Lorenzo Franceschi-Bicchierai
@lorenzofb.bsky.social
Real-time historian of the late cyber capitalist era @TechCrunch, writing about the intersection of hackers, human rights, and spies.
🍕, ⚽️, 🎸, 🎮 by night.
☎️ Signal: +1 917 257 1382
Past lives: VICE Motherboard, Mashable, WIRED.
🍕, ⚽️, 🎸, 🎮 by night.
☎️ Signal: +1 917 257 1382
Past lives: VICE Motherboard, Mashable, WIRED.
Pinned
Do you have any tips about cybersecurity, surveillance, spyware, zero-days...all things cyber?
Contact me here:
☎️ Signal: + 1 917 257 1382
📷Keybase/Telegram: lorenzofb
Contact me here:
☎️ Signal: + 1 917 257 1382
📷Keybase/Telegram: lorenzofb
Reposted by Lorenzo Franceschi-Bicchierai
A spox for the ShinyHunters group told @lorenzofb.bsky.social that Gainsight "was a customer of Salesloft Drift, they were affected and therefore compromised entirely by us."
So far, these hackers have breached hundreds of companies simply by targeting Salesloft and Gainsight alone.
So far, these hackers have breached hundreds of companies simply by targeting Salesloft and Gainsight alone.
NEW: Google says the new wave of supply chain attacks by Scattered Lapsus$ Hunters impacted more than 200 companies' Salesforce-stored data.
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Google says hackers stole data from 200 companies following Gainsight breach | TechCrunch
Notorious hacking collective ShinyHunters takes credit for the breach that affected Salesforce customers’ data, and said it is planning another extortion campaign.
techcrunch.com
November 21, 2025 at 7:41 PM
A spox for the ShinyHunters group told @lorenzofb.bsky.social that Gainsight "was a customer of Salesloft Drift, they were affected and therefore compromised entirely by us."
So far, these hackers have breached hundreds of companies simply by targeting Salesloft and Gainsight alone.
So far, these hackers have breached hundreds of companies simply by targeting Salesloft and Gainsight alone.
Reposted by Lorenzo Franceschi-Bicchierai
New, by me and @lorenzofb.bsky.social: CrowdStrike has confirmed it fired a "suspicious insider" who passed screenshots of company systems to a prolific hacking group — which then went on to post them publicly.
CrowdStrike fires 'suspicious insider' who passed information to hackers | TechCrunch
Cybersecurity giant CrowdStrike denied it had been hacked following claims from a hacker group, which leaked screenshots from inside CrowdStrike's network.
techcrunch.com
November 21, 2025 at 7:11 PM
New, by me and @lorenzofb.bsky.social: CrowdStrike has confirmed it fired a "suspicious insider" who passed screenshots of company systems to a prolific hacking group — which then went on to post them publicly.
NEW: Google says the new wave of supply chain attacks by Scattered Lapsus$ Hunters impacted more than 200 companies' Salesforce-stored data.
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Google says hackers stole data from 200 companies following Gainsight breach | TechCrunch
Notorious hacking collective ShinyHunters takes credit for the breach that affected Salesforce customers’ data, and said it is planning another extortion campaign.
techcrunch.com
November 21, 2025 at 6:34 PM
NEW: Google says the new wave of supply chain attacks by Scattered Lapsus$ Hunters impacted more than 200 companies' Salesforce-stored data.
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
NEW: Salesforse says said it’s investigating an incident where hackers compromised some of its customers' data after breaching customer experience company Gainsight.
Notorious hacking group ShinyHunters has reportedly claimed responsibility for this new wave of data breaches.
Notorious hacking group ShinyHunters has reportedly claimed responsibility for this new wave of data breaches.
Salesforce says some of its customers' data was accessed after Gainsight breach | TechCrunch
Salesforce said it’s investigating an incident where hackers compromised some of its customers' data after breaching customer experience company Gainsight.
techcrunch.com
November 20, 2025 at 7:17 PM
NEW: Salesforse says said it’s investigating an incident where hackers compromised some of its customers' data after breaching customer experience company Gainsight.
Notorious hacking group ShinyHunters has reportedly claimed responsibility for this new wave of data breaches.
Notorious hacking group ShinyHunters has reportedly claimed responsibility for this new wave of data breaches.
NEW: The classic anime "Ghost in the Shell" turned 30 years old this week.
Despite coming out at the dawn of the internet, it was incredibly prescient in terms of imaginig a future where governments use hackers for espionage, people use malware to spy on their loved ones, and much much more.
Despite coming out at the dawn of the internet, it was incredibly prescient in terms of imaginig a future where governments use hackers for espionage, people use malware to spy on their loved ones, and much much more.
