Zack Whittaker
@zackwhittaker.com
Security editor, TechCrunch
Signal: zackwhittaker.1337
My stories: techcrunch.com/author/zack-whittaker
My newsletter/blog: this.weekinsecurity.com
Signal: zackwhittaker.1337
My stories: techcrunch.com/author/zack-whittaker
My newsletter/blog: this.weekinsecurity.com
Reposted by Zack Whittaker
Techdirt Doesn’t Annoy You Into Paying, And That’s Worth Paying For
We're a few weeks into our end of year crowdfunding campaign—donate $100 or more (check out that $230 option!) and we'll send you our first commemorative challenge coin celebrating 30 years of Section 230. I've already laid out…
We're a few weeks into our end of year crowdfunding campaign—donate $100 or more (check out that $230 option!) and we'll send you our first commemorative challenge coin celebrating 30 years of Section 230. I've already laid out…
Techdirt Doesn’t Annoy You Into Paying, And That’s Worth Paying For
We're a few weeks into our end of year crowdfunding campaign—donate $100 or more (check out that $230 option!) and we'll send you our first commemorative challenge coin celebrating 30 years of Section 230. I've already laid out why our coverage matters, why we're not selling out (because we’re not like Bari Weiss), and why we're one of the only sites getting Section 230 right…
www.techdirt.com
December 26, 2025 at 5:00 PM
Techdirt Doesn’t Annoy You Into Paying, And That’s Worth Paying For
We're a few weeks into our end of year crowdfunding campaign—donate $100 or more (check out that $230 option!) and we'll send you our first commemorative challenge coin celebrating 30 years of Section 230. I've already laid out…
We're a few weeks into our end of year crowdfunding campaign—donate $100 or more (check out that $230 option!) and we'll send you our first commemorative challenge coin celebrating 30 years of Section 230. I've already laid out…
New, by @lorenzofb.bsky.social and me: We just published TechCrunch's annual jealousy list of cybersecurity stories that we *didn’t* publish but wish we had. This is the very best cybersecuirty reporting from our friends at competing publications.
techcrunch.com/2025/12/26/t...
techcrunch.com/2025/12/26/t...
These are the cybersecurity stories we were jealous of in 2025 | TechCrunch
The very best reporting and investigative journalism from our friends at other publications.
techcrunch.com
December 26, 2025 at 2:26 PM
New, by @lorenzofb.bsky.social and me: We just published TechCrunch's annual jealousy list of cybersecurity stories that we *didn’t* publish but wish we had. This is the very best cybersecuirty reporting from our friends at competing publications.
techcrunch.com/2025/12/26/t...
techcrunch.com/2025/12/26/t...
Very excited for this.
We're going live on YouTube in 45 mins! Tap in
www.youtube.com/watch?v=_n95...
www.youtube.com/watch?v=_n95...
December 26, 2025 at 2:23 PM
Very excited for this.
Reposted by Zack Whittaker
“It’s [Citizen Lab] one of the few institutions that investigate cyberthreats exclusively in the public interest, and in doing so, it has exposed some of the most egregious digital abuses of the past two decades.”
Meet the man hunting the spies in your smartphone
Ronald Deibert and his research group, the Citizen Lab, have rigorously worked to unveil alarming digital threats for the past two decades. Now, he warns, this kind of work is under threat.
www.technologyreview.com
December 24, 2025 at 12:53 PM
“It’s [Citizen Lab] one of the few institutions that investigate cyberthreats exclusively in the public interest, and in doing so, it has exposed some of the most egregious digital abuses of the past two decades.”
Reposted by Zack Whittaker
Are you a security researcher or journalist? We want to hear from you — please take this survey!
Dissent Doe at DataBreaches.net, and yours truly at this.weekinsecurity.com, are running this survey to explore the state of legal demands and criminal threats in cybersecurity.
