Zach Edwards
@thezedwards.bsky.social
data supply auditor | privacy & ad tech expert | internet threats
Personal @ victorymedium.com
Sr Threat Analyst @ SilentPush.com
Personal @ victorymedium.com
Sr Threat Analyst @ SilentPush.com
I also had a nice video call with Meg Whitman and some folks on her team when this research came out. There was some very interesting shenanigans being conducted by one of their vendors that I found and they immediately went 10 alarm fire on them about it. Was a solid response plan imo! 🖖
just reported another subtle email address data supply chain breach to a major corporation who yeeted my email to their vendors due to a dumb URL structure -- this problem always comes up! some of my previous research on it: www.nytimes.com/2020/04/29/b...
Quibi, JetBlue and Others Gave Away Email Addresses, Report Says (Published 2020)
www.nytimes.com
January 22, 2026 at 2:25 AM
I also had a nice video call with Meg Whitman and some folks on her team when this research came out. There was some very interesting shenanigans being conducted by one of their vendors that I found and they immediately went 10 alarm fire on them about it. Was a solid response plan imo! 🖖
just reported another subtle email address data supply chain breach to a major corporation who yeeted my email to their vendors due to a dumb URL structure -- this problem always comes up! some of my previous research on it: www.nytimes.com/2020/04/29/b...
Quibi, JetBlue and Others Gave Away Email Addresses, Report Says (Published 2020)
www.nytimes.com
January 22, 2026 at 2:13 AM
just reported another subtle email address data supply chain breach to a major corporation who yeeted my email to their vendors due to a dumb URL structure -- this problem always comes up! some of my previous research on it: www.nytimes.com/2020/04/29/b...
We need to dramatically improve ad libraries as a core way to slow down scams.
We got Meta’s “general global playbook” for defeating advertiser verification regulations, which the company knows would reduce scams. It includes making scam ads “not findable” for regulators searching Meta’s ad library through targeted scrubbing.
www.reuters.com/investigatio...
www.reuters.com/investigatio...
Meta created ‘playbook’ to fend off pressure to crack down on scammers, documents show
As regulators pressure Meta to verify the identity of advertisers on Facebook and Instagram, the social media giant has drafted a “playbook” to stall them. A Reuters investigation examines its tactics...
www.reuters.com
December 31, 2025 at 9:06 PM
We need to dramatically improve ad libraries as a core way to slow down scams.
that feeling when you finish and publish the massive client report you've been working on for ages right before the new year
a basketball game between the heat and the lakers is being played
Alt: a basketball game between the heat and the lakers is being played - kobe bryant makes a fade away jump shot as a defender tries to block it at the buzzer, the shot is perfect and goes in to win the game as the clock goes to zero above the backboard.
media.tenor.com
December 31, 2025 at 2:47 AM
that feeling when you finish and publish the massive client report you've been working on for ages right before the new year
Reposted by Zach Edwards
As both the House & Senate look to repeal Section 230, I'm curious who they think should be held liable for the comments they've left open on the Epstein photo dump...? Them? Dropbox?
Do they have a trust & safety team watching the comments?
Do they have a trust & safety team watching the comments?
absolutely wild move by @oversightdemocrats.house.gov to allow comments on the dropbox folder with the epstein photos
December 18, 2025 at 9:49 PM
As both the House & Senate look to repeal Section 230, I'm curious who they think should be held liable for the comments they've left open on the Epstein photo dump...? Them? Dropbox?
Do they have a trust & safety team watching the comments?
Do they have a trust & safety team watching the comments?
My Youtube account was unsuspended but the video in question is still private. Based on their vague feedback it seems possible that YouTube now has a tool to scrape videos for URLs (like from my screen sharing research session) and then flag videos which in any way reference a known malicious URL.
YouTube suspended my ~15+ year old account and all my videos due to a video I recorded about scammers targeting US government and military offices, which was embedded into articles like @ www.vice.com/en/article/w... from @josephcox.bsky.social
I was likely targeted by a mass reporting campaign.🤡
I was likely targeted by a mass reporting campaign.🤡
December 17, 2025 at 6:03 PM
My Youtube account was unsuspended but the video in question is still private. Based on their vague feedback it seems possible that YouTube now has a tool to scrape videos for URLs (like from my screen sharing research session) and then flag videos which in any way reference a known malicious URL.
Today our team at @silentpush.bsky.social released research we’ve been working on all year – a magnum opus 39-page report on the state of Bulletproof Hosting Providers.
