Lorenzo Franceschi-Bicchierai

Hang on, when did I confess that?

If you take OPSEC advice from Elon Musk and Pavel Durov, good luck, you're basically screwed. I wouldn’t trust those two to make me a coffee with a Nespresso machine, let alone help me stay secure online.

WhatsApp is rolling out a new stricter security setting to protect users from cyber attacts | TechCrunch Days after Meta was sued over alleged false privacy claims surrounding its chat app WhatsApp, the company has rolled out a new setting to protect users

NEW: After Apple launched Lockdown Mode years ago, and Google released its own special security feature for Android last year, WhatsApp now offers a new mode for users at high risk of being targeted with spyware.

It's called Strict Account Settings and enables certain restrictions to protect users.

Vas has tirelessly and constantly followed virtually every story related to government spyware that is developing in any corners of the world. I don't know how he can keep up with everything that's happening in that world, but I am glad he does.

Keep your phone number private with Signal usernames Signal’s mission and sole focus is private communication. For years, Signal has kept your messages private, your profile information (like your name and profile photo) private, your contacts private, ...

A number of Washington Post journalists asked for tips from government workers last year and posted their personal phone numbers for @signal.org. Please know that Signal allows you to create a username, meaning you can keep your phone number private. signal.org/blog/phone-n...

YouTube video by Martha Root I Exposed, Infiltrated, and Shut Down a Racist Network Dressed as a Pink Power Ranger

Martha Root explained their motivations here, but not any technical details, which they promise are coming soon.

"No, this didn’t happen live on stage. And no it wasn’t a moment straight out of a hacker movie. It was mostly timing, a bit of performance and things that were already unfolding."

Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects' laptops: reports | TechCrunch The FBI served Microsoft a warrant requesting encryption recovery keys to decrypt the hard drives of people involved in an alleged fraud case in Guam.

NEW: Microsoft handed the FBI the recovery keys to decrypt the hard drives of three laptops encrypted with BitLocker.

BitLocker is enabled by default in modern Windows laptops, but Microsoft also prompts users to upload the recovery keys to the company's cloud, which opens up this possibility.

25 days later, White Date is still down.

Spanish judge closes NSO Group spyware probe due to lack of cooperation from Israel The case dates to May 2022, when the court launched a probe into the alleged spying on devices belonging to Prime Minister Pedro Sánchez and Defence Minister Margarita Robles.

Spanish judge closes probe into NSO in wake of Pegasus hack of several govt officials, incl the PM. Court says Israel ignored five requests for information and probe can't proceed as a result. NSO has historically been shielded from accountability by the Israeli govt
therecord.media/spanish-judg...

Imho yes

Come for the news, stay for a quick history lesson on the use of government spyware in Europe, something that's been happening since at least 2004.

techcrunch.com/2026/01/22/i...

Ireland proposes new law allowing police to use spyware | TechCrunch The Irish government announced that it wants to pass a law that would grant police more surveillance powers, such as using spyware to fight serious crime, while aiming to protect the privacy rights of...

NEW: Ireland is working on a law to regulate the use of spyware by the police.

There's no details yet, but the Irish government promises to balance the need to fight serious crime with spyware, with the need to respect privacy and human rights.

techcrunch.com/2026/01/22/i...

Under Armour says it's 'aware' of data breach claims after 72M customer records were posted online | TechCrunch TechCrunch obtained a sample of the stolen data, which contained names, email addresses, dates of birth, and the user's approximate geographic location. Under Armour confirmed some sensitive informati...

New, by me: Under Armour says it’s aware of data breach claims after 72M customer records were posted online.

A spox. told me a "small percentage" of customers had sensitive information compromised but wouldn't say what it considers "sensitive," nor provide an accurate figure of affected customers.

So…is the PS5 Pro worth the extra $$$ or should I just get the normal one?

How a hacking campaign targeted high-profile Gmail and WhatsApp users across the Middle East | TechCrunch The phishing campaign targeted users on WhatsApp, including an Iranian-British activist, and stole the credentials of a Lebanese cabinet minister and at least one journalist.

