If you're a fan of cyber news but don't know where to begin, my free newsletter ~ this week in security ~ is a weekly roundup of all the cyber news you need to know, plus the happy corner and a weekly featured cyber cat. No email open or link tracking.
Out Sundays. Sign up now to get this week's edition.
https://this.weekinsecurity.com/
4.5.2025 15:50If you're a fan of cyber news but don't know where to begin, my free newsletter ~ this week in security ~ is a weekly roundup of all...A long, brilliant weekend read: @lorenzofb chatted with the head of Riot Games' anti-cheat team about how the video game maker is fighting its war against cheaters and cheat makers, including infiltrating cheat communities and using psychological tricks to discredit cheaters.
https://techcrunch.com/2025/05/03/how-riot-games-is-fighting-the-war-against-video-game-hackers
3.5.2025 13:06A long, brilliant weekend read: @lorenzofb chatted with the head of Riot Games' anti-cheat team about how the video game maker is...Excellent @lhn headline. https://www.wired.com/story/mike-waltz-has-somehow-gotten-even-worse-at-using-signal/
2.5.2025 20:58Excellent @lhn headline. https://www.wired.com/story/mike-waltz-has-somehow-gotten-even-worse-at-using-signal/After hearing about Raw's planned wearable (which sounds rife for abuse), I tested the Raw dating app using dummy data and a network traffic analysis tool (Burp Suite, ftw). Within a few minutes, I found Raw's servers were publicly exposing users' profile data — and granular location — to the web.
After contacting the Raw's co-founder, the bug was fixed. When I asked, the company confirmed it hadn't asked for a third-party security audit of its app.
https://techcrunch.com/2025/05/02/dating-app-raw-exposed-users-location-data-personal-information
2.5.2025 18:08After hearing about Raw's planned wearable (which sounds rife for abuse), I tested the Raw dating app using dummy data and a network...New, by me: Dating app Raw (which this week said it's planning to release a hardware wearable for tracking partners' emotions) claims to use end-to-end encryption.
But when we tried the app this week, I found it was exposing users' location data and personal information to the web — no password needed.
https://techcrunch.com/2025/05/02/dating-app-raw-exposed-users-location-data-personal-information
2.5.2025 18:01New, by me: Dating app Raw (which this week said it's planning to release a hardware wearable for tracking partners' emotions)...Not clear on who the partners are, but Bleeping Computer reported earlier this week that Scattered Spider, the English-language hackers known for their social engineering skills for gaining initial access to companies (aka advanced persistent teenagers) were involved in the hacks.
2.5.2025 17:50Not clear on who the partners are, but Bleeping Computer reported earlier this week that Scattered Spider, the English-language hackers...Bloomberg reporting that DragonForce ransomware gang "and its partners" were behind cyberattacks targeting U.K. retail giants Marks & Spencer, Co-op and Harrods.
The gang also claimed to have stolen customer data.
2.5.2025 17:42Bloomberg reporting that DragonForce ransomware gang "and its partners" were behind cyberattacks targeting U.K. retail giants...If there's one thing I've learned about covering cybersecurity over the past decade or so, is that the cybersecurity community (the fixers and breakers) and the cybersecurity industry (profits above all else) are two very, very different things.
30.4.2025 12:16If there's one thing I've learned about covering cybersecurity over the past decade or so, is that the cybersecurity community (the...The letter reads in part: "An independent infosec community is fundamental to protecting our democracy, and to the profession itself. It is only by allowing us to do our jobs and report truthfully on systems in an impartial and factual way without fear of political retribution that we can hope to secure those systems."
https://www.eff.org/document/chris-krebs-support-letter-april-28-2025
28.4.2025 18:38The letter reads in part: "An independent infosec community is fundamental to protecting our democracy, and to the profession itself....Electronic Frontier Foundation and dozens of leading cyber and election security experts have signed an open letter saying they "unequivocally condemn" the Trump order targeting former CISA director Chris Krebs, and demand the order is rescinded.