Brief thread with some details
Read the report @ www.silentpush.com/white-papers...
Brief thread with some details
Read the report @ www.silentpush.com/white-papers...
December 15, 2025 at 7:31 PM
Today our team at @silentpush.bsky.social released research we’ve been working on all year – a magnum opus 39-page report on the state of Bulletproof Hosting Providers.
Brief thread with some details
Read the report @ www.silentpush.com/white-papers...
Brief thread with some details
Read the report @ www.silentpush.com/white-papers...
Reposted by Zach Edwards
We found the bug in how Vetco generates PDF documents for its customers. Its PDF page was public and was indexed by Google, which is how we found it. Worse, an IDOR bug in the URL meant it was possible for anyone to obtain customer data by changing the customer's unique ID by a single digit. 🤦
Exclusive: Petco takes down Vetco website after exposing customers' personal information
TechCrunch found Petco's veterinary clinics were spilling customers' personal information and medical histories of their pets.
techcrunch.com
December 10, 2025 at 1:49 PM
We found the bug in how Vetco generates PDF documents for its customers. Its PDF page was public and was indexed by Google, which is how we found it. Worse, an IDOR bug in the URL meant it was possible for anyone to obtain customer data by changing the customer's unique ID by a single digit. 🤦
Found a "great deal" in about 30 seconds of hunting -- 1k abuse reports on YouTube for $100 - a mere 10 cents per report! This is the type of bot farm product that shit birds use when they want to harass researchers and other folks.
December 13, 2025 at 6:17 PM
Found a "great deal" in about 30 seconds of hunting -- 1k abuse reports on YouTube for $100 - a mere 10 cents per report! This is the type of bot farm product that shit birds use when they want to harass researchers and other folks.
YouTube suspended my ~15+ year old account and all my videos due to a video I recorded about scammers targeting US government and military offices, which was embedded into articles like @ www.vice.com/en/article/w... from @josephcox.bsky.social
I was likely targeted by a mass reporting campaign.🤡
I was likely targeted by a mass reporting campaign.🤡
December 12, 2025 at 4:18 PM
YouTube suspended my ~15+ year old account and all my videos due to a video I recorded about scammers targeting US government and military offices, which was embedded into articles like @ www.vice.com/en/article/w... from @josephcox.bsky.social
I was likely targeted by a mass reporting campaign.🤡
I was likely targeted by a mass reporting campaign.🤡
The new *free* FireFox VPN which has been tested for months (windowsreport.com/firefox-is-t...) is likely on the horizon for a wider release based on recent comments that a VP / head of Product at Firefox made on Linkedin.
Google couldn't even get a free VPN + abandoned their $$ "Google One VPN"
Google couldn't even get a free VPN + abandoned their $$ "Google One VPN"
Firefox Is Testing a Free, Built-In “Browser-Only” VPN
Mozilla is testing a free, built-in VPN in Firefox to improve online privacy. The browser-only VPN hides your IP and encrypts traffic while you browse.
windowsreport.com
December 4, 2025 at 4:56 PM
The new *free* FireFox VPN which has been tested for months (windowsreport.com/firefox-is-t...) is likely on the horizon for a wider release based on recent comments that a VP / head of Product at Firefox made on Linkedin.
Google couldn't even get a free VPN + abandoned their $$ "Google One VPN"
Google couldn't even get a free VPN + abandoned their $$ "Google One VPN"
SS7 is gonna remain a dumpster fire security threat and China will continue to exploit it if we can’t even have simple cybersecurity requirements for the telecom industry.
Breaking: The FCC has voted 2-1 along party lines to eliminate cybersecurity requirements for telecom companies that the commission adopted at the end of the Biden administration.
Telecoms had lobbied for the change. Democrats said it would invite another Salt Typhoon.
Story coming shortly.
Telecoms had lobbied for the change. Democrats said it would invite another Salt Typhoon.
Story coming shortly.
November 20, 2025 at 4:42 PM
SS7 is gonna remain a dumpster fire security threat and China will continue to exploit it if we can’t even have simple cybersecurity requirements for the telecom industry.
a 5+ year old bug ticket was finally closed by Google - this was actually the last significant investigation into Chrome extensions that I did because the feedback loop was so challenging
definitely still a place with research opportunities and threat actors regularly doing weird stuff! 🖖
definitely still a place with research opportunities and threat actors regularly doing weird stuff! 🖖
November 19, 2025 at 3:47 PM
a 5+ year old bug ticket was finally closed by Google - this was actually the last significant investigation into Chrome extensions that I did because the feedback loop was so challenging
definitely still a place with research opportunities and threat actors regularly doing weird stuff! 🖖
definitely still a place with research opportunities and threat actors regularly doing weird stuff! 🖖
Everything about this piece from Reuters about the scam ads on Facebook is wild -- internal Meta estimates noted they were showing these scams 15 billion times per day, scammers are not banned just forced to pay more for ads, teams internally restricted, must read: www.reuters.com/investigatio...
