Zack Whittaker
@zackwhittaker.com
Security editor, TechCrunch
Signal: zackwhittaker.1337
My stories: techcrunch.com/author/zack-whittaker
My newsletter/blog: this.weekinsecurity.com
Signal: zackwhittaker.1337
My stories: techcrunch.com/author/zack-whittaker
My newsletter/blog: this.weekinsecurity.com
My latest edition of this.weekinsecurity.com, your weekly digest of all the most important cybersecurity news, is out. Featuring: US spyware founder pleads guilty; New Zealand health data breach; ICE use data tools to snoop on phones; hackers sending ragebait emails, and more. Plus, a new cybercat.🐈⬛
this week in security — january 11 2026 edition
pcTattletale founder guilty, hackers breach New Zealanders' health data, Iran cuts off internet amid protests, Instagram data leak, Flock security lapse, and more.
this.weekinsecurity.com
January 12, 2026 at 12:05 AM
My latest edition of this.weekinsecurity.com, your weekly digest of all the most important cybersecurity news, is out. Featuring: US spyware founder pleads guilty; New Zealand health data breach; ICE use data tools to snoop on phones; hackers sending ragebait emails, and more. Plus, a new cybercat.🐈⬛
Reposted by Zack Whittaker
Hey I wrote a long thing about taking control of what you read. If you want to read it, it's at shostack.org/blog/take-co...
I don't feel like spending time writing a 300 character summary of it.
I don't feel like spending time writing a 300 character summary of it.
Shostack + Friends Blog > Take Control of What you Read, Redux
In 2026, it’s more important than ever to take control of what you read
shostack.org
January 11, 2026 at 5:56 PM
Hey I wrote a long thing about taking control of what you read. If you want to read it, it's at shostack.org/blog/take-co...
I don't feel like spending time writing a 300 character summary of it.
I don't feel like spending time writing a 300 character summary of it.
this.weekinsecurity.com is my weekly newsletter (and blog) that includes all the cyber news you need to know from the week, good news you might've missed, and much more. Plus, a reader-submitted cyber cat every edition.
No email open/link tracking! Out Sundays.
Sign up/RSS for today's edition:
No email open/link tracking! Out Sundays.
Sign up/RSS for today's edition:
~this week in security~
a weekly cybersecurity newsletter by Zack Whittaker, plus articles and more.
this.weekinsecurity.com
January 11, 2026 at 4:53 PM
this.weekinsecurity.com is my weekly newsletter (and blog) that includes all the cyber news you need to know from the week, good news you might've missed, and much more. Plus, a reader-submitted cyber cat every edition.
No email open/link tracking! Out Sundays.
Sign up/RSS for today's edition:
No email open/link tracking! Out Sundays.
Sign up/RSS for today's edition:
By me at this.weekinsecurity.com: ClickFix attacks are on the rise. By spoofing Windows crashes, CAPTCHAS, and Apple logins, all try to trick you into pasting malicious code into your computer.
In this blog, I explain how ClickFix attacks work, what to look for (with pictures!), & how to stay safe.
In this blog, I explain how ClickFix attacks work, what to look for (with pictures!), & how to stay safe.
ClickFix attacks are increasingly devious, dangerous, and can hack you in an instant
These attacks spoof Windows errors, CAPTCHAs, and real login pages to trick victims into hacking themselves with malware that skirts common cyber defenses.
this.weekinsecurity.com
January 9, 2026 at 1:55 PM
By me at this.weekinsecurity.com: ClickFix attacks are on the rise. By spoofing Windows crashes, CAPTCHAS, and Apple logins, all try to trick you into pasting malicious code into your computer.
In this blog, I explain how ClickFix attacks work, what to look for (with pictures!), & how to stay safe.
In this blog, I explain how ClickFix attacks work, what to look for (with pictures!), & how to stay safe.