How the classic anime 'Ghost in the Shell' predicted the future of cybersecurity 30 years ago | TechCrunch
The story of the Ghost in the Shell’s main villain the Puppet Master hinted at a future where governments use hackers for espionage, at a time when most of the world had never connected to the interne...
techcrunch.com
November 19, 2025 at 10:04 PM
NEW: The classic anime "Ghost in the Shell" turned 30 years old this week.
Despite coming out at the dawn of the internet, it was incredibly prescient in terms of imaginig a future where governments use hackers for espionage, people use malware to spy on their loved ones, and much much more.
Despite coming out at the dawn of the internet, it was incredibly prescient in terms of imaginig a future where governments use hackers for espionage, people use malware to spy on their loved ones, and much much more.
Reposted by Lorenzo Franceschi-Bicchierai
running down the computer aisle of best buy with a megaphone and shouting "copilot, install malware"
November 19, 2025 at 4:45 AM
running down the computer aisle of best buy with a megaphone and shouting "copilot, install malware"
Reposted by Lorenzo Franceschi-Bicchierai
In case folks forgot what happened, Khashoggi entered a Saudi consulate in Istanbul to get a document so he could get married while his fiancée waited outside. He never left because he was murdered and dismembered with a bone saw inside the building. The US intel community said MBS ordered it.
Trump suggests Khashoggi had it coming: "You're mentioning someone that was extremely controversial. A lot of people didn't like that gentleman that you're talking about. Whether you like him or didn't like him, things happen. But he knew nothing about it. You don't have to embarrass our guest."
November 19, 2025 at 12:06 AM
In case folks forgot what happened, Khashoggi entered a Saudi consulate in Istanbul to get a document so he could get married while his fiancée waited outside. He never left because he was murdered and dismembered with a bone saw inside the building. The US intel community said MBS ordered it.
I am afraid I convinced @zackwhittaker.com to let me write about anime. Stay tuned.
November 18, 2025 at 11:35 PM
I am afraid I convinced @zackwhittaker.com to let me write about anime. Stay tuned.
Absolutely disgusting.
November 18, 2025 at 7:01 PM
Absolutely disgusting.
Time to remind everyone that this anime is one of the best hacker movies of all time. The whole Puppet Master plot was so ahead of its time, anticipating the reality of government espionage we live in now.
Also it was a huge inspiration for the Wachowski's sisters when they came up with The Matrix.
Also it was a huge inspiration for the Wachowski's sisters when they came up with The Matrix.
Happy 30th anniversary to "Ghost In The Shell" movie by Mamoru Oshii (released in Japanese theaters on November 18, 1995).
November 18, 2025 at 4:00 PM
Time to remind everyone that this anime is one of the best hacker movies of all time. The whole Puppet Master plot was so ahead of its time, anticipating the reality of government espionage we live in now.
Also it was a huge inspiration for the Wachowski's sisters when they came up with The Matrix.
Also it was a huge inspiration for the Wachowski's sisters when they came up with The Matrix.
NEW: Internet infrastructure giant Cloudflare blamed this morning's massive internet outage on a "latent bug."
This is another stark reminder that the internet depends on just a handful of companies. According to an estimate, Cloudflare is used by 20% of all websites on the internet.
This is another stark reminder that the internet depends on just a handful of companies. According to an estimate, Cloudflare is used by 20% of all websites on the internet.
Cloudflare blames massive internet outage on 'latent bug' | TechCrunch
An outage at internet infrastructure giant Cloudflare took down several big websites and services, including ChatGPT, Claude, Spotify, and X.
techcrunch.com
November 18, 2025 at 3:44 PM
NEW: Internet infrastructure giant Cloudflare blamed this morning's massive internet outage on a "latent bug."
This is another stark reminder that the internet depends on just a handful of companies. According to an estimate, Cloudflare is used by 20% of all websites on the internet.
This is another stark reminder that the internet depends on just a handful of companies. According to an estimate, Cloudflare is used by 20% of all websites on the internet.
Reposted by Lorenzo Franceschi-Bicchierai
New, by me: Protei, a Russian-founded telecoms provider and a supplier of surveillance and web monitoring technologies, was breached, its website defaced, and its servers raided.
"Another DPI/SORM provider bites the dust," read the company's defaced website.
"Another DPI/SORM provider bites the dust," read the company's defaced website.
Surveillance tech provider Protei was hacked, its data stolen and its website defaced | TechCrunch
The defacement of Protei's website said "another DPI/SORM provider bites the dust," apparently referring to the company selling its web intercept and surveillance products to phone and internet provid...
techcrunch.com
November 17, 2025 at 1:57 PM
New, by me: Protei, a Russian-founded telecoms provider and a supplier of surveillance and web monitoring technologies, was breached, its website defaced, and its servers raided.
