Lorenzo Franceschi-Bicchierai
@lorenzofb.bsky.social
Real-time historian of the late cyber capitalist era @TechCrunch, writing about the intersection of hackers, human rights, and spies.
🍕, ⚽️, 🎸, 🎮 by night.
☎️ Signal: +1 917 257 1382
Past lives: VICE Motherboard, Mashable, WIRED.
🍕, ⚽️, 🎸, 🎮 by night.
☎️ Signal: +1 917 257 1382
Past lives: VICE Motherboard, Mashable, WIRED.
Pinned
Do you have any tips about cybersecurity, surveillance, spyware, zero-days...all things cyber?
Contact me here:
☎️ Signal: + 1 917 257 1382
📷Keybase/Telegram: lorenzofb
Contact me here:
☎️ Signal: + 1 917 257 1382
📷Keybase/Telegram: lorenzofb
NEW: I tried to explain why there are so many victims of spyware, despite the fact that its makers have been telling us for years that the tech is only intended to be used in limited cases.
There are several reasons, including how the spyware systems are designed, and how powerful they are.
There are several reasons, including how the spyware systems are designed, and how powerful they are.
Why a lot of people are getting hacked with government spyware | TechCrunch
Government surveillance vendors want us to believe their spyware products are only used in limited and targeted operations against terrorists and serious criminals. That claim is increasingly difficul...
techcrunch.com
November 10, 2025 at 2:16 PM
NEW: I tried to explain why there are so many victims of spyware, despite the fact that its makers have been telling us for years that the tech is only intended to be used in limited cases.
There are several reasons, including how the spyware systems are designed, and how powerful they are.
There are several reasons, including how the spyware systems are designed, and how powerful they are.
Reposted by Lorenzo Franceschi-Bicchierai
Here's my latest edition of this.weekinsecurity.com, with all the cyber news you need to know from the week, including: SonicWall's firewall data breach, CBO gets hacked, Korea Telecom's very bad breach, hackers hijacking real-world cargo, Nevada's hack post-mortem, and more. Plus: a new cybercat!
this week in security — november 9 2025 edition
SonicWall blames nation-state for theft of firewall backups, CBO hacked, Korea Telecom covered up hacks, North Korea's remote IT workers' scheme, and more.
this.weekinsecurity.com
November 9, 2025 at 3:40 PM
Here's my latest edition of this.weekinsecurity.com, with all the cyber news you need to know from the week, including: SonicWall's firewall data breach, CBO gets hacked, Korea Telecom's very bad breach, hackers hijacking real-world cargo, Nevada's hack post-mortem, and more. Plus: a new cybercat!
Reposted by Lorenzo Franceschi-Bicchierai
New: Washington Post is the latest organization to confirm a data breach linked to the mass-hacks of Oracle E-Business apps, which companies use to store their business/HR data.
Google previously said that over 100 organizations have been hacked as part of the campaign.
Google previously said that over 100 organizations have been hacked as part of the campaign.
Washington Post confirms data breach linked to Oracle hacks | TechCrunch
The Washington Post is the latest victim of a hacking campaign by the notorious Clop ransomware gang, which relied on vulnerabilities in Oracle software used by many corporations.
techcrunch.com
November 7, 2025 at 8:02 PM
New: Washington Post is the latest organization to confirm a data breach linked to the mass-hacks of Oracle E-Business apps, which companies use to store their business/HR data.
Google previously said that over 100 organizations have been hacked as part of the campaign.
Google previously said that over 100 organizations have been hacked as part of the campaign.
NEW: The U.S. Congressional Budget Office was hacked.
@doublepulsar.com found that the cause may be an unpatched Cisco ASA firewall. I asked CBO about that but it did not respond to the question.
techcrunch.com/2025/11/07/c...
@doublepulsar.com found that the cause may be an unpatched Cisco ASA firewall. I asked CBO about that but it did not respond to the question.
techcrunch.com/2025/11/07/c...
Congressional Budget Office confirms it was hacked | TechCrunch
The congressional research office confirmed a breach, but did not comment on the cause. A security researcher suggested the hack may have originated because CBO failed to patch a firewall for more tha...
techcrunch.com
November 7, 2025 at 4:38 PM
NEW: The U.S. Congressional Budget Office was hacked.
@doublepulsar.com found that the cause may be an unpatched Cisco ASA firewall. I asked CBO about that but it did not respond to the question.
techcrunch.com/2025/11/07/c...