I very much appreciated this essay by @sarahjeong.bsky.social this morning. It's a reminder that reality and truth still matters, even in the face of blatant and brazen lies.
People are fighting for the truth in Minneapolis
Ordinary civilians aren’t playing along with Trump
www.theverge.com
January 9, 2026 at 1:32 PM
I very much appreciated this essay by @sarahjeong.bsky.social this morning. It's a reminder that reality and truth still matters, even in the face of blatant and brazen lies.
Reposted by Zack Whittaker
The evidence is increasingly pointing to the probability that an ICE agent killed a woman after misreading her as a threat because he was distracted by his simultaneous effort to record her so he could upload her image to a facial recognition database.
We've analysed this video of the shooting of Renee Nicole Good yesterday in Minneapolis frame-by-frame to highlight the positioning of the gun and phone in the ICE agent's hands.
Video: @minnesotareformer.com with annotations by Bellingcat
Video: @minnesotareformer.com with annotations by Bellingcat
January 9, 2026 at 1:19 PM
The evidence is increasingly pointing to the probability that an ICE agent killed a woman after misreading her as a threat because he was distracted by his simultaneous effort to record her so he could upload her image to a facial recognition database.
Struggling to get my head around the utter fecklessness and spinelessness of world leaders' inability to stand up to Trump, Musk, Big Tech, or frankly anyone of ostensible power.
Keir Starmer's spokesman says X limiting deep fake images to paid users "simply turns a feature that allows the creation of unlawful images into a premium service. It's not a solution.. it's insulting the victims of misogyny and sexual violence."
Still won't commit to a ban or to stop posting there
Still won't commit to a ban or to stop posting there
January 9, 2026 at 1:19 PM
Struggling to get my head around the utter fecklessness and spinelessness of world leaders' inability to stand up to Trump, Musk, Big Tech, or frankly anyone of ostensible power.
Big fan of courtwatch.news.
The first two ¶¶s of @seamushughes.bsky.social's Courtwatch today.
www.courtwatch.news/p/158-the-ex...
www.courtwatch.news/p/158-the-ex...
January 9, 2026 at 1:07 PM
Big fan of courtwatch.news.
ClickFix attacks are on the rise, increasingly dangerous and devious, and can get you hacked in a flash.
In this long-read for this.weekinsecurity.com, I explain what you should know about how ClickFix hacks work (+ examples!), why they're so dangerous, and what you can do to avoid these attacks.
In this long-read for this.weekinsecurity.com, I explain what you should know about how ClickFix hacks work (+ examples!), why they're so dangerous, and what you can do to avoid these attacks.
ClickFix attacks are increasingly devious, dangerous, and can get you hacked in an instant
These attacks spoof Windows errors, CAPTCHAs, and real login pages to trick victims into hacking themselves with malware that skirts common cyber defenses.
this.weekinsecurity.com
January 8, 2026 at 11:05 PM
ClickFix attacks are on the rise, increasingly dangerous and devious, and can get you hacked in a flash.
In this long-read for this.weekinsecurity.com, I explain what you should know about how ClickFix hacks work (+ examples!), why they're so dangerous, and what you can do to avoid these attacks.
In this long-read for this.weekinsecurity.com, I explain what you should know about how ClickFix hacks work (+ examples!), why they're so dangerous, and what you can do to avoid these attacks.
Reposted by Zack Whittaker
Apple and Google have previously removed apps providing nudify services from their app stores.
So why havent they taken action against X and Grok?
@carolinehaskins.bsky.social reports
So why havent they taken action against X and Grok?
@carolinehaskins.bsky.social reports
Why Are Grok and X Still Available in App Stores?
Elon Musk’s chatbot has been used to generate thousands of sexualized images of adults and apparent minors. Apple and Google have removed other “nudify” apps—but continue to host X and Grok.
www.wired.com
January 8, 2026 at 8:38 PM
Apple and Google have previously removed apps providing nudify services from their app stores.
