Zack Whittaker
@zackwhittaker.com
Security editor, TechCrunch
Signal: zackwhittaker.1337
My stories: techcrunch.com/author/zack-whittaker
My newsletter/blog: this.weekinsecurity.com
Signal: zackwhittaker.1337
My stories: techcrunch.com/author/zack-whittaker
My newsletter/blog: this.weekinsecurity.com
Reposted by Zack Whittaker
“A liability model would push the cost currently borne by society back onto the companies themselves, rather than allow those companies to profit from the systemic risks their insecure products disburse throughout society.”
👏
👏
Software companies must be held liable for British economic security, say MPs
via @alexmartin.bsky.social & @therecordmedia.bsky.social
via @alexmartin.bsky.social & @therecordmedia.bsky.social
Software companies must be held liable for British economic security, say MPs
A lack of liability for software vendors is putting Britain’s economic and national security at risk, an influential committee of lawmakers warned on Monday.
therecord.media
November 25, 2025 at 1:13 PM
“A liability model would push the cost currently borne by society back onto the companies themselves, rather than allow those companies to profit from the systemic risks their insecure products disburse throughout society.”
👏
👏
My partner sometimes sends me links for my cyber newsletter, this.weekinsecurity.com.
Today she sent me this story (forgive the link) about a leaked recording of Campbell's CISO allegedly criticizing his company's own food, with the comment, simply: "Cyber soup-curity," followed by, "C.I.S.Oh no."
Today she sent me this story (forgive the link) about a leaked recording of Campbell's CISO allegedly criticizing his company's own food, with the comment, simply: "Cyber soup-curity," followed by, "C.I.S.Oh no."
Leaked audio reveals Campbell's VP's remarks about soup's ingredients
A leaked recording from a former staffer has sparked chaos for Campbell Soup, claiming to show a company VP trash-talking the brand's own products and the people who buy them.
www.dailymail.co.uk
November 25, 2025 at 1:43 AM
My partner sometimes sends me links for my cyber newsletter, this.weekinsecurity.com.
Today she sent me this story (forgive the link) about a leaked recording of Campbell's CISO allegedly criticizing his company's own food, with the comment, simply: "Cyber soup-curity," followed by, "C.I.S.Oh no."
Today she sent me this story (forgive the link) about a leaked recording of Campbell's CISO allegedly criticizing his company's own food, with the comment, simply: "Cyber soup-curity," followed by, "C.I.S.Oh no."
Reposted by Zack Whittaker
This piece also offers a generous (3000 word) intro that explains what NVIDIA is, how it got so big, how "building data centers" is a very difficult and complex thing, and why the entire future comes down to how long private debt can afford to keep buying GPUs.
Premium: This is The Hater's Guide To NVIDIA: A 14k word guide to how NVIDIA makes its money, how millions of Blackwell GPUs have been sold with nowhere for them to be installed, and how NVIDIA's future relies on companies raising hundreds of billions in debt.
www.wheresyoured.at/the-haters-g...
www.wheresyoured.at/the-haters-g...
The Hater's Guide To NVIDIA
This piece has a generous 3000+ word introduction, because I want as many people to understand NVIDIA as possible. The (thousands of) words after the premium break get into arduous detail, but I’ve wr...
www.wheresyoured.at
November 24, 2025 at 5:19 PM
This piece also offers a generous (3000 word) intro that explains what NVIDIA is, how it got so big, how "building data centers" is a very difficult and complex thing, and why the entire future comes down to how long private debt can afford to keep buying GPUs.
Reposted by Zack Whittaker
Cybersecurity is bad enough without the clout-chasers and marketers trying to scare everyone. Very glad to see a concerted effort to kill the myths and focus people on what can actually make you safer. www.hacklore.org/letter
The Letter — Stop Hacklore!
www.hacklore.org
November 24, 2025 at 4:58 PM
Cybersecurity is bad enough without the clout-chasers and marketers trying to scare everyone. Very glad to see a concerted effort to kill the myths and focus people on what can actually make you safer. www.hacklore.org/letter
Reposted by Zack Whittaker
📢 Announcing hacklore.org 📢
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
Stop Hacklore!
hacklore.org
November 24, 2025 at 3:05 PM
📢 Announcing hacklore.org 📢
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
NEW: U.S. banking giants and mortgage lenders are scrambling to figure out how much of their customers' non-public banking data was stolen during a cyberattack on a financial tech firm earlier this month.
Customers of at least JPMorgan Chase, Citigroup, and Morgan Stanley are said to be affected.
Customers of at least JPMorgan Chase, Citigroup, and Morgan Stanley are said to be affected.