@doublepulsar.com found that the cause may be an unpatched Cisco ASA firewall. I asked CBO about that but it did not respond to the question.
techcrunch.com/2025/11/07/c...
Reposted by Lorenzo Franceschi-Bicchierai
NEW, by me: Researchers have discovered an Android spyware that specifically targeted Samsung Galaxy phones during a nearly year-long hacking campaign. The spyware relied on a zero-day bug triggered by sending a victim a malware-laced photo via a messaging app. Victims are likely in the Middle East.
'Landfall' spyware abused zero-day to hack Samsung Galaxy phones | TechCrunch
A newly identified Android spyware targeted Galaxy devices for close to a year, including users in the Middle East, researchers exclusively tell TechCrunch.
techcrunch.com
November 7, 2025 at 12:13 PM
NEW, by me: Researchers have discovered an Android spyware that specifically targeted Samsung Galaxy phones during a nearly year-long hacking campaign. The spyware relied on a zero-day bug triggered by sending a victim a malware-laced photo via a messaging app. Victims are likely in the Middle East.
This is a very good point. And the answer lies in the licenses that spyware makers give their customers. In this case, "licenses" means the number of concurrent targets customers could use.
For example, these were the no. of targets Hacking Team gave its customers (note Morocco):
For example, these were the no. of targets Hacking Team gave its customers (note Morocco):
November 6, 2025 at 5:56 PM
This is a very good point. And the answer lies in the licenses that spyware makers give their customers. In this case, "licenses" means the number of concurrent targets customers could use.
For example, these were the no. of targets Hacking Team gave its customers (note Morocco):
For example, these were the no. of targets Hacking Team gave its customers (note Morocco):
NEW: The Paragon spyware scandal in Italy widens again.
A political consultant who works with left-wing politicians, who are part of the opposition party Partito Democratico, has now come out as the latest target.
"It is time to ask a very simple question: Why? Why me?" Francesco Nicodemos said.
A political consultant who works with left-wing politicians, who are part of the opposition party Partito Democratico, has now come out as the latest target.
"It is time to ask a very simple question: Why? Why me?" Francesco Nicodemos said.
Italian political consultant says he was targeted with Paragon spyware | TechCrunch
WhatsApp notified the consultant, who works for left-wing politicians, that his phone was targeted with spyware made by Paragon.
techcrunch.com
November 6, 2025 at 5:39 PM
NEW: The Paragon spyware scandal in Italy widens again.
A political consultant who works with left-wing politicians, who are part of the opposition party Partito Democratico, has now come out as the latest target.
"It is time to ask a very simple question: Why? Why me?" Francesco Nicodemos said.
A political consultant who works with left-wing politicians, who are part of the opposition party Partito Democratico, has now come out as the latest target.
"It is time to ask a very simple question: Why? Why me?" Francesco Nicodemos said.
Reposted by Lorenzo Franceschi-Bicchierai
ICYMI: Court documents and interviews with former staff reveal how ex-L3Harris Trenchant boss Peter Williams was able to steal and sell highly sensitive exploits to a Russian buyer for years.
"No one had any supervision over him at all," one former Trenchant employee told @lorenzofb.bsky.social.
"No one had any supervision over him at all," one former Trenchant employee told @lorenzofb.bsky.social.
How an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia | TechCrunch
Peter Williams sold eight exploits to a Russian zero-day broker by smuggling them from his employer’s highly secured air-gapped network. A court document, plus exclusive reporting by TechCrunch and in...
techcrunch.com
November 4, 2025 at 1:43 PM
ICYMI: Court documents and interviews with former staff reveal how ex-L3Harris Trenchant boss Peter Williams was able to steal and sell highly sensitive exploits to a Russian buyer for years.
"No one had any supervision over him at all," one former Trenchant employee told @lorenzofb.bsky.social.
"No one had any supervision over him at all," one former Trenchant employee told @lorenzofb.bsky.social.
NEW: How former Trenchant boss Peter Williams stole zero-days worth millions of dollars, based on court documents and interviews with former colleagues.
A former Trenchant employee said “no one had any supervision over [Williams] at all. He was kind of allowed to do things the way he wanted to.”
A former Trenchant employee said “no one had any supervision over [Williams] at all. He was kind of allowed to do things the way he wanted to.”
How an ex-L3 Harris Trenchant boss stole and sold cyber exploits to Russia | TechCrunch
Peter Williams sold eight exploits to a Russian zero-day broker by smuggling them from his employer’s highly secured air-gapped network. A court document, plus exclusive reporting by TechCrunch and in...
techcrunch.com
November 3, 2025 at 9:45 PM
NEW: How former Trenchant boss Peter Williams stole zero-days worth millions of dollars, based on court documents and interviews with former colleagues.
