banner
zackwhittaker.com
Zack Whittaker
@zackwhittaker.com
15K followers 240 following 490 posts
Security editor, TechCrunch Signal: zackwhittaker.1337 My stories: techcrunch.com/author/zack-whittaker My weekly cyber newsletter: this.weekinsecurity.com
Posts Media Videos Starter Packs
zackwhittaker.com
Zack Whittaker @zackwhittaker.com · 5h
cat-in-the-middle attack
3
Reposted by Zack Whittaker
lorenzofb.bsky.social
Lorenzo Franceschi-Bicchierai @lorenzofb.bsky.social · 5h
Here's an updated list of all the technology ICE has in its arsenal to mass deport people.

We've added new sections on cell-site simulators and cellphone location data.

techcrunch.com/2025/10/08/h...
Here's the tech powering ICE's deportation crackdown  | TechCrunch
From phone spyware and facial recognition to phone unlocking technology and databases and more, this tech powers Trump's deportation machine.
techcrunch.com
1 21 22
zackwhittaker.com
Zack Whittaker @zackwhittaker.com · 6h
Exactly. Advanced persistent teenagers are one of the loudest and most disruptive threats today.
metacurity.com
Cynthia Brumfield @metacurity.com · 10h
Forget about nation-states for a moment: The top four items in today's Metacurity all deal with serious cybersecurity threats emanating from teen hackers.

Don't miss today's issue for the complete run-down of infosec developments you should know, including 1/5
www.metacurity.com/shinyhunters...
ShinyHunters threatens to release data stolen from dozens of Fortune 500 firms
Salesforce refuses to pay ShinyHunters ransom, Qantas braces for the release of its data, Two teens busted for Kido nurseries cyberattack, Qilin claims attack on Asahi, Chinese hackers infiltrated Wil...
www.metacurity.com
10
Reposted by Zack Whittaker
fredericl.bsky.social
Frederic Lardinois @fredericl.bsky.social · 7h
Got a tip last night that GitHub is moving all of its infra over to Azure. Ideally within the next year. It's such a priority for the company, with its own data center resource-constrained, that it will delay feature development to get that done ASAP. thenewstack.io/github-will-...
GitHub Will Prioritize Migrating to Azure Over Feature Development
GitHub is working on migrating all of its infrastructure to Azure, even though this means it'll have to delay some feature development.
thenewstack.io
1 4 10
Reposted by Zack Whittaker
edzitron.com
Ed Zitron @edzitron.com · 9h
Kind of pissed off now because I’ve now seen at least four different pieces that are just this but reworded lol but oh well if you want to know stuff early sign up for my premium
edzitron.com
Ed Zitron @edzitron.com · 12d
Premium newsletter: Based on my estimates and analysis, OpenAI needs one trillion dollars in the next four years to build 17GW of data centers and other commitments, with at least $500 billion needed for company operations. There is not enough capital to do this.

www.wheresyoured.at/openai-onetr...
OpenAI Needs A Trillion Dollars In The Next Four Years
Shortly before publishing this newsletter, I spoke with analyst Gil Luria, Managing Director and Analyst at D.A. Davidson, and asked him whether the capital was there to build the 17 Gigawatts of capa...
www.wheresyoured.at
7 41 390
Reposted by Zack Whittaker
metacurity.com
Cynthia Brumfield @metacurity.com · 1d
www.bloomberg.com/news/article...
Salesforce Tells Clients It Won’t Pay Hackers for Data Extortion
Salesforce Inc. told customers Tuesday that it won’t pay a ransom demand from a hacker who claimed to have stolen a large amount of client data and threatened to publish it, according to an email seen...
www.bloomberg.com
1 2
zackwhittaker.com
Zack Whittaker @zackwhittaker.com · 1d
Scoop, by @lorenzofb.bsky.social: A federal contract shows ICE spent $825,000 on vans equipped with fake cellphone towers known as cell-site simulators, which can be used to spy on nearby phones.
ICE bought vehicles equipped with fake cell towers to spy on phones  | TechCrunch
The federal contract shows ICE spent $825,000 on vans equipped with “cell-site simulators” which allow the real-world location tracking of nearby phones and their owners.
techcrunch.com
14 210 290
Reposted by Zack Whittaker
lorenzofb.bsky.social
Lorenzo Franceschi-Bicchierai @lorenzofb.bsky.social · 1d
NEW: ICE purchased custom-made vans from a company called TechOps Specialty Vehicles (TOSV) that are equipped with fake cellphone towers designed to spy on phones.

TOSV president said the company integrates the cell-site simulators into their vans, but does not manufacture the surveillance tool.
ICE bought vehicles equipped with fake cell towers to spy on phones  | TechCrunch
The federal contract shows ICE spent $825,000 on vans equipped with “cell-site simulators” which allow the real-world location tracking of nearby phones and their owners.
techcrunch.com
4 120 160
Reposted by Zack Whittaker
lorenzofb.bsky.social
Lorenzo Franceschi-Bicchierai @lorenzofb.bsky.social · 1d
NEW: Blockchain monitoring firm Elliptic says North Korean hackers have stolen more than $2 billion in crypto this year, an all-time record, with three more months to go.