US banks scramble to assess data theft after hackers breach financial tech firm | TechCrunch
U.S. banking giants including JPMorgan Chase, Citi, and Morgan Stanley are working to identify what data was stolen in a recent cyberattack on a New York financial firm.
techcrunch.com
November 24, 2025 at 2:23 PM
NEW: U.S. banking giants and mortgage lenders are scrambling to figure out how much of their customers' non-public banking data was stolen during a cyberattack on a financial tech firm earlier this month.
Customers of at least JPMorgan Chase, Citigroup, and Morgan Stanley are said to be affected.
Customers of at least JPMorgan Chase, Citigroup, and Morgan Stanley are said to be affected.
Reposted by Zack Whittaker
My weekly cybersecurity newsletter this.weekinsecurity.com is now out, featuring stories on Gainsight's breach affecting 200 companies; airlines to stop selling flight records to the U.S. government; bank data stolen in SitusAMC hack; DoorDash data breach; Border Patrol's hidden cameras, and more.
this week in security — november 23 2025 edition
Gainsight breach hits 200 companies; airlines to stop selling ticket data to the government; bank data stolen in SitusAMC hack; DoorDash breach, and more.
this.weekinsecurity.com
November 23, 2025 at 4:21 PM
My weekly cybersecurity newsletter this.weekinsecurity.com is now out, featuring stories on Gainsight's breach affecting 200 companies; airlines to stop selling flight records to the U.S. government; bank data stolen in SitusAMC hack; DoorDash data breach; Border Patrol's hidden cameras, and more.
My weekly cybersecurity newsletter this.weekinsecurity.com is now out, featuring stories on Gainsight's breach affecting 200 companies; airlines to stop selling flight records to the U.S. government; bank data stolen in SitusAMC hack; DoorDash data breach; Border Patrol's hidden cameras, and more.
this week in security — november 23 2025 edition
Gainsight breach hits 200 companies; airlines to stop selling ticket data to the government; bank data stolen in SitusAMC hack; DoorDash breach, and more.
this.weekinsecurity.com
November 23, 2025 at 4:21 PM
My weekly cybersecurity newsletter this.weekinsecurity.com is now out, featuring stories on Gainsight's breach affecting 200 companies; airlines to stop selling flight records to the U.S. government; bank data stolen in SitusAMC hack; DoorDash data breach; Border Patrol's hidden cameras, and more.
Reposted by Zack Whittaker
every week just gets weirder tbh
November 21, 2025 at 11:09 PM
every week just gets weirder tbh
Reposted by Zack Whittaker
Important story: The very wealthiest people in America are playing an ever more important role in financing America’s elections — and potentially determining their outcome.
We spent a year investigating billionaires for @washingtonpost.com.
We found: the wealthiest 100 Americans gave $1.1 billion to influence the 2024 elections — 140x more than they did in 2000. And almost all of that giving boosted Republicans.
washingtonpost.com/politics/int...
We found: the wealthiest 100 Americans gave $1.1 billion to influence the 2024 elections — 140x more than they did in 2000. And almost all of that giving boosted Republicans.
washingtonpost.com/politics/int...
November 21, 2025 at 6:49 PM
Important story: The very wealthiest people in America are playing an ever more important role in financing America’s elections — and potentially determining their outcome.
A spox for the ShinyHunters group told @lorenzofb.bsky.social that Gainsight "was a customer of Salesloft Drift, they were affected and therefore compromised entirely by us."
So far, these hackers have breached hundreds of companies simply by targeting Salesloft and Gainsight alone.
So far, these hackers have breached hundreds of companies simply by targeting Salesloft and Gainsight alone.
NEW: Google says the new wave of supply chain attacks by Scattered Lapsus$ Hunters impacted more than 200 companies' Salesforce-stored data.
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Google says hackers stole data from 200 companies following Gainsight breach | TechCrunch
Notorious hacking collective ShinyHunters takes credit for the breach that affected Salesforce customers’ data, and said it is planning another extortion campaign.
techcrunch.com
November 21, 2025 at 7:41 PM
A spox for the ShinyHunters group told @lorenzofb.bsky.social that Gainsight "was a customer of Salesloft Drift, they were affected and therefore compromised entirely by us."
So far, these hackers have breached hundreds of companies simply by targeting Salesloft and Gainsight alone.
So far, these hackers have breached hundreds of companies simply by targeting Salesloft and Gainsight alone.
New, by me and @lorenzofb.bsky.social: CrowdStrike has confirmed it fired a "suspicious insider" who passed screenshots of company systems to a prolific hacking group — which then went on to post them publicly.
