Posts by zackwhittaker@mastodon.social
(DIR) Post #Ayru7SFVCDC2SFXz4i by zackwhittaker@mastodon.social
2025-10-04T14:04:57Z
1 likes, 1 repeats
My latest: Discord said late on Friday that hackers stole users' government-issued IDs (passports and driver's licenses) from one of its customer support databases.I wrote a few words about the risks of age verification laws, and why collecting people's government IDs is bad for security and privacy.https://this.weekinsecurity.com/discord-says-users-government-ids-used-for-age-checks-stolen-by-hackers/
(DIR) Post #AyyRS5VTPS83RBDupU by zackwhittaker@mastodon.social
2025-10-07T17:10:28Z
0 likes, 3 repeats
Scoop, by @lorenzofb: A federal contract shows ICE spent $825,000 on vans equipped with fake cellphone towers known as cell-site simulators, which can be used to spy on nearby phones. The Maryland-based company that integrates the cell-site simulators into their vans is called TechOps Specialty Vehicles.https://techcrunch.com/2025/10/07/ice-bought-vehicles-equipped-with-fake-cell-towers-to-spy-on-phones/
(DIR) Post #AzDKeKPW2PzUpOj1wu by zackwhittaker@mastodon.social
2025-10-14T12:13:14Z
2 likes, 0 repeats
New, by me: If you're not using ad blockers, you should be! I wrote 2,000+ words on why you should use them and how to get started.In this deep-dive blog, I explain why ad blockers are critical for your online security and privacy, what threats ad blockers can help defend against, and we'll look at some of the best ad blockers out there.More: https://this.weekinsecurity.com/why-ad-blockers-are-a-top-security-and-privacy-defense-for-everyone/You can also sign up for my weekly cybersecurity newsletter, out Sundays: https://this.weekinsecurity.com/
(DIR) Post #AzEtIeCFU6RDNNsQjI by zackwhittaker@mastodon.social
2025-10-15T15:55:31Z
0 likes, 2 repeats
This one's a wild/messy one: Cyber giant F5, which serves most of the Fortune 500, said unknown government hackers had 'long term' access to its network:• stole source code, some customer data• accessed undisclosed vulns in BIG-IP• DOJ allowed F5 to delay public notice citing national securityMore, from me:https://techcrunch.com/2025/10/15/cyber-giant-f5-networks-says-government-hackers-had-long-term-access-to-its-systems-stole-code-and-customer-data/
(DIR) Post #AzLcrw9oMQD86LhKfA by zackwhittaker@mastodon.social
2025-10-18T22:16:38Z
0 likes, 0 repeats
My favorite #NoKings sign seen in my neighborhood today.
(DIR) Post #AzZb1jvZCoaDN81LaS by zackwhittaker@mastodon.social
2025-10-25T14:13:10Z
0 likes, 1 repeats
I wrote some words for ~ this week in security ~ about the security and privacy risks with AI browsers, like Perplexity's Comet and OpenAI's ChatGPT Atlas, and why they should really come with enormous warning labels: "⚠️ Use at your own risk! ⚠️"Read online: https://this.weekinsecurity.com/ai-browsers-are-a-hot-mess-of-security-risks/Sign up for (or RSS) the weekly newsletter: https://this.weekinsecurity.com
(DIR) Post #AzZb1pInDt8I2bvSz2 by zackwhittaker@mastodon.social
2025-10-25T15:08:28Z
0 likes, 0 repeats
Adding AI to a web browser massively increases the attack surface that hackers can use to steal your data from that browser — from your recent internet history to your saved passwords and credit card numbers — and potentially beyond, including the private data saved on your computer or phone.More: https://this.weekinsecurity.com/ai-browsers-are-a-hot-mess-of-security-risks/
(DIR) Post #Azj2eLJRCTPgdgbxlQ by zackwhittaker@mastodon.social
2025-10-30T04:13:40Z
2 likes, 1 repeats
Thankful for my partner who, while I'm on the other side of the country, calls me to FaceTime with our cats.
