Zack Whittaker
@zackwhittaker.com
Security editor, TechCrunch
Signal: zackwhittaker.1337
My stories: techcrunch.com/author/zack-whittaker
My newsletter/blog: this.weekinsecurity.com
Signal: zackwhittaker.1337
My stories: techcrunch.com/author/zack-whittaker
My newsletter/blog: this.weekinsecurity.com
Several web portals used by courts across the U.S. and Canada to manage potential jurors had a simple security flaw that exposed their personal data, including names, home addresses, and more.
Tyler said it's fixing the flaw after we alerted the company to the bug.
by @lorenzofb.bsky.social:
Tyler said it's fixing the flaw after we alerted the company to the bug.
by @lorenzofb.bsky.social:
Bug in jury systems used by several US states exposed sensitive personal data | TechCrunch
An easy-to-exploit vulnerability in a jury system made by Tyler Technologies exposed the personally identifiable data of jurors, including names, home addresses, emails, and phone numbers.
techcrunch.com
November 26, 2025 at 6:13 PM
Several web portals used by courts across the U.S. and Canada to manage potential jurors had a simple security flaw that exposed their personal data, including names, home addresses, and more.
Tyler said it's fixing the flaw after we alerted the company to the bug.
by @lorenzofb.bsky.social:
Tyler said it's fixing the flaw after we alerted the company to the bug.
by @lorenzofb.bsky.social:
Brian Krebs identified the real-world identity of Rey, a key administrator of Scattered Lapsus$ Hunters, a hacking group blamed for dozens of high profile hacks.
The hacker, identified as a Jordanian teenager, agreed to be interviewed after Krebs tracked him down and contacted his father.
The hacker, identified as a Jordanian teenager, agreed to be interviewed after Krebs tracked him down and contacted his father.
Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’
A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the ...
krebsonsecurity.com
November 26, 2025 at 5:50 PM
Brian Krebs identified the real-world identity of Rey, a key administrator of Scattered Lapsus$ Hunters, a hacking group blamed for dozens of high profile hacks.
The hacker, identified as a Jordanian teenager, agreed to be interviewed after Krebs tracked him down and contacted his father.
The hacker, identified as a Jordanian teenager, agreed to be interviewed after Krebs tracked him down and contacted his father.
Reposted by Zack Whittaker
this.weekinsecurity.com/banning-tp-l...
While @zackwhittaker.com notes that the WSJ covered this story as far back as December 2024, I covered it three months earlier in September 2024 when the rumblings of a ban began, based on zero evidence.
www.csoonline.com/article/3504...
While @zackwhittaker.com notes that the WSJ covered this story as far back as December 2024, I covered it three months earlier in September 2024 when the rumblings of a ban began, based on zero evidence.
www.csoonline.com/article/3504...
Banning TP-Link won't save America from its own terrible cybersecurity
TP-Link routers face a ban in the U.S. over the company's alleged links to China, but shoddy cybersecurity is the real insider threat to the United States.
this.weekinsecurity.com
November 26, 2025 at 1:50 PM
this.weekinsecurity.com/banning-tp-l...
While @zackwhittaker.com notes that the WSJ covered this story as far back as December 2024, I covered it three months earlier in September 2024 when the rumblings of a ban began, based on zero evidence.
www.csoonline.com/article/3504...
While @zackwhittaker.com notes that the WSJ covered this story as far back as December 2024, I covered it three months earlier in September 2024 when the rumblings of a ban began, based on zero evidence.
www.csoonline.com/article/3504...
Reposted by Zack Whittaker
NEW: A trivial-to-exploit bug in jury systems used across the United States exposed jurors' sensitive personal data, such as full names, date of birth, emails, cell phone numbers, and home addresses — and potentially health data.
The bug allowed anyone to brute-force and access jurors' accounts.
The bug allowed anyone to brute-force and access jurors' accounts.
Bug in jury systems used by several US states exposed sensitive personal data | TechCrunch
An easy-to-exploit vulnerability in a jury system made by Tyler Technologies exposed the personally identifiable data of jurors, including names, home addresses, emails, and phone numbers.
techcrunch.com
November 26, 2025 at 4:18 PM
NEW: A trivial-to-exploit bug in jury systems used across the United States exposed jurors' sensitive personal data, such as full names, date of birth, emails, cell phone numbers, and home addresses — and potentially health data.
The bug allowed anyone to brute-force and access jurors' accounts.
The bug allowed anyone to brute-force and access jurors' accounts.
New, by me at this.weekinsecurity.com: Router maker TP-Link faces a potential U.S.-wide ban over its alleged links to China.