*pinches bridge of nose and sighs heavily*

These utter fuckwits have returned with the *same* phishing campaign on the *same* burned infrastructure and leaking the same data, which leads me to think that it's probably Iranian intelligence after all.

My writeup from last week with more details:

Trump administration admits DOGE may have misused Americans' Social Security data | TechCrunch The revelation comes as part of a series of corrections in a legal case over DOGE’s access to Social Security Administration data.

NEW: Two members of Elon Musk’s Department of Government Efficiency (DOGE) who were working at the Social Security Administration may have shared SSNs to help an advocacy group that had the aim "to overturn election results in certain States," according to a court document.

NOTE: The letter says that the company Defense Prime (rebranded as Palm Beach Networks and linked to Head and Tail) develops Pegasus. That is clearly a mistake, given that it's NSO that develops Pegasus.

No, I think that's a mistake on the part of the people who wrote the letter. But let me note that.

Barcelona, sede mundial de una reunión secreta de espías durante 24 horas Varias empresas se encuentran en una ubicación secreta del Eixample para hablar de las vulnerabilidades de los sistemas informáticos

The Catalan newspaper Ara covered this recently, with the news peg that there was a closed-door conference where many of these companies were present.

es.ara.cat/sociedad/suc...

How Barcelona became an unlikely hub for spyware startups | TechCrunch Barcelona's mix of affordable cost of living and quality of life has helped create a vibrant startup community — and become a hotbed for the creation of surveillance technologies.

This letter came around the time stories us and Haaretz published stories about the presence of several Israeli (and from other countries too) offensive cybersecurity and spyware companies in Barcelona.

techcrunch.com/2025/01/13/h...

www.haaretz.com/israel-news/...

The government answered that the Ministry of Defense has no information at all about the issues raised in the letter.

www.congreso.es/entradap/l15...

Last year, a member of the Spanish parliament sent a letter to the government asking what it thinks about the fact that there are several Israeli offensive cybersecurity folks in Barcelona working on spyware, and whether the government wants to do anything about it.

www.congreso.es/entradap/l15...

One more link: bsky.app/profile/vall...

Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities

And here's the New York Times piece that cites "U.S. officials briefed on the operation."

www.nytimes.com/2026/01/15/u...

Why I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity NYT says US hackers were able to turn off power and then quickly turn it back on.

2) This blog post by @dangoodin.bsky.social

arstechnica.com/security/202...

Ministerio del Poder Popular para la Energía Eléctrica | Cynthia Brumfield | 16 comments Please, please, please let's be clear about the use or lack of use of cyber to cut off power in Venezuela. I began researching this possibility the second Trump finished his press conference, in which...

These are good pieces on the alleged U.S. cyberattack against the Venezuelan power grid. It seems that for now the skepticism is warranted until we get more details and some independent confirmation from threat intelligence/infrastrucure researchers.

1) This Linkedin post by @metacurity.com

In case tone isn't clear: I am joking.

this week in security — january 18 2026 edition FBI searches journalist's home, Flock redaction errors expose police targets, millions of headphones at risk of eavesdropping, a slew of 10/10 bugs, and more.

A new this.weekinsecurity.com is out, featuring stories on: FBI raiding WaPo reporter's home; Iran's internet shutdown passes one week; Flock flucked up license plate redactions; millions of headphones at risk of eavesdropping; a ton of max 10.0 bugs; that Venezuela "cyberattack," and much more.

Trying to protect everything from everyone all the time is a good way to drive yourself crazy. This is why we threat model. Here is EFF's Surveillance Self Defense guide to putting together your security plan, also known as threat modeling: ssd.eff.org/module/your-...

Supreme Court hacker posted stolen government data on Instagram | TechCrunch Nicholas Moore pleaded guilty to stealing victims’ information from the Supreme Court and other federal government agencies, and then posting it on his Instagram @ihackthegovernment.

NEW: Nicholas Moore, a hacker who broke into the systems of the U.S. Supreme Court and the Department of Veteran Affairs stole the personal data of victims and then posted it online on his @ihackthegovernment Instagram account.

Moore faces a maximum of a year in prison and a fine of up to $100,000.