So why havent they taken action against X and Grok?
@carolinehaskins.bsky.social reports
So why havent they taken action against X and Grok?
@carolinehaskins.bsky.social reports
Reposted by Zack Whittaker
NEW: NSO Group has released a transparency report that is even less transparent than its own previous transparency reports, as it contains no data or information on customers at all.
Experts say the report is just an attempt to appease and push the U.S. government to be removed from a blocklist.
Experts say the report is just an attempt to appease and push the U.S. government to be removed from a blocklist.
Critics pan spyware maker NSO's transparency claims amid its push to enter US market | TechCrunch
The infamous spyware maker released a new transparency report claiming to be a responsible spyware maker, without providing insight into how the company dealt with problematic customers in the past.
techcrunch.com
January 8, 2026 at 7:17 PM
NEW: NSO Group has released a transparency report that is even less transparent than its own previous transparency reports, as it contains no data or information on customers at all.
Experts say the report is just an attempt to appease and push the U.S. government to be removed from a blocklist.
Experts say the report is just an attempt to appease and push the U.S. government to be removed from a blocklist.
Reposted by Zack Whittaker
For those keeping score, Bellingcat, The New York Times Visual Investigation Team, & Washington Post's Visual Forensic team have all published analysis showing the ICE shooter wasn't in the path of Renee Nicole Good’s vehicle when he shot her, contradicting statements by the President & his cronies
January 8, 2026 at 3:35 PM
For those keeping score, Bellingcat, The New York Times Visual Investigation Team, & Washington Post's Visual Forensic team have all published analysis showing the ICE shooter wasn't in the path of Renee Nicole Good’s vehicle when he shot her, contradicting statements by the President & his cronies
Reposted by Zack Whittaker
NEW: The internet in Iran is nearly completely shut down, according to internet monitoring firms.
The blackout comes in the midst of countrywide protests that have lasted for days after spikes in prices and shortages of basic goods. The govenrment has responded with a violent crackdown.
The blackout comes in the midst of countrywide protests that have lasted for days after spikes in prices and shortages of basic goods. The govenrment has responded with a violent crackdown.
Internet collapses in Iran amid protests over economic crisis | TechCrunch
Internet monitoring firms and experts say Iran’s internet has almost completely shut down, as protests spread through major cities.
techcrunch.com
January 8, 2026 at 6:36 PM
NEW: The internet in Iran is nearly completely shut down, according to internet monitoring firms.
The blackout comes in the midst of countrywide protests that have lasted for days after spikes in prices and shortages of basic goods. The govenrment has responded with a violent crackdown.
The blackout comes in the midst of countrywide protests that have lasted for days after spikes in prices and shortages of basic goods. The govenrment has responded with a violent crackdown.
Reposted by Zack Whittaker
The New York Times states it plainly in display type:
Videos Contradict Trump Administration Account of ICE Shooting in Minneapolis
Videos Contradict Trump Administration Account of ICE Shooting in Minneapolis
Video: Videos Contradict Trump Administration Account of ICE Shooting in Minneapolis
An analysis of footage from three camera angles shows that the motorist was driving away from — not toward — a federal officer when he opened fire.
www.nytimes.com
January 8, 2026 at 12:40 PM
The New York Times states it plainly in display type:
Videos Contradict Trump Administration Account of ICE Shooting in Minneapolis
Videos Contradict Trump Administration Account of ICE Shooting in Minneapolis
Reposted by Zack Whittaker
Reposted by Zack Whittaker
People are already in the streets after an ICE agent shot a woman in her vehicle in Minneapolis today. Here are some @wired.com tips for protecting yourself from your government. www.wired.com/story/how-to...
How to Protest Safely in the Age of Surveillance
Law enforcement has more tools than ever to track your movements and access your communications. Here’s how to protect your privacy if you plan to protest.
www.wired.com
January 8, 2026 at 2:26 AM
People are already in the streets after an ICE agent shot a woman in her vehicle in Minneapolis today. Here are some @wired.com tips for protecting yourself from your government. www.wired.com/story/how-to...
