Lorenzo Franceschi-Bicchierai

Bug in jury systems used by several US states exposed sensitive personal data | TechCrunch An easy-to-exploit vulnerability in a jury system made by Tyler Technologies exposed the personally identifiable data of jurors, including names, home addresses, emails, and phone numbers.

NEW: A trivial-to-exploit bug in jury systems used across the United States exposed jurors' sensitive personal data, such as full names, date of birth, emails, cell phone numbers, and home addresses — and potentially health data.

The bug allowed anyone to brute-force and access jurors' accounts.

A spox for the ShinyHunters group told @lorenzofb.bsky.social that Gainsight "was a customer of Salesloft Drift, they were affected and therefore compromised entirely by us."

So far, these hackers have breached hundreds of companies simply by targeting Salesloft and Gainsight alone.

CrowdStrike fires 'suspicious insider' who passed information to hackers | TechCrunch Cybersecurity giant CrowdStrike denied it had been hacked following claims from a hacker group, which leaked screenshots from inside CrowdStrike's network.

New, by me and @lorenzofb.bsky.social: CrowdStrike has confirmed it fired a "suspicious insider" who passed screenshots of company systems to a prolific hacking group — which then went on to post them publicly.

Google says hackers stole data from 200 companies following Gainsight breach | TechCrunch Notorious hacking collective ShinyHunters takes credit for the breach that affected Salesforce customers’ data, and said it is planning another extortion campaign.

NEW: Google says the new wave of supply chain attacks by Scattered Lapsus$ Hunters impacted more than 200 companies' Salesforce-stored data.

Hackers said they breached CrowdStrike, Linkedin, Malwarebytes, Verizon etc.

Malwarebytes said is investigating. CrowdStrike said company is "not affected."

Salesforce says some of its customers' data was accessed after Gainsight breach | TechCrunch Salesforce said it’s investigating an incident where hackers compromised some of its customers' data after breaching customer experience company Gainsight.

NEW: Salesforse says said it’s investigating an incident where hackers compromised some of its customers' data after breaching customer experience company Gainsight.

Notorious hacking group ShinyHunters has reportedly claimed responsibility for this new wave of data breaches.

How the classic anime 'Ghost in the Shell' predicted the future of cybersecurity 30 years ago | TechCrunch The story of the Ghost in the Shell’s main villain the Puppet Master hinted at a future where governments use hackers for espionage, at a time when most of the world had never connected to the interne...

Here it is! techcrunch.com/2025/11/19/h...

How the classic anime 'Ghost in the Shell' predicted the future of cybersecurity 30 years ago | TechCrunch The story of the Ghost in the Shell’s main villain the Puppet Master hinted at a future where governments use hackers for espionage, at a time when most of the world had never connected to the interne...

NEW: The classic anime "Ghost in the Shell" turned 30 years old this week.

Despite coming out at the dawn of the internet, it was incredibly prescient in terms of imaginig a future where governments use hackers for espionage, people use malware to spy on their loved ones, and much much more.

running down the computer aisle of best buy with a megaphone and shouting "copilot, install malware"

In case folks forgot what happened, Khashoggi entered a Saudi consulate in Istanbul to get a document so he could get married while his fiancée waited outside. He never left because he was murdered and dismembered with a bone saw inside the building. The US intel community said MBS ordered it.

.hack//Sign - Wikipedia

Are you referring to this? en.wikipedia.org/wiki/.hack//...

If so, is it good?

It’s very obvious

I am afraid I convinced @zackwhittaker.com to let me write about anime. Stay tuned.

If really does! I’m rewatching it today and it could easily come out today and nobody would think it’s 30 years old.

Absolutely disgusting.

😂

Time to remind everyone that this anime is one of the best hacker movies of all time. The whole Puppet Master plot was so ahead of its time, anticipating the reality of government espionage we live in now.

Also it was a huge inspiration for the Wachowski's sisters when they came up with The Matrix.