Dissent Doe at DataBreaches.net, and yours truly at this.weekinsecurity.com, are running this survey to explore the state of legal demands and criminal threats in cybersecurity.
Survey about legal and criminal threats experienced by journalists and security researchers
Researchers who try to responsibly disclose leaks, vulnerabilities, and other security breaches or mishaps may face legal threats or lawsuits. Similarly, journalists may find themselves threatened wit...
forms.gle
December 20, 2025 at 2:32 PM
Are you a security researcher or journalist? We want to hear from you — please take this survey!
Dissent Doe at DataBreaches.net, and yours truly at this.weekinsecurity.com, are running this survey to explore the state of legal demands and criminal threats in cybersecurity.
Dissent Doe at DataBreaches.net, and yours truly at this.weekinsecurity.com, are running this survey to explore the state of legal demands and criminal threats in cybersecurity.
Reposted by Zack Whittaker
I need 30 people to subscribe to @garbageday.email right now. Please. We're so freaking close to 100,000. Please 😭🙏🏻❤️
www.garbageday.email
www.garbageday.email
Garbage Day
A newsletter about having fun online
www.garbageday.email
December 23, 2025 at 9:56 PM
I need 30 people to subscribe to @garbageday.email right now. Please. We're so freaking close to 100,000. Please 😭🙏🏻❤️
www.garbageday.email
www.garbageday.email
Reposted by Zack Whittaker
NEW: U.S. insurance giant Aflac says its June data breach affected 22.6 million people.
The hackers, the company says, stole data such as Social Security numbers, government IDs, and health information.
techcrunch.com/2025/12/23/u...
The hackers, the company says, stole data such as Social Security numbers, government IDs, and health information.
techcrunch.com/2025/12/23/u...
US insurance giant Aflac says hackers stole personal data of 22.6 million | TechCrunch
Aflac, one of the largest insurance companies in the U.S., confirmed hackers stole reams of personal data, including Social Security numbers, identity documents, and health information.
techcrunch.com
December 23, 2025 at 5:15 PM
NEW: U.S. insurance giant Aflac says its June data breach affected 22.6 million people.
The hackers, the company says, stole data such as Social Security numbers, government IDs, and health information.
techcrunch.com/2025/12/23/u...
The hackers, the company says, stole data such as Social Security numbers, government IDs, and health information.
techcrunch.com/2025/12/23/u...
Reposted by Zack Whittaker
Scoop: The lone employee behind CISA's Pre-Ransomware Notification Initiative resigned on Friday rather than take a forced reassignment to FEMA.
CISA says PRNI will continue, but sources said David Stern's loss will be a major setback for it.
My story: www.cybersecuritydive.com/news/cisa-ra...
CISA says PRNI will continue, but sources said David Stern's loss will be a major setback for it.
My story: www.cybersecuritydive.com/news/cisa-ra...
December 23, 2025 at 3:50 PM
Scoop: The lone employee behind CISA's Pre-Ransomware Notification Initiative resigned on Friday rather than take a forced reassignment to FEMA.
CISA says PRNI will continue, but sources said David Stern's loss will be a major setback for it.
My story: www.cybersecuritydive.com/news/cisa-ra...
CISA says PRNI will continue, but sources said David Stern's loss will be a major setback for it.
My story: www.cybersecuritydive.com/news/cisa-ra...
NEW, by me: Uzbekistan publicly exposed its nationwide license plate surveillance system, no password needed.
The system reveals a hundred locations where banks of cameras have been placed, including cities and rural areas; and contains raw video footage of millions of vehicles and their occupants.
The system reveals a hundred locations where banks of cameras have been placed, including cities and rural areas; and contains raw video footage of millions of vehicles and their occupants.
Exclusive: Inside Uzbekistan's nationwide license plate surveillance system
The Uzbek government's national license plate scanning system was discovered exposed to the internet for anyone to access without a password.
techcrunch.com
December 23, 2025 at 3:09 PM
NEW, by me: Uzbekistan publicly exposed its nationwide license plate surveillance system, no password needed.