CrowdStrike fires 'suspicious insider' who passed information to hackers | TechCrunch
Cybersecurity giant CrowdStrike denied it had been hacked following claims from a hacker group, which leaked screenshots from inside CrowdStrike's network.
techcrunch.com
November 21, 2025 at 7:11 PM
New, by me and @lorenzofb.bsky.social: CrowdStrike has confirmed it fired a "suspicious insider" who passed screenshots of company systems to a prolific hacking group — which then went on to post them publicly.
Reposted by Zack Whittaker
NEW: Google says the new wave of supply chain attacks by Scattered Lapsus$ Hunters impacted more than 200 companies' Salesforce-stored data.
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Google says hackers stole data from 200 companies following Gainsight breach | TechCrunch
Notorious hacking collective ShinyHunters takes credit for the breach that affected Salesforce customers’ data, and said it is planning another extortion campaign.
techcrunch.com
November 21, 2025 at 6:34 PM
NEW: Google says the new wave of supply chain attacks by Scattered Lapsus$ Hunters impacted more than 200 companies' Salesforce-stored data.
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
The next time a major U.S. phone or internet company gets hacked and customer data stolen — and it will, since it's happened a LOT in recent years — at least we know who we can blame for it.
Despite Chinese hacks, Trump's FCC votes to scrap cybersecurity rules for phone and internet companies | TechCrunch
Two Trump-appointed FCC officials voted to undo the telecom industry's cybersecurity rules. One Democratic commissioner dissented, saying the decision leaves the United States "less safe" at a time wh...
techcrunch.com
November 21, 2025 at 3:23 PM
The next time a major U.S. phone or internet company gets hacked and customer data stolen — and it will, since it's happened a LOT in recent years — at least we know who we can blame for it.
Reposted by Zack Whittaker
Did Capita have a ransomware response that “will go down as a case history for how to deal with a sophisticated cyberattack”, as their CEO claimed? I take a look. doublepulsar.com/what-organis...
What organisations can learn from the record breaking fine over Capita’s ransomware incident
No, a Nessus vulnerability scan isn’t good enough.
doublepulsar.com
November 21, 2025 at 12:54 PM
Did Capita have a ransomware response that “will go down as a case history for how to deal with a sophisticated cyberattack”, as their CEO claimed? I take a look. doublepulsar.com/what-organis...
Reposted by Zack Whittaker
Pachinko found the windows with the heat vents. Ideal setting for bird watching.
November 21, 2025 at 3:45 AM
Pachinko found the windows with the heat vents. Ideal setting for bird watching.
Reposted by Zack Whittaker
Just saw an extended version
November 20, 2025 at 11:26 PM
Just saw an extended version
NEW: Salesforce says it's investigating a breach of customers' data after hackers targeted Gainsight, a company that sells a platform for other companies to manage their customers.
It looks like a near-repeat shituation to that of the Salesloft mass-breaches earlier this year.
It looks like a near-repeat shituation to that of the Salesloft mass-breaches earlier this year.
Salesforce says some of its customers' data was accessed after Gainsight breach | TechCrunch
Salesforce said it’s investigating an incident where hackers compromised some of its customers' data after breaching customer experience company Gainsight.
techcrunch.com
November 20, 2025 at 7:42 PM
NEW: Salesforce says it's investigating a breach of customers' data after hackers targeted Gainsight, a company that sells a platform for other companies to manage their customers.
It looks like a near-repeat shituation to that of the Salesloft mass-breaches earlier this year.
It looks like a near-repeat shituation to that of the Salesloft mass-breaches earlier this year.
Reposted by Zack Whittaker
AP finds a secretive Border Patrol intelligence program detains Americans for “suspicious” travel. Critics call it mass surveillance.
Border Patrol is monitoring US drivers and detaining those with 'suspicious' travel patterns
The U.S. Border Patrol is monitoring millions of American drivers nationwide in a secretive program to identify and detain people whose travel patterns it deems suspicious.
bit.ly
November 20, 2025 at 2:00 PM
AP finds a secretive Border Patrol intelligence program detains Americans for “suspicious” travel. Critics call it mass surveillance.
I know absolutely nothing about anime or manga, but really enjoyed this latest story by @lorenzofb.bsky.social; it's fascinating that this comic from 30 years ago — predating the modern Web — got so much right about cybersecurity today.