Meta is earning a fortune on a deluge of fraudulent ads, documents show
Meta projected 10% of its 2024 revenue would come from ads for scams and banned goods, and it internally estimates that its platforms show users 15 billion scam ads a day, company documents show.
www.reuters.com
November 6, 2025 at 8:41 PM
Everything about this piece from Reuters about the scam ads on Facebook is wild -- internal Meta estimates noted they were showing these scams 15 billion times per day, scammers are not banned just forced to pay more for ads, teams internally restricted, must read: www.reuters.com/investigatio...
fun to see my mom in this crowd shot from the No Kings rally in Houston featured by the Houston Chronicle @ www.houstonchronicle.com/projects/202...
October 19, 2025 at 4:40 AM
fun to see my mom in this crowd shot from the No Kings rally in Houston featured by the Houston Chronicle @ www.houstonchronicle.com/projects/202...
Has anyone ever successfully received data from a personal Yandex data access request? Essentially receiving what data they collect on you as required under a bunch of privacy laws?
September 19, 2025 at 3:59 AM
Has anyone ever successfully received data from a personal Yandex data access request? Essentially receiving what data they collect on you as required under a bunch of privacy laws?
I’ve got this 100+ year old copy of an old play about Abraham Lincoln’s life which was owned by someone named Alden Nash who had an interesting personal emblem that he screen printed & glued onto the cover page.
The play was shown at the Birmingham Repertory Theatre then the Hammersmith Playhouse.📚
The play was shown at the Birmingham Repertory Theatre then the Hammersmith Playhouse.📚
September 9, 2025 at 2:46 AM
I’ve got this 100+ year old copy of an old play about Abraham Lincoln’s life which was owned by someone named Alden Nash who had an interesting personal emblem that he screen printed & glued onto the cover page.
The play was shown at the Birmingham Repertory Theatre then the Hammersmith Playhouse.📚
The play was shown at the Birmingham Repertory Theatre then the Hammersmith Playhouse.📚
Our team @silentpush just dropped a definitive look at SocGholish (operated by TA569) and the initial access broker ecosystem they are facilitating. Big thanks to past researchers who have worked on SocGholish! We've got details about our visibility @ www.silentpush.com/blog/socghol... 🖖🏻
August 6, 2025 at 7:49 PM
Our team @silentpush just dropped a definitive look at SocGholish (operated by TA569) and the initial access broker ecosystem they are facilitating. Big thanks to past researchers who have worked on SocGholish! We've got details about our visibility @ www.silentpush.com/blog/socghol... 🖖🏻
If I’ve been quiet you know I’m cooking up some fire research!
Our team at @silentpush.bsky.social is out today with a big report about the admin / owner of the FUNNULL CDN – essentially a dox of all his accounts and activities on the internet for the last 15+ years.
Our team at @silentpush.bsky.social is out today with a big report about the admin / owner of the FUNNULL CDN – essentially a dox of all his accounts and activities on the internet for the last 15+ years.
July 3, 2025 at 4:56 PM
If I’ve been quiet you know I’m cooking up some fire research!
Our team at @silentpush.bsky.social is out today with a big report about the admin / owner of the FUNNULL CDN – essentially a dox of all his accounts and activities on the internet for the last 15+ years.
Our team at @silentpush.bsky.social is out today with a big report about the admin / owner of the FUNNULL CDN – essentially a dox of all his accounts and activities on the internet for the last 15+ years.
"Funnull had direct exposure to Huione Pay, for which the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) recently issued a finding and notice of proposed rulemaking (NPRM) identifying it as a primary money laundering concern" 👀
🚨Today, OFAC sanctioned Philippines-based tech firm, Funnull Technology Inc., and its administrator Liu Lizhi for their roles in facilitating crypto investment scams, commonly known as pig butchering. Read our blog to learn more: www.chainalysis.com/blog/ofac-sa...