28.4.2025 18:35Electronic Frontier Foundation and dozens of leading cyber and election security experts have signed an open letter saying they...The federal case is 2:24-cr-00232. Here's our previous reporting from February on Wagenius pleading guilty, via @lorenzofb: https://techcrunch.com/2025/02/19/us-army-soldier-pleads-guilty-to-att-and-verizon-hacks/
28.4.2025 15:37The federal case is 2:24-cr-00232. Here's our previous reporting from February on Wagenius pleading guilty, via @lorenzofb:...New: The sentencing of Cameron Wagenius, the U.S. Army soldier who pleaded guilty in February to hacking AT&T and Verizon and stealing a huge trove of customer phone records, will likely be delayed until September "in anticipation of additional charges being filed." No word on what new charges yet.
28.4.2025 15:36New: The sentencing of Cameron Wagenius, the U.S. Army soldier who pleaded guilty in February to hacking AT&T and Verizon and stealing a...My weekly newsletter ~ this week in security ~ is out, with stories on Signalgate 2.0, ex-CISA chief Easterly's warning on politicizing cyber, two major health-related breaches, Recall returns, an employee snooptech leak, and much more. Plus, the happy corner (because we all need it) and a brand new cyber cat.
Sign up/RSS: https://this.weekinsecurity.com
Read online: https://mailchi.mp/weekinsecurity/this-week-in-security-april-27-2025-edition
Donate/support appreciated: https://ko-fi.com/thisweekinsecurity
27.4.2025 23:33My weekly newsletter ~ this week in security ~ is out, with stories on Signalgate 2.0, ex-CISA chief Easterly's warning on politicizing...More details here on the DOJ revoking media protections, plus the memo.
25.4.2025 21:27More details here on the DOJ revoking media protections, plus the...The Biden administration said as a result it (largely) wouldn't go after journalists' records, but we only had its pinky-promise. The Senate had an opportunity to codify this into law with the PRESS Act — the House passed it with unanimous bipartisan support(!!) — but it failed, reportedly with only one or two senators holding out.
My story from last year:
https://techcrunch.com/2024/12/04/last-chance-for-the-senate-to-pass-the-press-act/
25.4.2025 21:09The Biden administration said as a result it (largely) wouldn't go after journalists' records, but we only had its pinky-promise....Folks seem to forget that the first Trump administration secretly obtained the phone records of journalists at the NYT, CNN and WaPo in an effort to identify their sources, and we only found out about it after the Biden administration took office, disclosed it, and stopped the practice.
https://www.axios.com/2025/04/25/bondi-doj-garland-subpoena-journalists
25.4.2025 21:04Folks seem to forget that the first Trump administration secretly obtained the phone records of journalists at the NYT, CNN and WaPo in an...We've updated our TechCrunch security glossary with new cybersecurity terms that we frequently use and how/why we use them.
Now includes crypto, sandbox, the dark web — and, for whoever needs to see this, operational security aka OPSEC.
https://techcrunch.com/2025/04/25/techcrunch-reference-guide-to-security-terminology/
25.4.2025 18:41We've updated our TechCrunch security glossary with new cybersecurity terms that we frequently use and how/why we use them. Now includes...Alarming to see news of the FBI arresting a serving judge for allegedly obstructing an ICE arrest, and then the FBI director tweeting about it — only to delete it shortly after. Very unclear situation.
25.4.2025 15:14Alarming to see news of the FBI arresting a serving judge for allegedly obstructing an ICE arrest, and then the FBI director tweeting about...New: Connecticut's largest healthcare system, Yale New Haven Health, says a data breach affects at least 5.5 million people.
When I asked about the nature of the incident, a spokesperson said the hack tracks as ransomware and that law enforcement are investigating.
25.4.2025 14:10New: Connecticut's largest healthcare system, Yale New Haven Health, says a data breach affects at least 5.5 million people. When I...Powerful words from former CISA director Jen Easterly in a post on LinkedIn, warning of the "targeting and removal of nonpartisan public servants and the normalization of loyalty oaths."
"If we — who aim to protect critical systems — can’t defend the humans who manage and maintain them, what exactly are we securing?"
Full read: https://www.linkedin.com/pulse/what-we-really-securing-jen-easterly-auyae
25.4.2025 13:29Powerful words from former CISA director Jen Easterly in a post on LinkedIn, warning of the "targeting and removal of nonpartisan...⬆️
⬇️