The system reveals a hundred locations where banks of cameras have been placed, including cities and rural areas; and contains raw video footage of millions of vehicles and their occupants.
The system reveals a hundred locations where banks of cameras have been placed, including cities and rural areas; and contains raw video footage of millions of vehicles and their occupants.
Reposted by Zack Whittaker
So I hacked my way into being Cyber Policy Initiative Senior Fellow at the University of Chicago's Harris School of Public Policy. Working on rural water critical infrastructure cybersecurity.
Hey, ma, look! I *finally* got into University of Chicago. :D
cpi.harris.uchicago.edu/2025/12/23/h...
Hey, ma, look! I *finally* got into University of Chicago. :D
cpi.harris.uchicago.edu/2025/12/23/h...
Harris Cyber Policy Initiative Taps Top Hacker to Design New Security Model for Water Utilities | Cyber Policy Initiative
cpi.harris.uchicago.edu
December 23, 2025 at 12:36 PM
So I hacked my way into being Cyber Policy Initiative Senior Fellow at the University of Chicago's Harris School of Public Policy. Working on rural water critical infrastructure cybersecurity.
Hey, ma, look! I *finally* got into University of Chicago. :D
cpi.harris.uchicago.edu/2025/12/23/h...
Hey, ma, look! I *finally* got into University of Chicago. :D
cpi.harris.uchicago.edu/2025/12/23/h...
Reposted by Zack Whittaker
Cyberattack knocks France's postal service and its banking arm offline | Euronews www.euronews.com/2025/12/22/c...
Cyberattack knocks France's postal service and its banking arm offline
The same services affected on Monday — Colissimo parcel tracking and the Digiposte digital vault — were already disrupted on Saturday, though La Poste did not immediately confirm whether that incident...
www.euronews.com
December 23, 2025 at 10:42 AM
Cyberattack knocks France's postal service and its banking arm offline | Euronews www.euronews.com/2025/12/22/c...
aka 60.Minutes.Inside.CECOT_CAM_DDoSecrets.2025.mkv
Have the censored 60 Minutes CECOT story. Adjusted image for better viewing. Rendering now, will upload soon. h/t @jasonparis.bsky.social
December 22, 2025 at 10:54 PM
aka 60.Minutes.Inside.CECOT_CAM_DDoSecrets.2025.mkv
Reposted by Zack Whittaker
The Associated Press has an excellent story about how FCC boss Brendan Carr bullied a Bay Area AM radio station for the crime of reporting on local ICE activity.
facing existential collapse it immediately demoted journalists end replaced political coverage with safe public interest cack:
facing existential collapse it immediately demoted journalists end replaced political coverage with safe public interest cack:
How an AM radio station in California weathered the Trump administration's assault on media
Six days into President Donald Trump's new administration, the San Francisco Bay-area radio station KCBS-AM and other outlets reported on local immigration raids.
apnews.com
December 22, 2025 at 3:08 PM
The Associated Press has an excellent story about how FCC boss Brendan Carr bullied a Bay Area AM radio station for the crime of reporting on local ICE activity.
facing existential collapse it immediately demoted journalists end replaced political coverage with safe public interest cack:
facing existential collapse it immediately demoted journalists end replaced political coverage with safe public interest cack:
Reposted by Zack Whittaker
CBS didn't run the 60 Minutes segment on CECOT, but over here at @propublica.org we've been working on the story since March, including finding out who each and every man sent to that maximum security prison was.
You can see our reporting here: www.propublica.org/series/depor...
You can see our reporting here: www.propublica.org/series/depor...
Deported and Imprisoned Archives
A case-by-case investigation that examines the Trump administration’s claims that these immigrants are all “sick criminals” and “terrorists” and that shows what they suffered during months in one of t...
www.propublica.org
December 22, 2025 at 4:08 PM
CBS didn't run the 60 Minutes segment on CECOT, but over here at @propublica.org we've been working on the story since March, including finding out who each and every man sent to that maximum security prison was.