How the classic anime 'Ghost in the Shell' predicted the future of cybersecurity 30 years ago | TechCrunch
The story of Ghost in the Shell’s main villain the Puppet Master hinted at a future where governments use hackers for espionage, at a time when most of the world had never connected to the internet.
techcrunch.com
November 20, 2025 at 1:48 AM
I know absolutely nothing about anime or manga, but really enjoyed this latest story by @lorenzofb.bsky.social; it's fascinating that this comic from 30 years ago — predating the modern Web — got so much right about cybersecurity today.
Reposted by Zack Whittaker
NEW: The classic anime "Ghost in the Shell" turned 30 years old this week.
Despite coming out at the dawn of the internet, it was incredibly prescient in terms of imaginig a future where governments use hackers for espionage, people use malware to spy on their loved ones, and much much more.
Despite coming out at the dawn of the internet, it was incredibly prescient in terms of imaginig a future where governments use hackers for espionage, people use malware to spy on their loved ones, and much much more.
How the classic anime 'Ghost in the Shell' predicted the future of cybersecurity 30 years ago | TechCrunch
The story of the Ghost in the Shell’s main villain the Puppet Master hinted at a future where governments use hackers for espionage, at a time when most of the world had never connected to the interne...
techcrunch.com
November 19, 2025 at 10:04 PM
NEW: The classic anime "Ghost in the Shell" turned 30 years old this week.
Despite coming out at the dawn of the internet, it was incredibly prescient in terms of imaginig a future where governments use hackers for espionage, people use malware to spy on their loved ones, and much much more.
Despite coming out at the dawn of the internet, it was incredibly prescient in terms of imaginig a future where governments use hackers for espionage, people use malware to spy on their loved ones, and much much more.
Reposted by Zack Whittaker
I am afraid I convinced @zackwhittaker.com to let me write about anime. Stay tuned.
November 18, 2025 at 11:35 PM
I am afraid I convinced @zackwhittaker.com to let me write about anime. Stay tuned.
New, by me: Protei, a Russian-founded telecoms provider and a supplier of surveillance and web monitoring technologies, was breached, its website defaced, and its servers raided.
"Another DPI/SORM provider bites the dust," read the company's defaced website.
"Another DPI/SORM provider bites the dust," read the company's defaced website.
Surveillance tech provider Protei was hacked, its data stolen and its website defaced | TechCrunch
The defacement of Protei's website said "another DPI/SORM provider bites the dust," apparently referring to the company selling its web intercept and surveillance products to phone and internet provid...
techcrunch.com
November 17, 2025 at 1:57 PM
New, by me: Protei, a Russian-founded telecoms provider and a supplier of surveillance and web monitoring technologies, was breached, its website defaced, and its servers raided.
"Another DPI/SORM provider bites the dust," read the company's defaced website.
"Another DPI/SORM provider bites the dust," read the company's defaced website.
And here is your latest edition of this.weekinsecurity.com, featuring stories including: Spyware maker NSO Group is now under U.S. ownership; EU considers weakening GDPR for AI; ClickFix attacks on the rise; U.S. agencies hacked via Cisco bugs, and much more.
🐈⬛ Plus a two-for-one cybercat special 🐈⬛
🐈⬛ Plus a two-for-one cybercat special 🐈⬛
this week in security — november 16 2025 edition
NSO Group now under U.S. ownership, EU considers weakening GDPR for AI, ClickFix attacks on the rise, U.S. agencies hacked via Cisco bugs, and more.
this.weekinsecurity.com
November 16, 2025 at 5:40 PM
And here is your latest edition of this.weekinsecurity.com, featuring stories including: Spyware maker NSO Group is now under U.S. ownership; EU considers weakening GDPR for AI; ClickFix attacks on the rise; U.S. agencies hacked via Cisco bugs, and much more.
🐈⬛ Plus a two-for-one cybercat special 🐈⬛
🐈⬛ Plus a two-for-one cybercat special 🐈⬛
Good morning! ☀️ There's still time to sign up for today's edition of my cyber newsletter this.weekinsecurity.com, which has all the news you need to know from the past week, the happy corner, and a new featured cyber-cat. 🐈⬛
Sign up (or RSS!) for the free newsletter, or $10/month for blogs & more.
Sign up (or RSS!) for the free newsletter, or $10/month for blogs & more.
~this week in security~
a weekly cybersecurity newsletter by Zack Whittaker, plus articles and more.
this.weekinsecurity.com
November 16, 2025 at 2:01 PM
Good morning! ☀️ There's still time to sign up for today's edition of my cyber newsletter this.weekinsecurity.com, which has all the news you need to know from the past week, the happy corner, and a new featured cyber-cat. 🐈⬛
Sign up (or RSS!) for the free newsletter, or $10/month for blogs & more.
Sign up (or RSS!) for the free newsletter, or $10/month for blogs & more.