty to hacking US Supreme Court filing system | TechCrunch
A 24-year-old from Tennessee is expected to admit to accessing the Supreme Court’s electronic filing system without authorization dozens of times throughout 2023.
techcrunch.com
January 13, 2026 at 7:06 PM
NEW: 24-year-old Nicholas Moore will plead guilty to hacking the U.S. Supreme Court electronic filing system in 2023.
There aren't a lot of public details about this case for now. It will be interesting to find out what he accessed or stole.
techcrunch.com/2026/01/13/m...
There aren't a lot of public details about this case for now. It will be interesting to find out what he accessed or stole.
techcrunch.com/2026/01/13/m...
I love this detail too!
January 13, 2026 at 2:47 PM
I love this detail too!
And yes, those faces are mine, @josephcox.bsky.social's and @thomasbrewster.bsky.social's.
Without a doubt the most hilarious response I've ever seen to any of my articles in the ~13 years of my career.
Without a doubt the most hilarious response I've ever seen to any of my articles in the ~13 years of my career.
January 13, 2026 at 2:46 PM
And yes, those faces are mine, @josephcox.bsky.social's and @thomasbrewster.bsky.social's.
Without a doubt the most hilarious response I've ever seen to any of my articles in the ~13 years of my career.
Without a doubt the most hilarious response I've ever seen to any of my articles in the ~13 years of my career.
This morning I woke up and wondered if this ""blog post"" was still up...and it is!
The context here is a series of stories exposing FlexiSpy as enabling the surveillance of unsuspecting and unconsentig adults, mostly people in abusive relationships.
The owner was so mad he wrote this. Good times.
The context here is a series of stories exposing FlexiSpy as enabling the surveillance of unsuspecting and unconsentig adults, mostly people in abusive relationships.
The owner was so mad he wrote this. Good times.
Caught in Mickey’s Mousetrap – Why Motherboard Is Too Scared to Write About Disney - FlexiSPY Blog
After publishing our post last week regarding the Disney class-action lawsuit — you know, the one where Disney is being sued for spying on children under 13 who use their apps and then selling the dat...
blog.flexispy.com
January 13, 2026 at 2:46 PM
This morning I woke up and wondered if this ""blog post"" was still up...and it is!
The context here is a series of stories exposing FlexiSpy as enabling the surveillance of unsuspecting and unconsentig adults, mostly people in abusive relationships.
The owner was so mad he wrote this. Good times.
The context here is a series of stories exposing FlexiSpy as enabling the surveillance of unsuspecting and unconsentig adults, mostly people in abusive relationships.
The owner was so mad he wrote this. Good times.
This always works.
January 12, 2026 at 8:09 PM
This always works.
NEW: Betterment said hackers gained access to some customers' "names, email addresses and postal addresses, phone numbers, and dates of birth," and then used that info to send a crypto-related phishing attack.
The hackers reportedly made a few thousand dollars.
The hackers reportedly made a few thousand dollars.
Fintech firm Betterment confirms data breach after hackers send fake crypto scam notification to users | TechCrunch
Hackers gained access to some Betterment customers’ personal information through a social engineering attack, then targeted some of them with a crypto-related phishing message.
techcrunch.com
January 12, 2026 at 6:17 PM
NEW: Betterment said hackers gained access to some customers' "names, email addresses and postal addresses, phone numbers, and dates of birth," and then used that info to send a crypto-related phishing attack.
The hackers reportedly made a few thousand dollars.
The hackers reportedly made a few thousand dollars.
It is a sign of destiny I think
January 10, 2026 at 4:30 PM
It is a sign of destiny I think
Reposted by Lorenzo Franceschi-Bicchierai
Some more thoughts on ICE protests and the tools described in this 404 article: www.404media.co/inside-ices-...
Inside ICE’s Tool to Monitor Phones in Entire Neighborhoods
404 Media has obtained material that explains how Tangles and Webloc, two surveillance systems ICE recently purchased, work. Webloc can track phones without a warrant and follow their owners home or t...
www.404media.co
January 9, 2026 at 6:39 PM
Some more thoughts on ICE protests and the tools described in this 404 article: www.404media.co/inside-ices-...
Iran has now been in a near complete internet blackout for more than 24 hours and counting. There was a small and partial restoration but it appears that's gone too.
bsky.app/profile/eldo...
bsky.app/profile/eldo...
January 9, 2026 at 5:31 PM
Iran has now been in a near complete internet blackout for more than 24 hours and counting. There was a small and partial restoration but it appears that's gone too.
bsky.app/profile/eldo...
bsky.app/profile/eldo...
This is one interesting detail in the report. I think here NSO suggests that they procure zero-days from outside researchers or brokers.
January 8, 2026 at 9:09 PM
This is one interesting detail in the report. I think here NSO suggests that they procure zero-days from outside researchers or brokers.
As of 18:45 UTC (1:45 pm ET/10:15 Tehran time) the internet has dropped to zero in Iran, according to Kertik. (Chart via eldomador.bsky.social)
January 8, 2026 at 8:47 PM
As of 18:45 UTC (1:45 pm ET/10:15 Tehran time) the internet has dropped to zero in Iran, according to Kertik. (Chart via eldomador.bsky.social)
NEW: NSO Group has released a transparency report that is even less transparent than its own previous transparency reports, as it contains no data or information on customers at all.
Experts say the report is just an attempt to appease and push the U.S. government to be removed from a blocklist.
Experts say the report is just an attempt to appease and push the U.S. government to be removed from a blocklist.