Reposted by Zack Whittaker
Silicon Valley’s alliance with Donald Trump was a mask off moment and showed the world we can’t depend on US tech companies.
For the past few months, I’ve been trying to get off US tech and I put together a guide so you find alternatives too. I hope you find it helpful!
For the past few months, I’ve been trying to get off US tech and I put together a guide so you find alternatives too. I hope you find it helpful!
Getting off US tech: a guide
I’m in the process of dropping US tech services. Here’s how I did it, and options you should consider.
www.disconnect.blog
July 18, 2025 at 4:17 PM
Silicon Valley’s alliance with Donald Trump was a mask off moment and showed the world we can’t depend on US tech companies.
For the past few months, I’ve been trying to get off US tech and I put together a guide so you find alternatives too. I hope you find it helpful!
For the past few months, I’ve been trying to get off US tech and I put together a guide so you find alternatives too. I hope you find it helpful!
Reposted by Zack Whittaker
NEWS: In a heartbreaking video, after ICE shot and killed a woman in Minneapolis, a woman who was in the same SUV cries out: “They killed my wife. I don’t know what to do."
“We stopped to videotape, and they shot her in the head,” the distraught woman sobs.
www.advocate.com/news/minneso...
“We stopped to videotape, and they shot her in the head,” the distraught woman sobs.
www.advocate.com/news/minneso...
Distraught woman says ICE killed her wife in video after deadly Minneapolis shooting
“They killed my wife,” the distraught woman says, adding, “They shot her in the head.”
www.advocate.com
January 7, 2026 at 8:55 PM
NEWS: In a heartbreaking video, after ICE shot and killed a woman in Minneapolis, a woman who was in the same SUV cries out: “They killed my wife. I don’t know what to do."
“We stopped to videotape, and they shot her in the head,” the distraught woman sobs.
www.advocate.com/news/minneso...
“We stopped to videotape, and they shot her in the head,” the distraught woman sobs.
www.advocate.com/news/minneso...
This is a powerful account and important read on the terror of being detained by ICE during a 'Kavanaugh stop'.
@marisakabas.bsky.social spoke with one Maryland man (originally from Colombia) who was released after several weeks in custody.
@marisakabas.bsky.social spoke with one Maryland man (originally from Colombia) who was released after several weeks in custody.
The hell of being a target of a ‘Kavanaugh stop’
A Maryland man from Colombia describes his journey from detainment to incarceration—and miraculous freedom.
www.thehandbasket.co
January 7, 2026 at 2:11 PM
This is a powerful account and important read on the terror of being detained by ICE during a 'Kavanaugh stop'.
@marisakabas.bsky.social spoke with one Maryland man (originally from Colombia) who was released after several weeks in custody.
@marisakabas.bsky.social spoke with one Maryland man (originally from Colombia) who was released after several weeks in custody.
Mac users found their Logitech mice stopped working because someone at Logitech forgot to renew an expired app certificate.
*pinches bridge of nose and sighs loudly for the rest of time*
*pinches bridge of nose and sighs loudly for the rest of time*
Logitech caused its mice to freak out by not renewing a certificate
That’s one heck of an oversight.
www.theverge.com
January 7, 2026 at 1:44 PM
Mac users found their Logitech mice stopped working because someone at Logitech forgot to renew an expired app certificate.
*pinches bridge of nose and sighs loudly for the rest of time*
*pinches bridge of nose and sighs loudly for the rest of time*
Reposted by Zack Whittaker
genuinely like the global diplomatic machine is totally attuned to appeasing one weird guy and everyone is just sort of used to it rn?
January 7, 2026 at 2:31 AM
genuinely like the global diplomatic machine is totally attuned to appeasing one weird guy and everyone is just sort of used to it rn?