Cloudflare blames massive internet outage on 'latent bug' | TechCrunch An outage at internet infrastructure giant Cloudflare took down several big websites and services, including ChatGPT, Claude, Spotify, and X.

NEW: Internet infrastructure giant Cloudflare blamed this morning's massive internet outage on a "latent bug."

This is another stark reminder that the internet depends on just a handful of companies. According to an estimate, Cloudflare is used by 20% of all websites on the internet.

Can you tell me more? 👀

The TechCrunch Cyber Glossary | TechCrunch This glossary includes the most common terms and expressions TechCrunch uses in our security reporting, and explanations of how — and why — we use them.

"Hacker" is a neutral term whose connotation is dependent on context for us. Here's our rationale: techcrunch.com/2025/04/25/t...

Surveillance tech provider Protei was hacked, its data stolen and its website defaced | TechCrunch The defacement of Protei's website said "another DPI/SORM provider bites the dust," apparently referring to the company selling its web intercept and surveillance products to phone and internet provid...

New, by me: Protei, a Russian-founded telecoms provider and a supplier of surveillance and web monitoring technologies, was breached, its website defaced, and its servers raided.

"Another DPI/SORM provider bites the dust," read the company's defaced website.

DoorDash confirms data breach impacting users’ phone numbers and physical addresses | TechCrunch The delivery giant said “no sensitive information” was accessed, and did not specify the number of customers, delivery workers, and merchants who were impacted by the breach.

NEW: Delivery giant DoorDash disclosed a data breach impacting an unspecified number of users.

Hackers stole names, emails, phone numbers, and physical addresses, but DoorDash said that “no sensitive information was accessed by the unauthorized third party." 🤔

A NYT newsletter headline: An Economist Asked, How Much Should We Spend to Avoid the A.I. Apocalypse?

A virgin/Chad meme: the virgin "AGI existential risk" vs the Chad Global Warming. TL;DR Climate change is real and documented; AGI existential risk is a cooperative sci-fi written by a bunch of guys looking to retroactively justify their wealth

Thank you!

Share your cyber starter packs!

I think there is value in telling readers (who may become sources at some point) how the sausage is made, and what is OK and not OK to ask a journalist. The answer to what the police here is asking is not obvious to people who don't work in media, so I thought it was worth sharing.

The Cyber Police Department of Ukraine sent this email to me, @zackwhittaker.com, and some other cyber journalists.

Basically, it seems they are asking for help going after hackers expecting journalists to share information we would never share with law enforcement. Nope, this is not how it works.

Five people plead guilty to helping North Koreans infiltrate US companies as 'remote IT workers' | TechCrunch The U.S. Department of Justice said five people — including four U.S. nationals — "facilitated" North Korean IT workers to get jobs at American companies, allowing the regime to earn money from their ...

NEW: Five people who live in the U.S. pleaded guily for "facilitating" and helping the North Korean regime place fake remote IT workers inside American companies.

U.S. Department of Justice said their actions affected 136 U.S. companies and netted Kim Jong Un’s regime $2.2 million in revenue.

Police take down three cybercrime operations in latest round of 'whack-a-mole' | TechCrunch Authorities from nine countries took down three cybercrime operations, including the Rhadamantys infostealer, which allegedly had access to the crypto wallets of more than 100,000 victims.

NEW: Authorities took down three cybercrime operations, including Rhadamantys infostealer, which allegedly had access to the crypto wallets of more than 100,000 victims.

This is the latest round of the ongoing "whack-a-mole forever" Operation Endgame, as one security researcher put it.

You live in America.

How Riot Games is fighting the war against video game hackers | TechCrunch Riot’s “anti-cheat artisan” Phillip Koskinas explains how he and his team go after cheaters and cheat developers to protect the integrity of games, such as Valorant and League of Legends.

I think there’s a bit of misunderstanding on how those systems actually work, the head of anti chat at Riot Games explained it well to me a few months ago: techcrunch.com/2025/05/03/h...