You can see our reporting here: www.propublica.org/series/depor...
You can see our reporting here: www.propublica.org/series/depor...
Reposted by Zack Whittaker
SCOOP: Flock left at least 60 of its AI-powered, people-tracking surveillance cameras exposed and livestreaming to the open internet. We tracked ourselves. The exposure highlights the power of these cameras and types of things they're tracking. Not just cars.
www.404media.co/flock-expose...
www.404media.co/flock-expose...
Flock Exposed Its AI-Powered Cameras to the Internet. We Tracked Ourselves.
Flock left at least 60 of its people-tracking Condor PTZ cameras live streaming and exposed to the open internet.
www.404media.co
December 22, 2025 at 4:07 PM
SCOOP: Flock left at least 60 of its AI-powered, people-tracking surveillance cameras exposed and livestreaming to the open internet. We tracked ourselves. The exposure highlights the power of these cameras and types of things they're tracking. Not just cars.
www.404media.co/flock-expose...
www.404media.co/flock-expose...
A peaceful start to the day in my morning playlist. ♫♪ Not Yet, by Ocote Soul Sounds, feat. Chico Mann & Quantic. ♪♫
Not Yet
YouTube video by Ocote Soul Sounds - Topic
www.youtube.com
December 22, 2025 at 2:00 PM
A peaceful start to the day in my morning playlist. ♫♪ Not Yet, by Ocote Soul Sounds, feat. Chico Mann & Quantic. ♪♫
Reposted by Zack Whittaker
The story is insane. The acting head of cyber security, a Noem crony, repeatedly demanded to see highly classified information he didn’t need access to, and when staff set up a lie detector test as a condition to grant him access, he failed it. So DHS suspended the staffers.
Acting CISA director failed a polygraph. Career staff are now under investigation.
Acting CISA director failed a polygraph. Career staff are now under investigation.
At least six career staff were placed on leave after DHS opened an investigation into whether they misled the agency’s acting director, Madhu Gottumukkala, into taking the test.
dlvr.it
December 22, 2025 at 3:20 AM
The story is insane. The acting head of cyber security, a Noem crony, repeatedly demanded to see highly classified information he didn’t need access to, and when staff set up a lie detector test as a condition to grant him access, he failed it. So DHS suspended the staffers.
Reposted by Zack Whittaker
I am not exaggerating when I say that every week @zackwhittaker.com highlights a story I missed. Highly recommend a signing up for his newsletter.
And here it is, the final this.weekinsecurity.com newsletter of 2025, featuring all the cyber news you need to know from this past week in cyber.
Including: Ransomware gang claims NHS breach; browser extensions stealing users' AI conversations; airline API bug exposes passenger data, and more. 🐈⬛
Including: Ransomware gang claims NHS breach; browser extensions stealing users' AI conversations; airline API bug exposes passenger data, and more. 🐈⬛
this week in security — december 21 2025 edition
Mixpanel breach spreads to Pornhub; new Cisco zero-day under attack; French and U.K. governments hacked; TV makers sued for taking screenshots; and more.
this.weekinsecurity.com
December 22, 2025 at 12:35 AM
I am not exaggerating when I say that every week @zackwhittaker.com highlights a story I missed. Highly recommend a signing up for his newsletter.
And here it is, the final this.weekinsecurity.com newsletter of 2025, featuring all the cyber news you need to know from this past week in cyber.
Including: Ransomware gang claims NHS breach; browser extensions stealing users' AI conversations; airline API bug exposes passenger data, and more. 🐈⬛
Including: Ransomware gang claims NHS breach; browser extensions stealing users' AI conversations; airline API bug exposes passenger data, and more. 🐈⬛
this week in security — december 21 2025 edition
Mixpanel breach spreads to Pornhub; new Cisco zero-day under attack; French and U.K. governments hacked; TV makers sued for taking screenshots; and more.
this.weekinsecurity.com
December 21, 2025 at 3:50 PM
And here it is, the final this.weekinsecurity.com newsletter of 2025, featuring all the cyber news you need to know from this past week in cyber.