"Another DPI/SORM provider bites the dust," read the company's defaced website.
"Another DPI/SORM provider bites the dust," read the company's defaced website.
NEW: Delivery giant DoorDash disclosed a data breach impacting an unspecified number of users.
Hackers stole names, emails, phone numbers, and physical addresses, but DoorDash said that “no sensitive information was accessed by the unauthorized third party." 🤔
Hackers stole names, emails, phone numbers, and physical addresses, but DoorDash said that “no sensitive information was accessed by the unauthorized third party." 🤔
DoorDash confirms data breach impacting users’ phone numbers and physical addresses | TechCrunch
The delivery giant said “no sensitive information” was accessed, and did not specify the number of customers, delivery workers, and merchants who were impacted by the breach.
techcrunch.com
November 17, 2025 at 3:30 PM
NEW: Delivery giant DoorDash disclosed a data breach impacting an unspecified number of users.
Hackers stole names, emails, phone numbers, and physical addresses, but DoorDash said that “no sensitive information was accessed by the unauthorized third party." 🤔
Hackers stole names, emails, phone numbers, and physical addresses, but DoorDash said that “no sensitive information was accessed by the unauthorized third party." 🤔
Reposted by Lorenzo Franceschi-Bicchierai
Share your cyber starter packs!
I did a cyber starter pack on this website a few of years ago and it was useful but I haven't been diligent and now I feel like I'm missing a ton of very interesting infosec folks who use bsky (and similar for mastodon). It's great when I find them but damn! At least my basketball lists are perfect
November 16, 2025 at 6:02 PM
Share your cyber starter packs!
The Cyber Police Department of Ukraine sent this email to me, @zackwhittaker.com, and some other cyber journalists.
Basically, it seems they are asking for help going after hackers expecting journalists to share information we would never share with law enforcement. Nope, this is not how it works.
Basically, it seems they are asking for help going after hackers expecting journalists to share information we would never share with law enforcement. Nope, this is not how it works.
November 14, 2025 at 5:55 PM
The Cyber Police Department of Ukraine sent this email to me, @zackwhittaker.com, and some other cyber journalists.
Basically, it seems they are asking for help going after hackers expecting journalists to share information we would never share with law enforcement. Nope, this is not how it works.
Basically, it seems they are asking for help going after hackers expecting journalists to share information we would never share with law enforcement. Nope, this is not how it works.
NEW: Five people who live in the U.S. pleaded guily for "facilitating" and helping the North Korean regime place fake remote IT workers inside American companies.
U.S. Department of Justice said their actions affected 136 U.S. companies and netted Kim Jong Un’s regime $2.2 million in revenue.
U.S. Department of Justice said their actions affected 136 U.S. companies and netted Kim Jong Un’s regime $2.2 million in revenue.
Five people plead guilty to helping North Koreans infiltrate US companies as 'remote IT workers' | TechCrunch
The U.S. Department of Justice said five people — including four U.S. nationals — "facilitated" North Korean IT workers to get jobs at American companies, allowing the regime to earn money from their ...
techcrunch.com
November 14, 2025 at 5:16 PM
NEW: Five people who live in the U.S. pleaded guily for "facilitating" and helping the North Korean regime place fake remote IT workers inside American companies.
U.S. Department of Justice said their actions affected 136 U.S. companies and netted Kim Jong Un’s regime $2.2 million in revenue.
U.S. Department of Justice said their actions affected 136 U.S. companies and netted Kim Jong Un’s regime $2.2 million in revenue.
NEW: Authorities took down three cybercrime operations, including Rhadamantys infostealer, which allegedly had access to the crypto wallets of more than 100,000 victims.
This is the latest round of the ongoing "whack-a-mole forever" Operation Endgame, as one security researcher put it.
This is the latest round of the ongoing "whack-a-mole forever" Operation Endgame, as one security researcher put it.
Police take down three cybercrime operations in latest round of 'whack-a-mole' | TechCrunch
Authorities from nine countries took down three cybercrime operations, including the Rhadamantys infostealer, which allegedly had access to the crypto wallets of more than 100,000 victims.
techcrunch.com
November 13, 2025 at 5:28 PM
NEW: Authorities took down three cybercrime operations, including Rhadamantys infostealer, which allegedly had access to the crypto wallets of more than 100,000 victims.
This is the latest round of the ongoing "whack-a-mole forever" Operation Endgame, as one security researcher put it.
This is the latest round of the ongoing "whack-a-mole forever" Operation Endgame, as one security researcher put it.
NEW: Cybersecurity firm Deepwatch laid off around 80 people citing AI the reason.
CEO John DiLullo said the company “is aligning our organization to accelerate our significant investments in AI.”