The estimate is based on more than thirty hacks against crypto exchanges and also “high-net-worth individuals.”
North Korean hackers stole over $2 billion in crypto so far in 2025, researchers say | TechCrunch
Blockchain monitoring firm Elliptic said this year’s total is already an all-time record for the North Korean regime.
techcrunch.com
2 10 12
Reposted by Zack Whittaker
zackwhittaker.com
Zack Whittaker @zackwhittaker.com · 1d
The bug (known as an IDOR) was really easy to exploit, thanks to a lack of security checks. Anyone logged in to India's income tax dept's e-Filing system could've accessed the sensitive financial and personal information of anyone else.

The e-Filing system has over 135 million registered users. 🫠
Exclusive: Bug in India's income tax portal exposed taxpayers’ sensitive data
TechCrunch verified that the security bug in the Indian Income Tax Department's e-Filing portal exposed taxpayers' data to other users. The security researchers who found the flaw say the data leak is...
techcrunch.com
1 4
zackwhittaker.com
Zack Whittaker @zackwhittaker.com · 1d
The bug (known as an IDOR) was really easy to exploit, thanks to a lack of security checks. Anyone logged in to India's income tax dept's e-Filing system could've accessed the sensitive financial and personal information of anyone else.

The e-Filing system has over 135 million registered users. 🫠
Exclusive: Bug in India's income tax portal exposed taxpayers’ sensitive data
TechCrunch verified that the security bug in the Indian Income Tax Department's e-Filing portal exposed taxpayers' data to other users. The security researchers who found the flaw say the data leak is...
techcrunch.com
1 4
zackwhittaker.com
Zack Whittaker @zackwhittaker.com · 1d
SCOOP: India's income tax authority has fixed a major bug that was exposing taxpayers' sensitive data to any other signed-in user, according to the researchers who found it.

TechCrunch's @journalistjagmeet.com verified the data exposure by asking the researchers to check his own records.
Exclusive: Bug in India's income tax portal exposed taxpayers’ sensitive data
TechCrunch verified that the security bug in the Indian Income Tax Department's e-Filing portal exposed taxpayers' data to other users. The security researchers who found the flaw say the data leak is...
techcrunch.com
1 11 24
zackwhittaker.com
Zack Whittaker @zackwhittaker.com · 1d
Oracle is the same company tapped to store data on U.S. TikTok users, so... not a great look to have spilled a ton of executives' personal data.
Clop raid on Oracle EBS started months ago, say researchers
: Strap in, admins. Exploits began in August and now the code is out there
www.theregister.com
2 8 24
Reposted by Zack Whittaker
jasonkoebler.bsky.social
Jason Koebler @jasonkoebler.bsky.social · 1d
NEW: In May, a Texas police department said they used the powerful Flock surveillance network against a woman who had an abortion "for her safety"

Newly obtained court records show it was a 'death investigation,' and they considered charging her with a crime

www.404media.co/police-said-...
Police Said They Surveilled Woman Who Had an Abortion for Her 'Safety.' Court Records Show They Considered Charging Her With a Crime
Court records show that the narrative Flock and a Texas Sheriff's Office has told the public isn't the whole story, and that police were conducting a 'death investigation' into the abortion.
www.404media.co
30 750 1.4K
Reposted by Zack Whittaker
metacurity.com
Cynthia Brumfield @metacurity.com · 1d
Things are moving fast in cyber world, so don't miss today's Metacurity for the most critical developments you should know, including