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
Banning TP-Link won't save America from its own terrible cybersecurity
TP-Link routers face a ban in the U.S. over the company's alleged links to China, but shoddy cybersecurity is the real insider threat to the United States.
this.weekinsecurity.com
November 26, 2025 at 1:27 PM
New, by me at this.weekinsecurity.com: Router maker TP-Link faces a potential U.S.-wide ban over its alleged links to China.
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
Reposted by Zack Whittaker
“A liability model would push the cost currently borne by society back onto the companies themselves, rather than allow those companies to profit from the systemic risks their insecure products disburse throughout society.”
👏
👏
Software companies must be held liable for British economic security, say MPs
via @alexmartin.bsky.social & @therecordmedia.bsky.social
via @alexmartin.bsky.social & @therecordmedia.bsky.social
Software companies must be held liable for British economic security, say MPs
A lack of liability for software vendors is putting Britain’s economic and national security at risk, an influential committee of lawmakers warned on Monday.
therecord.media
November 25, 2025 at 1:13 PM
“A liability model would push the cost currently borne by society back onto the companies themselves, rather than allow those companies to profit from the systemic risks their insecure products disburse throughout society.”
👏
👏
My partner sometimes sends me links for my cyber newsletter, this.weekinsecurity.com.
Today she sent me this story (forgive the link) about a leaked recording of Campbell's CISO allegedly criticizing his company's own food, with the comment, simply: "Cyber soup-curity," followed by, "C.I.S.Oh no."
Today she sent me this story (forgive the link) about a leaked recording of Campbell's CISO allegedly criticizing his company's own food, with the comment, simply: "Cyber soup-curity," followed by, "C.I.S.Oh no."
Leaked audio reveals Campbell's VP's remarks about soup's ingredients
A leaked recording from a former staffer has sparked chaos for Campbell Soup, claiming to show a company VP trash-talking the brand's own products and the people who buy them.
www.dailymail.co.uk
November 25, 2025 at 1:43 AM
My partner sometimes sends me links for my cyber newsletter, this.weekinsecurity.com.
Today she sent me this story (forgive the link) about a leaked recording of Campbell's CISO allegedly criticizing his company's own food, with the comment, simply: "Cyber soup-curity," followed by, "C.I.S.Oh no."
Today she sent me this story (forgive the link) about a leaked recording of Campbell's CISO allegedly criticizing his company's own food, with the comment, simply: "Cyber soup-curity," followed by, "C.I.S.Oh no."
Reposted by Zack Whittaker
This piece also offers a generous (3000 word) intro that explains what NVIDIA is, how it got so big, how "building data centers" is a very difficult and complex thing, and why the entire future comes down to how long private debt can afford to keep buying GPUs.
Premium: This is The Hater's Guide To NVIDIA: A 14k word guide to how NVIDIA makes its money, how millions of Blackwell GPUs have been sold with nowhere for them to be installed, and how NVIDIA's future relies on companies raising hundreds of billions in debt.
www.wheresyoured.at/the-haters-g...
www.wheresyoured.at/the-haters-g...
The Hater's Guide To NVIDIA
This piece has a generous 3000+ word introduction, because I want as many people to understand NVIDIA as possible. The (thousands of) words after the premium break get into arduous detail, but I’ve wr...
www.wheresyoured.at
November 24, 2025 at 5:19 PM
This piece also offers a generous (3000 word) intro that explains what NVIDIA is, how it got so big, how "building data centers" is a very difficult and complex thing, and why the entire future comes down to how long private debt can afford to keep buying GPUs.
Reposted by Zack Whittaker
Cybersecurity is bad enough without the clout-chasers and marketers trying to scare everyone. Very glad to see a concerted effort to kill the myths and focus people on what can actually make you safer. www.hacklore.org/letter
The Letter — Stop Hacklore!
www.hacklore.org
November 24, 2025 at 4:58 PM
Cybersecurity is bad enough without the clout-chasers and marketers trying to scare everyone. Very glad to see a concerted effort to kill the myths and focus people on what can actually make you safer. www.hacklore.org/letter
Reposted by Zack Whittaker
📢 Announcing hacklore.org 📢
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
Stop Hacklore!
hacklore.org
November 24, 2025 at 3:05 PM
📢 Announcing hacklore.org 📢
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
NEW: U.S. banking giants and mortgage lenders are scrambling to figure out how much of their customers' non-public banking data was stolen during a cyberattack on a financial tech firm earlier this month.
Customers of at least JPMorgan Chase, Citigroup, and Morgan Stanley are said to be affected.
Customers of at least JPMorgan Chase, Citigroup, and Morgan Stanley are said to be affected.