A former Trenchant employee said “no one had any supervision over [Williams] at all. He was kind of allowed to do things the way he wanted to.”
A former Trenchant employee said “no one had any supervision over [Williams] at all. He was kind of allowed to do things the way he wanted to.”
Reposted by Lorenzo Franceschi-Bicchierai
It's Friday and you've probably had enough cyber... but I'm re-upping my story on this.weekinsecurity.com about how AI browsers are shipping with security bugs that put your private data (saved passwords, credit cards, browsing history) at risk.
Here's why AI browsers aren't safe for general use.
Here's why AI browsers aren't safe for general use.
AI browsers are a hot mess of security risks
AI-enabled web browsers are putting their users' data, security, and privacy at risk from rudimentary prompt injection attacks.
this.weekinsecurity.com
October 31, 2025 at 8:37 PM
It's Friday and you've probably had enough cyber... but I'm re-upping my story on this.weekinsecurity.com about how AI browsers are shipping with security bugs that put your private data (saved passwords, credit cards, browsing history) at risk.
Here's why AI browsers aren't safe for general use.
Here's why AI browsers aren't safe for general use.
Reposted by Lorenzo Franceschi-Bicchierai
New incredible detail here: ICE says a match in its facial recognition app Mobile Fortify is a "definitive" determination of a person's status, and that this overrides birth certificates. This is an app ICE is using in the field to scan people
www.404media.co/ice-and-cbp-...
www.404media.co/ice-and-cbp-...
October 29, 2025 at 3:03 PM
New incredible detail here: ICE says a match in its facial recognition app Mobile Fortify is a "definitive" determination of a person's status, and that this overrides birth certificates. This is an app ICE is using in the field to scan people
www.404media.co/ice-and-cbp-...
www.404media.co/ice-and-cbp-...
NEW: Peter Williams, the former head of Western zero-day and spyware maker Trenchant, pleaded guilty to selling eight exploits to a broker that resells to the Russian government.
The DOJ said Williams was promised millions of dollars in exchange for "national-security focused software."
The DOJ said Williams was promised millions of dollars in exchange for "national-security focused software."
Former L3Harris Trenchant boss pleads guilty to selling zero-day exploits to Russian broker | TechCrunch
Prosecutors confirmed Peter Williams, the former Trenchant boss, sold eight exploits to a Russian buyer. TechCrunch exclusively reported that the Trenchant division was investigating a leak of its hac...
techcrunch.com
October 29, 2025 at 5:42 PM
NEW: Peter Williams, the former head of Western zero-day and spyware maker Trenchant, pleaded guilty to selling eight exploits to a broker that resells to the Russian government.
The DOJ said Williams was promised millions of dollars in exchange for "national-security focused software."
The DOJ said Williams was promised millions of dollars in exchange for "national-security focused software."
NEW: The CEO of Memento Labs admits the spyware found by security researchers targeting Windows victims in Russia was his company's.
He said that one of his customers used an outdated version of the spyware that's going to be decommissioned at the end of this year.
techcrunch.com/2025/10/28/c...
He said that one of his customers used an outdated version of the spyware that's going to be decommissioned at the end of this year.
techcrunch.com/2025/10/28/c...
Exclusive: CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware
Security researchers found a government hacking campaign that relies on Windows spyware developed by surveillance tech maker Memento Labs. When reached by TechCrunch, the spyware maker's chief executi...
techcrunch.com
October 29, 2025 at 4:42 PM
NEW: The CEO of Memento Labs admits the spyware found by security researchers targeting Windows victims in Russia was his company's.
He said that one of his customers used an outdated version of the spyware that's going to be decommissioned at the end of this year.
techcrunch.com/2025/10/28/c...
He said that one of his customers used an outdated version of the spyware that's going to be decommissioned at the end of this year.
techcrunch.com/2025/10/28/c...
Reposted by Lorenzo Franceschi-Bicchierai
Welp. That's the third telco in South Korea to have reported a data breach in the past six months, after SK Telecom and KT.
LG Uplus is latest South Korean telco to confirm cybersecurity incident | TechCrunch
Korean telecom giant LG Uplus is the third major phone provider in the past six months to report a cybersecurity incident.
techcrunch.com
October 29, 2025 at 3:57 AM
Welp. That's the third telco in South Korea to have reported a data breach in the past six months, after SK Telecom and KT.