(DIR) Post #B06bhAyyO26wFdmUrY by zackwhittaker@mastodon.social
2025-11-10T14:41:33Z
0 likes, 2 repeats
We used to think of government spyware targeting only a select few, like terrorists and organized criminals.But over years, government spyware has been used to hack the phones of journalists, activists, lawyers, politicians, and seemingly regular people — and the pool of victims targeted by governments is quite wide, and larger than people might think.Here's an explainer by @lorenzofb as to why.https://techcrunch.com/2025/11/10/why-a-lot-of-people-are-getting-hacked-with-government-spyware/
(DIR) Post #B0Bz70SJPuMdrtad84 by zackwhittaker@mastodon.social
2025-11-12T19:43:43Z
0 likes, 0 repeats
Looks like Elon Musk botched X's passkey and security key switchover, and users are reporting that they're getting stuck in endless loops and, in some cases, getting locked out of their accounts.https://techcrunch.com/2025/11/12/elon-musks-x-botched-its-security-key-switchover-locking-users-out/
(DIR) Post #B0i2Qllfy1fY24W3CC by zackwhittaker@mastodon.social
2025-11-28T15:14:48Z
0 likes, 1 repeats
Business Insider reports that Oura is planning to expand its Oura wearable rings beyond health tracking to allow for payments, authentication, and more.Well, Capitan Buzzkill (me) here wrote about Oura's security and privacy practices earlier this year, and found:• Oura rings *don't* end-to-end encrypt users' health data;• As such, Oura *can* access its users' data;• Oura told me that the company *has* received U.S. government demands for users' data.More: https://this.weekinsecurity.com/oura-ring-deal-raises-valid-concerns-about-users-health-data-security/
(DIR) Post #B16rinbpcPr0PZIv4a by zackwhittaker@mastodon.social
2025-12-10T13:44:43Z
0 likes, 1 repeats
NEW: Petco has taken down parts of its Vetco website after we discovered a masive data leak exposing customers' personally identifiable information (and their pets!) to the open web.After flagging the leak, Petco still took four days to respond. We estimate millions of customers may be affected.More: https://techcrunch.com/2025/12/10/petco-takes-down-vetco-website-after-exposing-customers-personal-information/
(DIR) Post #B16ritcPHBsZ35cSno by zackwhittaker@mastodon.social
2025-12-10T13:49:54Z
0 likes, 0 repeats
We found the bug in how Vetco generates PDF documents for its customers. Its PDF page was public and was indexed by Google, which is how we found it. Worse, an IDOR bug in the URL meant it was possible for anyone to obtain customer data by changing the customer's unique ID by a single digit. 🤦https://techcrunch.com/2025/12/10/petco-takes-down-vetco-website-after-exposing-customers-personal-information/
(DIR) Post #B1LhSGubKlMSCNxl0i by zackwhittaker@mastodon.social
2025-12-17T19:17:28Z
0 likes, 1 repeats
This looks like a particularly spicy shituation affecting Cisco customers: • 10/10 severity zero-day bug in popular Cisco products• Cisco says China is exploiting bug to hack customers• Cyberattacks discovered on Dec. 10; disclosed today• No patches yet. Compromised devices must be wipedhttps://techcrunch.com/2025/12/17/cisco-says-chinese-hackers-are-exploiting-its-customers-with-a-new-zero-day/
(DIR) Post #B1NRCkQYcPmM9hPDAO by zackwhittaker@mastodon.social
2025-12-18T15:00:03Z
0 likes, 0 repeats
One of those stupid autonomous Uber Eats delivery robots in our neighborhood looks like it got stuck in cold weather, frozen to the ground, not moving.The future, everyone.
(DIR) Post #B1Qc1rO8519pWqA1Jo by zackwhittaker@mastodon.social
2025-12-19T23:54:05Z
1 likes, 1 repeats
Absolute horror story of a long-time Apple customer who was locked out of their devices and account with no recourse after redeeming a suspected bad gift card. Gift card scams are on the rise & increasingly difficult to spot, and can have devastating consequences. https://this.weekinsecurity.com/apple-nuking-a-customer-account-over-a-bad-gift-card-is-a-warning-for-everyone/
(DIR) Post #B1dvtbWrx1gGdGp6Ya by zackwhittaker@mastodon.social
2025-12-26T14:26:37Z
1 likes, 0 repeats
New, by @lorenzofb.bsky.social and me: We just published TechCrunch's annual jealousy list of cybersecurity stories that we *didn’t* publish but wish we had. This is the very best cybersecuirty reporting from our friends at competing publications. https://techcrunch.com/2025/12/26/these-are-the-cybersecurity-stories-we-were-jealous-of-in-2025/
(DIR) Post #B29MatGJCAuJqMS50i by zackwhittaker@mastodon.social
2026-01-10T17:43:47Z
1 likes, 0 repeats
Love to hear from my readers.🙏
(DIR) Post #B2Gi1wbYKkQFAnqkHw by zackwhittaker@mastodon.social
2026-01-13T22:22:26Z
0 likes, 0 repeats
Daily Beast reports that a DHS whistleblower has leaked the personal details of around 4,500 ICE and Border Patrol employees. The data is said to include about 1,800 on-the-ground agents and 150 supervisors.https://www.thedailybeast.com/personal-details-of-thousands-of-border-patrol-and-ice-goons-allegedly-leaked-in-huge-data-breach/
(DIR) Post #B2mVnPzBGqjGcC1RwG by zackwhittaker@mastodon.social
2026-01-29T14:53:43Z
0 likes, 1 repeats
NEW, by me: A security and privacy feature rolled out to select models of the latest iPhones and iPads this week will make it more difficult for law enforcement, spies, and malicious hackers to obtain a person's precise location data from their phone provider.https://techcrunch.com/2026/01/29/apples-new-iphone-and-ipad-security-feature-limits-cell-networks-from-collecting-precise-location-data/