Including: Ransomware gang claims NHS breach; browser extensions stealing users' AI conversations; airline API bug exposes passenger data, and more. 🐈⬛
Including: Ransomware gang claims NHS breach; browser extensions stealing users' AI conversations; airline API bug exposes passenger data, and more. 🐈⬛
Tomorrow's edition of my weekly cybersecurity newsletter this.weekinsecurity.com is a very busy, very special, awesome dispatch for the holiday season.
Featuring all the cyber news you need to know but might've missed, plus a festive cyber-cat, and more.
Sign up/RSS! No email open/link tracking. 🐈⬛
Featuring all the cyber news you need to know but might've missed, plus a festive cyber-cat, and more.
Sign up/RSS! No email open/link tracking. 🐈⬛
~this week in security~
a weekly cybersecurity newsletter by Zack Whittaker, plus articles and more.
this.weekinsecurity.com
December 21, 2025 at 3:24 AM
Tomorrow's edition of my weekly cybersecurity newsletter this.weekinsecurity.com is a very busy, very special, awesome dispatch for the holiday season.
Featuring all the cyber news you need to know but might've missed, plus a festive cyber-cat, and more.
Sign up/RSS! No email open/link tracking. 🐈⬛
Featuring all the cyber news you need to know but might've missed, plus a festive cyber-cat, and more.
Sign up/RSS! No email open/link tracking. 🐈⬛
Reposted by Zack Whittaker
Nakatomi runs on UNIX
December 21, 2025 at 2:02 AM
Nakatomi runs on UNIX
Are you a security researcher or journalist? We want to hear from you — please take this survey!
Dissent Doe at DataBreaches.net, and yours truly at this.weekinsecurity.com, are running this survey to explore the state of legal demands and criminal threats in cybersecurity.
Dissent Doe at DataBreaches.net, and yours truly at this.weekinsecurity.com, are running this survey to explore the state of legal demands and criminal threats in cybersecurity.
Survey about legal and criminal threats experienced by journalists and security researchers
Researchers who try to responsibly disclose leaks, vulnerabilities, and other security breaches or mishaps may face legal threats or lawsuits. Similarly, journalists may find themselves threatened wit...
forms.gle
December 20, 2025 at 2:32 PM
Are you a security researcher or journalist? We want to hear from you — please take this survey!
Dissent Doe at DataBreaches.net, and yours truly at this.weekinsecurity.com, are running this survey to explore the state of legal demands and criminal threats in cybersecurity.
Dissent Doe at DataBreaches.net, and yours truly at this.weekinsecurity.com, are running this survey to explore the state of legal demands and criminal threats in cybersecurity.
Reposted by Zack Whittaker
Absolute horror story of a long-time Apple customer who was locked out of their devices and account with no recourse after redeeming a suspected bad gift card. hey.paris/posts/appleid/
Gift card scams are on the rise & increasingly difficult to spot, and can have devastating consequences.
Gift card scams are on the rise & increasingly difficult to spot, and can have devastating consequences.
Apple nuking a customer's account over a bad gift card is a warning for everyone
One long-time Apple customer was left with no recourse after a bad gift card triggered a full account and device lock-out.
this.weekinsecurity.com
December 19, 2025 at 11:51 PM
Absolute horror story of a long-time Apple customer who was locked out of their devices and account with no recourse after redeeming a suspected bad gift card. hey.paris/posts/appleid/
Gift card scams are on the rise & increasingly difficult to spot, and can have devastating consequences.
Gift card scams are on the rise & increasingly difficult to spot, and can have devastating consequences.