October 27, 2025 at 10:15 PM
This.
It is nothing short of genuinely impressive how much money Microsoft makes, compared directly to how utterly shit to the core its software is to use.
October 24, 2025 at 5:06 PM
This.
Australia's Department of Foreign Affairs and Trade said that it is aware the Department of Justice investigation into Trenchant's former general manager Peter "Doogie" Williams.
In early September, it told me it was not aware of the case.
In early September, it told me it was not aware of the case.
NEW: The U.S. govt accused Peter Williams, ex general manager of hacking tool maker L3Harris Trenchant, of stealing trade secrets and selling them to buyer in Russia.
As we reported earlier, Trenchant investigated a leak of internal tools this year. It's unclear if that investigation is related.
As we reported earlier, Trenchant investigated a leak of internal tools this year. It's unclear if that investigation is related.
U.S. government accuses former L3Harris cyber boss of stealing trade secrets | TechCrunch
The U.S. Department of Justice accused Peter Williams, former general manager of L3Harris’ hacking division Trenchant, of stealing trade secrets and selling them to a buyer in Russia.
techcrunch.com
October 24, 2025 at 2:11 PM
Australia's Department of Foreign Affairs and Trade said that it is aware the Department of Justice investigation into Trenchant's former general manager Peter "Doogie" Williams.
In early September, it told me it was not aware of the case.
In early September, it told me it was not aware of the case.
I need someone to explain to me why you'd rather use Microsoft Word than Google Docs. I don't think I've ever seen two products that are supposedly made to do the same thing, yet one fails at everything you need it to do, while the other is near perfect.
EOL Word for the love of god.
EOL Word for the love of god.
October 23, 2025 at 11:48 PM
I need someone to explain to me why you'd rather use Microsoft Word than Google Docs. I don't think I've ever seen two products that are supposedly made to do the same thing, yet one fails at everything you need it to do, while the other is near perfect.
EOL Word for the love of god.
EOL Word for the love of god.
NEW: The U.S. govt accused Peter Williams, ex general manager of hacking tool maker L3Harris Trenchant, of stealing trade secrets and selling them to buyer in Russia.
As we reported earlier, Trenchant investigated a leak of internal tools this year. It's unclear if that investigation is related.
As we reported earlier, Trenchant investigated a leak of internal tools this year. It's unclear if that investigation is related.
U.S. government accuses former L3Harris cyber boss of stealing trade secrets | TechCrunch
The U.S. Department of Justice accused Peter Williams, former general manager of L3Harris’ hacking division Trenchant, of stealing trade secrets and selling them to a buyer in Russia.
techcrunch.com
October 23, 2025 at 3:47 PM
NEW: The U.S. govt accused Peter Williams, ex general manager of hacking tool maker L3Harris Trenchant, of stealing trade secrets and selling them to buyer in Russia.
As we reported earlier, Trenchant investigated a leak of internal tools this year. It's unclear if that investigation is related.
As we reported earlier, Trenchant investigated a leak of internal tools this year. It's unclear if that investigation is related.
Reposted by Lorenzo Franceschi-Bicchierai
New: a $60 mod to Meta's Ray-Ban glasses disables the privacy LED light. This is supposed to light when people are filming with the glasses. We bought the mod, verified it works. Now you can never be sure whether someone wearing Meta Ray-Bans is filming you or not
www.404media.co/how-to-disab...
www.404media.co/how-to-disab...
A $60 Mod to Meta’s Ray-Bans Disables Its Privacy-Protecting Recording Light
Meta’s Ray-Ban glasses usually include an LED that lights up when the user is recording other people. One hobbyist is charging a small fee to disable that light, and has a growing list of customers ar...
www.404media.co
October 23, 2025 at 1:01 PM
New: a $60 mod to Meta's Ray-Ban glasses disables the privacy LED light. This is supposed to light when people are filming with the glasses. We bought the mod, verified it works. Now you can never be sure whether someone wearing Meta Ray-Bans is filming you or not
www.404media.co/how-to-disab...
www.404media.co/how-to-disab...
Reposted by Lorenzo Franceschi-Bicchierai
ICYMI from yesterday: A former Trenchant employee working in exploit development says he was wrongly accused of leaking internal tools and fired. Weeks later, he received a threat alert from Apple saying his own iPhone was targeted with mercenary spyware.