Reposted by Zack Whittaker
This could set a precedent for more prosecutions of stalkerware makers. Unfortunately the problem is that many of these companies are run from outside of the United States. Also the key, I think, is to show that they are specifically marketing their products to spy on adults without their consent.
NEW, by me: Bryan Fleming, the Michigan-based founder of spyware maker pcTattletale, pleaded guilty in federal court to hacking & advertising surveillance software Tuesday.
ICE/HSI brought the case. It's the DOJ's first federal successful prosecution of a stalkerware operator in over a decade.
ICE/HSI brought the case. It's the DOJ's first federal successful prosecution of a stalkerware operator in over a decade.
Founder of spyware maker pcTattletale pleads guilty to hacking and advertising surveillance software | TechCrunch
Bryan Fleming, the founder of hacked stalkerware company pcTattletale, pleaded guilty to federal charges linked to the running of his now-defunct Michigan-based spyware company.
techcrunch.com
January 6, 2026 at 7:52 PM
This could set a precedent for more prosecutions of stalkerware makers. Unfortunately the problem is that many of these companies are run from outside of the United States. Also the key, I think, is to show that they are specifically marketing their products to spy on adults without their consent.
NEW, by me: Bryan Fleming, the Michigan-based founder of spyware maker pcTattletale, pleaded guilty in federal court to hacking & advertising surveillance software Tuesday.
ICE/HSI brought the case. It's the DOJ's first federal successful prosecution of a stalkerware operator in over a decade.
ICE/HSI brought the case. It's the DOJ's first federal successful prosecution of a stalkerware operator in over a decade.
Founder of spyware maker pcTattletale pleads guilty to hacking and advertising surveillance software | TechCrunch
Bryan Fleming, the founder of hacked stalkerware company pcTattletale, pleaded guilty to federal charges linked to the running of his now-defunct Michigan-based spyware company.
techcrunch.com
January 6, 2026 at 7:27 PM
NEW, by me: Bryan Fleming, the Michigan-based founder of spyware maker pcTattletale, pleaded guilty in federal court to hacking & advertising surveillance software Tuesday.
ICE/HSI brought the case. It's the DOJ's first federal successful prosecution of a stalkerware operator in over a decade.
ICE/HSI brought the case. It's the DOJ's first federal successful prosecution of a stalkerware operator in over a decade.
This is a great piece by @crimew.gay on SpyX, an Android and iPhone phone monitoring app (aka stalkerware) that had over 1.5M users. This blog also identifies its China-based operator, the founder of a tech company called Gbyte.
NEW BLOG POST: Gbyte leaks gigabytes of data - #FuckStalkerware pt. 8
the tale of a chinese stalkerware service with fully remote android spying, plus an MMO boosting service and patented ToS violations
maia.crimew.gay/posts/fuckst...
the tale of a chinese stalkerware service with fully remote android spying, plus an MMO boosting service and patented ToS violations
maia.crimew.gay/posts/fuckst...
January 6, 2026 at 6:31 PM
This is a great piece by @crimew.gay on SpyX, an Android and iPhone phone monitoring app (aka stalkerware) that had over 1.5M users. This blog also identifies its China-based operator, the founder of a tech company called Gbyte.
Reposted by Zack Whittaker
Today ICE is allowed to resume using Medicaid data in deportation cases. The transfer of Medicaid data to ICE was unprecedented and put on hold. It's now back. We've uploaded the data sharing agreement here: www.404media.co/here-is-the-...
Here is the Agreement Giving ICE Medicaid Patients' Data
On Tuesday, ICE was allowed to continue using Medicaid data in deportation cases.
www.404media.co
January 6, 2026 at 2:04 PM
Today ICE is allowed to resume using Medicaid data in deportation cases. The transfer of Medicaid data to ICE was unprecedented and put on hold. It's now back. We've uploaded the data sharing agreement here: www.404media.co/here-is-the-...