"No, that's not Elmo posting racist and antisemetic tweets on X" is not a sentence I thought I'd have to write today, but here we are.
https://techcrunch.com/2025/07/14/sesame-street-elmo-x-account-hacked-racist-antisemetic-posts/
Real-time cyber historian of the late capitalist era @TechCrunch. Posts about infosec, surveillance by day. 🍕, ⚽️, 🎸, 🎮 by night. ☎️ Signal: +1 917 257 1382 💻 Keybase/Telegram: @ lorenzofb ✉️ lorenzo@techcrunch.com Previously: VICE Motherboard, Mashable, WIRED's Danger Room.
"No, that's not Elmo posting racist and antisemetic tweets on X" is not a sentence I thought I'd have to write today, but here we are.
https://techcrunch.com/2025/07/14/sesame-street-elmo-x-account-hacked-racist-antisemetic-posts/
Episource is one of those giant medical billing and adjustment companies (owned by UnitedHealth Group, no less) that you've probably never heard of, but was hit by ransomware.
It's one of the biggest breaches of the year so far, affecting millions. If you got a data breach notice, this is why.
NEW: Trump's One Big Beautiful bill earmarked $1,000,000,000 (yep, a billion) over 4 years for "offensive cyber operations" for the Department of Defense.
It's unclear exactly what that means, but could include zero-days, spyware, implants, infrastructure, etc.
Sen. Ron Wyden is not a fan. “Vastly expanding U.S. government hacking is going to invite retaliation — not just against federal agencies, but also rural hospitals, local governments and private companies who don’t stand a chance against nation-state hackers,” he told us.
I am at SummerCon today too, and ~ extremely ~ easy to find, so come say hi.
If you prefer, I’m also on Signal (+1 917 257 1382)
NEW: Spyware maker Paragon says its $2 million contract with ICE is still inactive and under review, meaning the company hasn’t provided its surveillance tech to the agency yet.
If the U.S. government approves the contract, Paragon will face the dilemma of continuing its relationship with an agency that’s very different today compared to when the contract was signed in 2024.
https://techcrunch.com/2025/07/11/can-an-ethical-spyware-maker-provide-its-tech-to-ice/
Very strong meme energy here.
If you are at SummerCon and want to say hi, I’m here.
DM me or ping me on Signal +1 917 257 1382
Who's going to SummerCon in NYC tomorrow and Saturday? 👀
NEW: France authorities have reportedly arrested Russian basketball player Daniil Kasatkin, who is accused of being part of a ransomware group by the U.S. government.
NEW: Over the weekend, Jack Dorsey launched an open-source chat app called Bitchat, which he promised to be “secure” and “private.”
He then later added a warning that the app not been tested or reviewed for security issues, asking people not to trust it as "it does not necessarily meet its stated security goals."
Security researchers are already finding flaws in it.
NEW: We have confirmed that Activision took a specific version of Call of Duty: WWII offline because hackers were abusing a flaw in the game to hack players.
Sources tell us that the issue was a bug that had been patched in other versions of the game, but not on the one for Microsoft Store and Game Pass, which are still offline.
NEW: The chairman of UK retail giant Marks & Spencer refused to say whether the company paid ransom to hackers who caused outages and empty shelves.
“We don't think it's in the public interest to go into that," Archie Norman told UK parliament members.
@kcheek That makes sense!
Rough start to the week if your company in any way relies on Ingram Micro.
https://techcrunch.com/2025/07/07/ingram-micro-says-ongoing-outage-caused-by-ransomware-attack/
NEW: The ransomware gang called Hunters International says it's shutting down and giving victims free decryption tools.
“This decision was not made lightly, and we recognize the impact it has on the organizations we have interacted with," the hackers wrote.
But according to a ransomware expert, the gang may be simply rebranding to the name World Leaks, and transitioning to new infrastructure, perhaps out of fear of law enforcement.
http://techcrunch.com/2025/07/03/ransomware-gang-hunters-international-says-its-shutting-down/
I just scrolled the "For You" tab on X and out of 40 tweets only 4 were cybersecurity related. I do follow some sports accounts but damn, it's worse than it's ever been. Just random post after random post. How is this useful to anyone?
India’s Max Financial says hacker accessed customer data from its insurance unit https://techcrunch.com/2025/07/02/indias-max-financial-says-hacker-accessed-customer-data-from-its-insurance-unit/?utm_source=dlvr.it&utm_medium=mastodon
Since 2017 there have been 26 stalkerware operations that were either hacked, or inadvertently exposed user and victim data (often super sensitive stuff like chat messages and pictures) online.
Spying on your loved ones is creepy and illegal. Using crappy stalkerware apps to do it makes it even worse. Please stop.
https://techcrunch.com/2025/07/02/hacked-leaked-exposed-why-you-should-stop-using-stalkerware-apps/
NEW: A security bug in an Android 'stalkerware' app called Catwatchful exposed its database of 60,000+ customers — including the site's administrator.
The exposed data is now with Have I Been Pwned.
By TechCrunch's count, this is the 5th stalkerware operation exposed *this year* alone.