Critics pan spyware maker NSO's transparency claims amid its push to enter US market | TechCrunch
The infamous spyware maker released a new transparency report claiming to be a responsible spyware maker, without providing insight into how the company dealt with problematic customers in the past.
techcrunch.com
January 8, 2026 at 7:17 PM
NEW: NSO Group has released a transparency report that is even less transparent than its own previous transparency reports, as it contains no data or information on customers at all.
Experts say the report is just an attempt to appease and push the U.S. government to be removed from a blocklist.
Experts say the report is just an attempt to appease and push the U.S. government to be removed from a blocklist.
NEW: The internet in Iran is nearly completely shut down, according to internet monitoring firms.
The blackout comes in the midst of countrywide protests that have lasted for days after spikes in prices and shortages of basic goods. The govenrment has responded with a violent crackdown.
The blackout comes in the midst of countrywide protests that have lasted for days after spikes in prices and shortages of basic goods. The govenrment has responded with a violent crackdown.
Internet collapses in Iran amid protests over economic crisis | TechCrunch
Internet monitoring firms and experts say Iran’s internet has almost completely shut down, as protests spread through major cities.
techcrunch.com
January 8, 2026 at 6:36 PM
NEW: The internet in Iran is nearly completely shut down, according to internet monitoring firms.
The blackout comes in the midst of countrywide protests that have lasted for days after spikes in prices and shortages of basic goods. The govenrment has responded with a violent crackdown.
The blackout comes in the midst of countrywide protests that have lasted for days after spikes in prices and shortages of basic goods. The govenrment has responded with a violent crackdown.
It’s probably a good time to re-read this. www.vice.com/en/article/t...
The Hollowing Middle of the Surveillance Malware Market
Companies will have to choose between law enforcement in the West and authoritarian countries.
www.vice.com
January 6, 2026 at 8:47 PM
It’s probably a good time to re-read this. www.vice.com/en/article/t...
Intelligence Online has revealed the identities of two previously unknown spyware makers. The market is probably bigger than we realize.
"Among the government bodies listed on documents seen by Intelligence Online are 🇵🇰Pakistan and its defence ministry, 🇮🇩Indonesia's State Intelligence Agency, the 🇲🇲Myanmar Police Force, 🇲🇽Mexico's army and navy and 🇻🇪Venezuela's defence ministry."
www.intelligenceonline.com/americas/202...
www.intelligenceonline.com/americas/202...
January 6, 2026 at 8:37 PM
Intelligence Online has revealed the identities of two previously unknown spyware makers. The market is probably bigger than we realize.
This could set a precedent for more prosecutions of stalkerware makers. Unfortunately the problem is that many of these companies are run from outside of the United States. Also the key, I think, is to show that they are specifically marketing their products to spy on adults without their consent.
NEW, by me: Bryan Fleming, the Michigan-based founder of spyware maker pcTattletale, pleaded guilty in federal court to hacking & advertising surveillance software Tuesday.
ICE/HSI brought the case. It's the DOJ's first federal successful prosecution of a stalkerware operator in over a decade.
ICE/HSI brought the case. It's the DOJ's first federal successful prosecution of a stalkerware operator in over a decade.
Founder of spyware maker pcTattletale pleads guilty to hacking and advertising surveillance software | TechCrunch
Bryan Fleming, the founder of hacked stalkerware company pcTattletale, pleaded guilty to federal charges linked to the running of his now-defunct Michigan-based spyware company.
techcrunch.com
January 6, 2026 at 7:52 PM
This could set a precedent for more prosecutions of stalkerware makers. Unfortunately the problem is that many of these companies are run from outside of the United States. Also the key, I think, is to show that they are specifically marketing their products to spy on adults without their consent.
Congrats and good luck!
January 6, 2026 at 4:19 PM
Congrats and good luck!
NEW: A hacktivist dressed as Pink Ranger from the Power Rangers wiped three white supremacist websites on stage at the end of a talk at a hacker conference.
The hacker also published users’ data on the website okstupid.lol.
The three sites are still down, a week after the live hack.
The hacker also published users’ data on the website okstupid.lol.
The three sites are still down, a week after the live hack.
Hacktivist deletes white supremacist websites live on stage during hacker conference | TechCrunch
A hacker known as Martha Root broke in and deleted three white supremacists websites at the end of a talk during the annual hacker conference Chaos Communication Congress in Germany.
techcrunch.com
January 5, 2026 at 6:58 PM
NEW: A hacktivist dressed as Pink Ranger from the Power Rangers wiped three white supremacist websites on stage at the end of a talk at a hacker conference.
The hacker also published users’ data on the website okstupid.lol.
The three sites are still down, a week after the live hack.
The hacker also published users’ data on the website okstupid.lol.
The three sites are still down, a week after the live hack.
Reposted by Lorenzo Franceschi-Bicchierai
New year, new this.weekinsecurity.com newsletter, with all the cyber news you need to know. Includes: MongoBleed under global exploitation; Condé Nast data breach; Kimwolf's growing botnet; U.S. lifts sanctions on spyware executives, EU hackers call for digital independence from U.S. tech, and more.
this week in security — january 4 2026 edition
MongoBleed bug exploited globally, U.S. lifts sanctions on spyware executives, calls for digital independence from Silicon Valley, Kimwolf's huge botnet, and more.
this.weekinsecurity.com
January 4, 2026 at 4:36 PM
New year, new this.weekinsecurity.com newsletter, with all the cyber news you need to know. Includes: MongoBleed under global exploitation; Condé Nast data breach; Kimwolf's growing botnet; U.S. lifts sanctions on spyware executives, EU hackers call for digital independence from U.S. tech, and more.