Exclusive: Apple alerts exploit developer that his iPhone was targeted with government spyware
A developer at Trenchant, a leading Western spyware and zero-day maker, was suspected of leaking company tools and was fired. Weeks later, Apple notified him that his personal iPhone was targeted with...
techcrunch.com
October 22, 2025 at 12:50 PM
ICYMI from yesterday: A former Trenchant employee working in exploit development says he was wrongly accused of leaking internal tools and fired. Weeks later, he received a threat alert from Apple saying his own iPhone was targeted with mercenary spyware.
SCOOP: A man who worked on developing hacking and surveillance tools for defense contractor L3Harris Trenchant was notified by Apple that his iPhone was targeted with mercenary spyware.
The developer believes he was targeted after he was wrongly accused of leaking zero-days developed by Trenchant.
The developer believes he was targeted after he was wrongly accused of leaking zero-days developed by Trenchant.
Exclusive: Apple alerts exploit developer that his iPhone was targeted with government spyware
A developer at Trenchant, a leading Western spyware and zero-day maker, was suspected of leaking company tools and fired. Weeks later, Apple notified him that his personal iPhone was targeted with spy...
techcrunch.com
October 21, 2025 at 2:54 PM
SCOOP: A man who worked on developing hacking and surveillance tools for defense contractor L3Harris Trenchant was notified by Apple that his iPhone was targeted with mercenary spyware.
The developer believes he was targeted after he was wrongly accused of leaking zero-days developed by Trenchant.
The developer believes he was targeted after he was wrongly accused of leaking zero-days developed by Trenchant.
Italian prosecutors reportedly interrogated the heds of the country's two intelligence agencies (AISI and AISE.)
Prosecutors are investigating the alleged targeting of journalists Francesco Cancellato and Ciro Pellegrino, among others. At this point, it's unclear who hacked them.
Prosecutors are investigating the alleged targeting of journalists Francesco Cancellato and Ciro Pellegrino, among others. At this point, it's unclear who hacked them.
Caso Paragon: i vertici Aise e Aisi ascoltati dai pm
I magistrati di Roma e Napoli approfondiscono il caso Paragon, coinvolgendo anche noti giornalisti tra le parti lese dell’inchiesta.
alanews.it
October 20, 2025 at 8:24 PM
Italian prosecutors reportedly interrogated the heds of the country's two intelligence agencies (AISI and AISE.)
Prosecutors are investigating the alleged targeting of journalists Francesco Cancellato and Ciro Pellegrino, among others. At this point, it's unclear who hacked them.
Prosecutors are investigating the alleged targeting of journalists Francesco Cancellato and Ciro Pellegrino, among others. At this point, it's unclear who hacked them.
In these dark times, let's remember that there were better days.
Fun times when the NSA was so worried about Furbys, and the recording device embedded in them, that it banned them from its premises.
web.archive.org/web/20060826...
Fun times when the NSA was so worried about Furbys, and the recording device embedded in them, that it banned them from its premises.
web.archive.org/web/20060826...
October 20, 2025 at 5:05 PM
In these dark times, let's remember that there were better days.
Fun times when the NSA was so worried about Furbys, and the recording device embedded in them, that it banned them from its premises.
web.archive.org/web/20060826...
Fun times when the NSA was so worried about Furbys, and the recording device embedded in them, that it banned them from its premises.
web.archive.org/web/20060826...
ICYMI (story broke late Friday evening): A judge has ordered NSO Group to stop targeting WhatsApp users.
At the same time the judge reduced the damages the spyware maker had to pay to WhatsApp from $167 million to $4M, becasue there was no evidence NSO’s behavior was “particularly egregious."
At the same time the judge reduced the damages the spyware maker had to pay to WhatsApp from $167 million to $4M, becasue there was no evidence NSO’s behavior was “particularly egregious."
Spyware maker NSO Group blocked from WhatsApp | TechCrunch
A federal judge has granted Meta-owned WhatsApp’s request for a permanent injunction blocking Israeli cyberintelligence company NSO Group from targeting the messaging app’s users. At the same time, th...
techcrunch.com
October 20, 2025 at 2:39 PM
ICYMI (story broke late Friday evening): A judge has ordered NSO Group to stop targeting WhatsApp users.
At the same time the judge reduced the damages the spyware maker had to pay to WhatsApp from $167 million to $4M, becasue there was no evidence NSO’s behavior was “particularly egregious."
At the same time the judge reduced the damages the spyware maker had to pay to WhatsApp from $167 million to $4M, becasue there was no evidence NSO’s behavior was “particularly egregious."