--ShinyHunters is extorting Red Hat, LAPSUS$ teen in UK custody may be connected, 1/4
www.metacurity.com/shinyhunters...
ShinyHunters is extorting Red Hat, LAPSUS$ teen in UK custody may be connected
Jaguar Land Rover to resume production at some sites, Apple faces French probe over Siri recordings, SEC probes AppLovin's data collection practices, Google's CodeMender is a security Swiss army knife...
www.metacurity.com
1 1 4
Reposted by Zack Whittaker
andyjabbour.bsky.social
andy jabbour @andyjabbour.bsky.social · 2d
New from @lhn.bsky.social in @wired.com: Vibe Coding Is the New Open Source—in the Worst Way Possible; As developers increasingly lean on AI-generated code to build out their software... they risk introducing critical security failures along the way. www.wired.com/story/vibe-c... #cybersecurity
Vibe Coding Is the New Open Source—in the Worst Way Possible
As developers increasingly lean on AI-generated code to build out their software—as they have with open source in the past—they risk introducing critical security failures along the way.
www.wired.com
1 8 20
Reposted by Zack Whittaker
cyberscoop.bsky.social
CyberScoop @cyberscoop.bsky.social · 2d
Okta thwarted the supply-chain attack with security controls it had in place. Zscaler did not. Their experiences provide insights into the root of a much broader problem. via @mattkapko.com cyberscoop.com/okta-zscaler...
Security leaders at Okta and Zscaler share lessons from Salesloft Drift attacks
Okta thwarted the supply-chain attack with security controls it had in place. Zscaler did not. Their experiences provide insights into the root of a much broader problem.
cyberscoop.com
1 7 8
Reposted by Zack Whittaker
hypervisible.blacksky.app
Hypervisible @hypervisible.blacksky.app · 2d
“‘To ensure we have enough data, we are looking for videos of both real and staged events, to help train the Al what to be on the lookout for,’ the company wrote on its website.
‘You can even create events by pretending to be a thief and donate those events,’ the website reads.’” 💀
Anker offered Eufy camera owners $2 per video for AI training | TechCrunch
Hundreds of Eufy customers have donated hundreds of thousands of videos to train the company’s AI systems.
techcrunch.com
13 21 67
zackwhittaker.com
Zack Whittaker @zackwhittaker.com · 2d
"Somebody probably wants to check Thalha doesn’t have an Amazon Fire Stick if he’s still in custody."
doublepulsar.com
Kevin Beaumont @doublepulsar.com · 2d
I wrote up the Red Hat breach. doublepulsar.com/red-hat-cons...
Red Hat Consulting breach puts over 5000 high profile enterprise customers at risk — in detail
I look inside the breach of Red Hat.
doublepulsar.com
3 11
Reposted by Zack Whittaker
bencollins.bsky.social
Tim Onion @bencollins.bsky.social · 2d
Pretty clear Stephen Miller, Noem, Hegseth and Trump are trying to provoke a Civil War at this point. What's interesting is they want to do it now, because even though they're unpopular, they seem to believe this is the most popular they'll be ever again. We can't let them win.
governor.ca.gov
Governor Gavin Newsom @governor.ca.gov · 2d
This is a breathtaking abuse of the law and power by the President of the United States.

America is on the brink of martial law.

Do not be silent.
govpritzker.illinois.gov
Governor JB Pritzker @govpritzker.illinois.gov · 2d
This evening, President Trump is ordering 400 members of the Texas National Guard for deployments to Illinois, Oregon, and other locations within the United States. No officials from the federal government called me directly to discuss or coordinate.
240 3K 12K
Reposted by Zack Whittaker
techcrunch.com
TechCrunch @techcrunch.com · 2d
Oracle fixes another security flaw that Clop hackers were using to steal sensitive personal information about executives as part of a mass-extortion campaign.
Clop hackers caught exploiting Oracle zero-day bug to steal executives' personal data | TechCrunch
Oracle fixes another security flaw that Clop hackers were using to steal sensitive personal information about executives as part of a mass-extortion campaign.
techcrunch.com
8 19
Reposted by Zack Whittaker
zackwhittaker.com
Zack Whittaker @zackwhittaker.com · 4d
SCOOP by me & @amanda.omg.lol: Event planning app Partiful was not stripping precise location data from user-uploaded images, including profile photos.

Partiful fixed the bug at TechCrunch's request. The bug meant anyone using Partiful could've seen exactly where a person's profile photo was taken.
Exclusive: Event startup Partiful wasn't stripping GPS locations from user-uploaded photos
The event planning startup, which has raised over $27M from a16z and others, fixed the bug after TechCrunch found that Partiful was not removing granular location data from users' profile photos.
techcrunch.com
3 26 88
Reposted by Zack Whittaker
komadori.bsky.social
Robin Wilton 🇱🇧 @komadori.bsky.social · 3d
When a BBC reporter can do this, without privileged access to communications data, I find it hard to accept law enforcement's constant claim that they are "going dark" because of encrypted messaging. Encryption is not the main obstacle to effective law enforcement.
www.bbc.co.uk/news/article...
BBC tracks down sextortion scammer targeting teenage boys
The BBC challenges the scammers targeting teenagers like Evan Boettler, who took his own life just 90 minutes after being contacted.
www.bbc.co.uk
4 52 120
zackwhittaker.com
Zack Whittaker @zackwhittaker.com · 3d
My weekly cyber newsletter is out, with stories on ShinyHunters' leak site claiming 1B stolen records; how the US government shutdown hits cyber; a flood of data breaches, including Red Hat and Discord; EU's Chat Control, and more. Plus: two-for-one cybercats!

Sign up/RSS: this.weekinsecurity.com
this week in security — october 5 2025 edition
ShinyHunters claim 1 billion stolen Salesforce records, Clop extorting tech execs with data stolen from Oracle apps, U.S. government shutdown, and much more.
this.weekinsecurity.com
3 4
zackwhittaker.com
Zack Whittaker @zackwhittaker.com · 3d
New Windows wallpaper just dropped.
my cat, Theo, sprawled out asleep on a rug, with a stream of light passing over him as if to project a windows-style shadow.
1 1 30