US banks scramble to assess data theft after hackers breach financial tech firm | TechCrunch
U.S. banking giants including JPMorgan Chase, Citi, and Morgan Stanley are working to identify what data was stolen in a recent cyberattack on a New York financial firm.
techcrunch.com
November 24, 2025 at 2:23 PM
NEW: U.S. banking giants and mortgage lenders are scrambling to figure out how much of their customers' non-public banking data was stolen during a cyberattack on a financial tech firm earlier this month.
Customers of at least JPMorgan Chase, Citigroup, and Morgan Stanley are said to be affected.
Customers of at least JPMorgan Chase, Citigroup, and Morgan Stanley are said to be affected.
Reposted by Zack Whittaker
My weekly cybersecurity newsletter this.weekinsecurity.com is now out, featuring stories on Gainsight's breach affecting 200 companies; airlines to stop selling flight records to the U.S. government; bank data stolen in SitusAMC hack; DoorDash data breach; Border Patrol's hidden cameras, and more.
this week in security — november 23 2025 edition
Gainsight breach hits 200 companies; airlines to stop selling ticket data to the government; bank data stolen in SitusAMC hack; DoorDash breach, and more.
this.weekinsecurity.com
November 23, 2025 at 4:21 PM
My weekly cybersecurity newsletter this.weekinsecurity.com is now out, featuring stories on Gainsight's breach affecting 200 companies; airlines to stop selling flight records to the U.S. government; bank data stolen in SitusAMC hack; DoorDash data breach; Border Patrol's hidden cameras, and more.
My weekly cybersecurity newsletter this.weekinsecurity.com is now out, featuring stories on Gainsight's breach affecting 200 companies; airlines to stop selling flight records to the U.S. government; bank data stolen in SitusAMC hack; DoorDash data breach; Border Patrol's hidden cameras, and more.
this week in security — november 23 2025 edition
Gainsight breach hits 200 companies; airlines to stop selling ticket data to the government; bank data stolen in SitusAMC hack; DoorDash breach, and more.
this.weekinsecurity.com
November 23, 2025 at 4:21 PM
My weekly cybersecurity newsletter this.weekinsecurity.com is now out, featuring stories on Gainsight's breach affecting 200 companies; airlines to stop selling flight records to the U.S. government; bank data stolen in SitusAMC hack; DoorDash data breach; Border Patrol's hidden cameras, and more.
Reposted by Zack Whittaker
every week just gets weirder tbh
November 21, 2025 at 11:09 PM
every week just gets weirder tbh
Reposted by Zack Whittaker
Important story: The very wealthiest people in America are playing an ever more important role in financing America’s elections — and potentially determining their outcome.
We spent a year investigating billionaires for @washingtonpost.com.
We found: the wealthiest 100 Americans gave $1.1 billion to influence the 2024 elections — 140x more than they did in 2000. And almost all of that giving boosted Republicans.
washingtonpost.com/politics/int...
We found: the wealthiest 100 Americans gave $1.1 billion to influence the 2024 elections — 140x more than they did in 2000. And almost all of that giving boosted Republicans.
washingtonpost.com/politics/int...
November 21, 2025 at 6:49 PM
Important story: The very wealthiest people in America are playing an ever more important role in financing America’s elections — and potentially determining their outcome.
A spox for the ShinyHunters group told @lorenzofb.bsky.social that Gainsight "was a customer of Salesloft Drift, they were affected and therefore compromised entirely by us."
So far, these hackers have breached hundreds of companies simply by targeting Salesloft and Gainsight alone.
So far, these hackers have breached hundreds of companies simply by targeting Salesloft and Gainsight alone.
NEW: Google says the new wave of supply chain attacks by Scattered Lapsus$ Hunters impacted more than 200 companies' Salesforce-stored data.
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Google says hackers stole data from 200 companies following Gainsight breach | TechCrunch
Notorious hacking collective ShinyHunters takes credit for the breach that affected Salesforce customers’ data, and said it is planning another extortion campaign.
techcrunch.com
November 21, 2025 at 7:41 PM
A spox for the ShinyHunters group told @lorenzofb.bsky.social that Gainsight "was a customer of Salesloft Drift, they were affected and therefore compromised entirely by us."
So far, these hackers have breached hundreds of companies simply by targeting Salesloft and Gainsight alone.
So far, these hackers have breached hundreds of companies simply by targeting Salesloft and Gainsight alone.
New, by me and @lorenzofb.bsky.social: CrowdStrike has confirmed it fired a "suspicious insider" who passed screenshots of company systems to a prolific hacking group — which then went on to post them publicly.