A current employee said: “they’re doing something with AI and agentic AI but it sounds like bullshit.”
CEO John DiLullo said the company “is aligning our organization to accelerate our significant investments in AI.”
A current employee said: “they’re doing something with AI and agentic AI but it sounds like bullshit.”
Cybersecurity firm Deepwatch lays off dozens, citing move to "accelerate" AI investment | TechCrunch
Deepwatch’s CEO told TechCrunch that the layoffs allow the company to accelerate investments in “AI and automation.”
techcrunch.com
November 12, 2025 at 8:08 PM
NEW: Cybersecurity firm Deepwatch laid off around 80 people citing AI the reason.
CEO John DiLullo said the company “is aligning our organization to accelerate our significant investments in AI.”
A current employee said: “they’re doing something with AI and agentic AI but it sounds like bullshit.”
CEO John DiLullo said the company “is aligning our organization to accelerate our significant investments in AI.”
A current employee said: “they’re doing something with AI and agentic AI but it sounds like bullshit.”
Reposted by Lorenzo Franceschi-Bicchierai
Looks like Elon Musk's X has royally borked its passkey and security key switchover. Users are reporting that they're getting stuck in endless loops in trying to re-roll, and, in some cases, are getting locked out of their accounts.
Elon Musk's X botched its security key switchover, locking users out | TechCrunch
As part of an effort to retire the old Twitter.com domain, X is requiring passkey and security key users to re-enroll — but are getting stuck in endless loops and unable to finish.
techcrunch.com
November 12, 2025 at 7:46 PM
Looks like Elon Musk's X has royally borked its passkey and security key switchover. Users are reporting that they're getting stuck in endless loops in trying to re-roll, and, in some cases, are getting locked out of their accounts.
NEW: A group of Senators and Congresspeople are warning Governors that their states are providing ICE “with frictionless, self-service access to the personal data of all of your residents.”
The data sharing is managed by a nonprofit called Nlets, which is managed by state police agencies.
The data sharing is managed by a nonprofit called Nlets, which is managed by state police agencies.
Lawmakers warn Democratic governors that states are sharing drivers' data with ICE | TechCrunch
A group of Democratic lawmakers asked governors in California, Colorado, and other states to block ICE from accessing their residents’ driver’s license data without their knowledge.
techcrunch.com
November 12, 2025 at 4:43 PM
NEW: A group of Senators and Congresspeople are warning Governors that their states are providing ICE “with frictionless, self-service access to the personal data of all of your residents.”
The data sharing is managed by a nonprofit called Nlets, which is managed by state police agencies.
The data sharing is managed by a nonprofit called Nlets, which is managed by state police agencies.
The fact that Apple decided to comment at all here (company usually just doesn't say anything) it's interesting on its own.
The spyware that is now in ICE's hands has been (by another government) against journalists and activists in Italy, as well as a top CEO, and a political consultant. Matteo Renzi, Italy's former prime minister, calls it the Italian Watergate. Now it's landed here: www.theguardian.com/technology/2...
Tech giants vow to defend users in US as spyware companies make inroads with Trump administration
Apple and WhatsApp say they will keep warning users if their phones are targeted by governments using hacking software against them
www.theguardian.com
November 11, 2025 at 3:43 PM
The fact that Apple decided to comment at all here (company usually just doesn't say anything) it's interesting on its own.
Remember NFTs? 😂😂😂😂😂😂😂
November 11, 2025 at 1:00 AM
Remember NFTs? 😂😂😂😂😂😂😂
Reposted by Lorenzo Franceschi-Bicchierai
My latest for Journalist and Spy: Pablo González, Russian-Spanish journalist, alleged GRU agent. Wrote for EU + U.S. media, @drewhinshaw.bsky.social & Joe Parkinson say he began working for GRU in 2010. Arrested in Poland in '22, swapped with Russia in '24. www.journalistandspy.com/p/pablo-gonz...
Pablo González
Pablo González is a Russian-Spanish journalist and an alleged agent of the GRU, Russia’s military intelligence agency.
www.journalistandspy.com
November 10, 2025 at 3:57 PM
My latest for Journalist and Spy: Pablo González, Russian-Spanish journalist, alleged GRU agent. Wrote for EU + U.S. media, @drewhinshaw.bsky.social & Joe Parkinson say he began working for GRU in 2010. Arrested in Poland in '22, swapped with Russia in '24. www.journalistandspy.com/p/pablo-gonz...
Great book that is a must read to understand the history of hacking culture, and the cybersecurity industry.
Just arrived: Advance copies of the first revised edition of Cult of the Dead Cow.
November 10, 2025 at 5:40 PM
Great book that is a must read to understand the history of hacking culture, and the cybersecurity industry.