May 29, 2025 at 7:02 PM
"Funnull had direct exposure to Huione Pay, for which the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) recently issued a finding and notice of proposed rulemaking (NPRM) identifying it as a primary money laundering concern" 👀
Reposted by Zach Edwards
More on Funnull in this Silent Push report from January: www.silentpush.com/blog/infrast...
These are also Funnull IPs and domains: bsky.app/profile/camp...
These are also Funnull IPs and domains: bsky.app/profile/camp...
The FBI has released pages of IOCs related to cyber scam infrastructure that has been active between October 2023 and April 2025
PDF: www.ic3.gov/CSA/2025/250...
PDF: www.ic3.gov/CSA/2025/250...
May 29, 2025 at 5:37 PM
More on Funnull in this Silent Push report from January: www.silentpush.com/blog/infrast...
These are also Funnull IPs and domains: bsky.app/profile/camp...
These are also Funnull IPs and domains: bsky.app/profile/camp...
Reposted by Zach Edwards
NEW: The U.S. government has announced sanctions against FUNNULL and its administrator.
FUNNULL is accused of providing infrastructure for pig butchering crypto scams, as well as being the company behind the Polyfill supply chain attack, which pushed malware to victims who visited certain websites.
FUNNULL is accused of providing infrastructure for pig butchering crypto scams, as well as being the company behind the Polyfill supply chain attack, which pushed malware to victims who visited certain websites.
US government sanctions tech company involved in cyber scams | TechCrunch
The Treasury said FUNNULL was involved in providing infrastructure for pig butchering crypto scams.
techcrunch.com
May 29, 2025 at 4:59 PM
NEW: The U.S. government has announced sanctions against FUNNULL and its administrator.
FUNNULL is accused of providing infrastructure for pig butchering crypto scams, as well as being the company behind the Polyfill supply chain attack, which pushed malware to victims who visited certain websites.
FUNNULL is accused of providing infrastructure for pig butchering crypto scams, as well as being the company behind the Polyfill supply chain attack, which pushed malware to victims who visited certain websites.
The last 6 months I've traveled around the world giving presentations on FUNNULL about the scams and money laundering they are facilitating -- and today -- the U.S. Treasury has sanctioned FUNNULL and we got a bunch more facts about the operation now public.
home.treasury.gov/news/press-r...
home.treasury.gov/news/press-r...
May 29, 2025 at 3:41 PM
The last 6 months I've traveled around the world giving presentations on FUNNULL about the scams and money laundering they are facilitating -- and today -- the U.S. Treasury has sanctioned FUNNULL and we got a bunch more facts about the operation now public.
home.treasury.gov/news/press-r...
home.treasury.gov/news/press-r...
The location data they will be selling will primarily be powered by Google and Apple’s Mobile Advertising ID schemes - combining that with new data lakes trying to connect scraped social media content to IPs and MAIDs is truly connecting the dots on dystopia.
The Trump administration is building a central online marketplace for the Intelligence Community to buy private information about individuals from unregulated data brokers — coming soon to www.icdata.gov
theintercept.com/2025/05/22/i...
theintercept.com/2025/05/22/i...
U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
The government wants to build a centralized platform where spy agencies can more easily buy private info about millions of people.
theintercept.com
May 22, 2025 at 7:54 PM
The location data they will be selling will primarily be powered by Google and Apple’s Mobile Advertising ID schemes - combining that with new data lakes trying to connect scraped social media content to IPs and MAIDs is truly connecting the dots on dystopia.
Adage is out with a new piece today about a data broker product targeting people in Saudi Arabia which doesn't make *any* sense to me.
I provided pushback but my comments wern't include -- the piece is "How Coke used an AI agent to target ads to 828,000 fast-food fans" adage.com/technology/a... 🧵
I provided pushback but my comments wern't include -- the piece is "How Coke used an AI agent to target ads to 828,000 fast-food fans" adage.com/technology/a... 🧵
How Coke used an AI agent to target ads to 828,000 fast-food fans
The campaign tracked users across social media, raising potential privacy concerns.
adage.com
May 21, 2025 at 4:24 PM
Adage is out with a new piece today about a data broker product targeting people in Saudi Arabia which doesn't make *any* sense to me.
I provided pushback but my comments wern't include -- the piece is "How Coke used an AI agent to target ads to 828,000 fast-food fans" adage.com/technology/a... 🧵
I provided pushback but my comments wern't include -- the piece is "How Coke used an AI agent to target ads to 828,000 fast-food fans" adage.com/technology/a... 🧵