CrowdStrike fires 'suspicious insider' who passed information to hackers | TechCrunch
Cybersecurity giant CrowdStrike denied it had been hacked following claims from a hacker group, which leaked screenshots from inside CrowdStrike's network.
techcrunch.com
November 21, 2025 at 7:11 PM
New, by me and @lorenzofb.bsky.social: CrowdStrike has confirmed it fired a "suspicious insider" who passed screenshots of company systems to a prolific hacking group — which then went on to post them publicly.
Reposted by Zack Whittaker
NEW: Google says the new wave of supply chain attacks by Scattered Lapsus$ Hunters impacted more than 200 companies' Salesforce-stored data.
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Google says hackers stole data from 200 companies following Gainsight breach | TechCrunch
Notorious hacking collective ShinyHunters takes credit for the breach that affected Salesforce customers’ data, and said it is planning another extortion campaign.
techcrunch.com
November 21, 2025 at 6:34 PM
NEW: Google says the new wave of supply chain attacks by Scattered Lapsus$ Hunters impacted more than 200 companies' Salesforce-stored data.
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.
Malwarebytes said is investigating. CrowdStrike said company is "not affected."
The next time a major U.S. phone or internet company gets hacked and customer data stolen — and it will, since it's happened a LOT in recent years — at least we know who we can blame for it.
Despite Chinese hacks, Trump's FCC votes to scrap cybersecurity rules for phone and internet companies | TechCrunch
Two Trump-appointed FCC officials voted to undo the telecom industry's cybersecurity rules. One Democratic commissioner dissented, saying the decision leaves the United States "less safe" at a time wh...
techcrunch.com
November 21, 2025 at 3:23 PM
The next time a major U.S. phone or internet company gets hacked and customer data stolen — and it will, since it's happened a LOT in recent years — at least we know who we can blame for it.
Reposted by Zack Whittaker
Did Capita have a ransomware response that “will go down as a case history for how to deal with a sophisticated cyberattack”, as their CEO claimed? I take a look. doublepulsar.com/what-organis...
What organisations can learn from the record breaking fine over Capita’s ransomware incident
No, a Nessus vulnerability scan isn’t good enough.
doublepulsar.com
November 21, 2025 at 12:54 PM
Did Capita have a ransomware response that “will go down as a case history for how to deal with a sophisticated cyberattack”, as their CEO claimed? I take a look. doublepulsar.com/what-organis...
Reposted by Zack Whittaker
Pachinko found the windows with the heat vents. Ideal setting for bird watching.
November 21, 2025 at 3:45 AM
Pachinko found the windows with the heat vents. Ideal setting for bird watching.
Reposted by Zack Whittaker
Just saw an extended version
November 20, 2025 at 11:26 PM
Just saw an extended version
NEW: Salesforce says it's investigating a breach of customers' data after hackers targeted Gainsight, a company that sells a platform for other companies to manage their customers.
It looks like a near-repeat shituation to that of the Salesloft mass-breaches earlier this year.
It looks like a near-repeat shituation to that of the Salesloft mass-breaches earlier this year.
Salesforce says some of its customers' data was accessed after Gainsight breach | TechCrunch
Salesforce said it’s investigating an incident where hackers compromised some of its customers' data after breaching customer experience company Gainsight.
techcrunch.com
November 20, 2025 at 7:42 PM
NEW: Salesforce says it's investigating a breach of customers' data after hackers targeted Gainsight, a company that sells a platform for other companies to manage their customers.
It looks like a near-repeat shituation to that of the Salesloft mass-breaches earlier this year.
It looks like a near-repeat shituation to that of the Salesloft mass-breaches earlier this year.
Reposted by Zack Whittaker
AP finds a secretive Border Patrol intelligence program detains Americans for “suspicious” travel. Critics call it mass surveillance.
Border Patrol is monitoring US drivers and detaining those with 'suspicious' travel patterns
The U.S. Border Patrol is monitoring millions of American drivers nationwide in a secretive program to identify and detain people whose travel patterns it deems suspicious.
bit.ly
November 20, 2025 at 2:00 PM
AP finds a secretive Border Patrol intelligence program detains Americans for “suspicious” travel. Critics call it mass surveillance.
I know absolutely nothing about anime or manga, but really enjoyed this latest story by @lorenzofb.bsky.social; it's fascinating that this comic from 30 years ago — predating the modern Web — got so much right about cybersecurity today.
How the classic anime 'Ghost in the Shell' predicted the future of cybersecurity 30 years ago | TechCrunch
The story of Ghost in the Shell’s main villain the Puppet Master hinted at a future where governments use hackers for espionage, at a time when most of the world had never connected to the internet.
techcrunch.com
November 20, 2025 at 1:48 AM
I know absolutely nothing about anime or manga, but really enjoyed this latest story by @lorenzofb.bsky.social; it's fascinating that this comic from 30 years ago — predating the modern Web — got so much right about cybersecurity today.