Lorenzo Franceschi-Bicchierai

Senior Reporter, Cybersecurity, TechCrunch

Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy. You can contact Lorenzo securely on Signal at +1 917 257 1382, on Keybase/Telegram/Wire @lorenzofb, or via email at lorenzo@techcrunch.com.

Lorenzo Franceschi-Bicchierai

Latest from Lorenzo Franceschi-Bicchierai

U.S. consulting firm Greylock McKinnon Associates (GMA) disclosed a data breach in which hackers stole as many as 341,650 Social Security numbers. The data breach was disclosed on Friday on…

Hackers stole 340,000 Social Security numbers from government consulting firm

Featured Article

Price of zero-day exploits rises as companies harden products against hackers

Tools that allow government hackers to break into iPhones and Android phones, popular software like the Chrome and Safari browsers, and chat apps like WhatsApp and iMessage, are now worth millions of dollars — and their price has multiplied in the last few years as these products get harder to…

8:00 am PDT • April 6, 2024
Price of zero-day exploits rises as companies harden products against hackers

Video game giant Activision is investigating a hacking campaign that’s targeting players with the goal of stealing their credentials, TechCrunch has learned. At this point, the hackers’ specific goals —…

Activision investigating password-stealing malware targeting game players

In 2016, Facebook launched a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers. The goal was to understand users’ behavior…

Facebook snooped on users’ Snapchat traffic in secret project, documents reveal

Featured Article

Investors’ pledge to fight spyware undercut by past investments in US malware maker

On Monday, the Biden administration announced that six new countries had joined an international coalition to fight the proliferation of commercial spyware, sold by companies such as NSO Group or Intellexa. Now, some investors have announced that they too are committed to fighting spyware. But at least one of those…

6:47 am PDT • March 22, 2024
Investors’ pledge to fight spyware undercut by past investments in US malware maker

On Sunday, the world of video games was shaken by a hacking and cheating scandal. During a competitive esports tournament of Apex Legends, a free-to-play shooter video game played by…

Apex Legends hacker said he hacked tournament games ‘for fun’

The Pokémon Company said it detected hacking attempts against some of its users and reset those user account passwords. Last week, an alert was visible on Pokémon’s official support website…

Pokémon resets some users’ passwords after hacking attempts

On Sunday, two competitive esports players appeared to get hacked during a live-streamed game, prompting the organizers to postpone the tournament. Players were competing in the Apex Legends Global Series,…

Esports league postponed after players hacked midgame

Featured Article

Four things we learned when US intelligence chiefs testified to Congress

Cyberattacks, regional conflict, weapons of mass destruction, terrorism, commercial spyware, AI, misinformation, disinformation, deepfakes and TikTok. These are just some of the top perceived threats that the United States faces, according to the U.S. government’s intelligence agency’s latest global risk assessment. The unclassified report published Monday — sanitized for public…

3:20 pm PDT • March 11, 2024
Four things we learned when US intelligence chiefs testified to Congress

Earlier this week, the U.S. government announced sanctions against the founder of a controversial government spyware maker, Tal Dilian, and his business associate, Sara Aleksandra Fayssal Hamou. In announcing the…

Spyware makers express concern after US sanctions spyware veteran

On Friday, Microsoft said Russian government hackers continue to break into its systems using information obtained during a hack last year. This time, the Russian hackers dubbed Midnight Blizzard have…

Russian spies keep hacking into Microsoft in ‘ongoing attack,’ company says

The U.S. government announced Tuesday sanctions against the founder of the notorious spyware company Intellexa and one of his business partners. This is the first time the U.S. government has…

US sanctions founder of spyware maker Intellexa for targeting Americans

Featured Article

Elon Musk switched on X calling by default: Here’s how to switch it off

In his quest to turn a simple and functioning Twitter app into X, the everything app that doesn’t do anything very well, Elon Musk launched audio and video calling on X last week — and this new feature is switched on by default, it leaks your IP address to anyone…

3:40 pm PST • March 4, 2024
Elon Musk switched on X calling by default: Here’s how to switch it off

A U.S. government watchdog stole more than 1GB of seemingly sensitive personal data from the cloud systems of the U.S. Department of the Interior. The good news: The data was…

A government watchdog hacked a US federal agency to stress-test its cloud security

Several internet-connected doorbell cameras have a security flaw that allows hackers to take over the camera by just holding down a button, among other issues, according to research by Consumer…

Popular video doorbells can be easily hijacked, researchers find

Featured Article

Spyware leak offers ‘first-of-its-kind’ look inside Chinese government hacking efforts

Over the weekend, someone posted a cache of files and documents apparently stolen from the Chinese government hacking contractor, I-Soon. This leak gives cybersecurity researchers and rival governments an unprecedented chance to look behind the curtain of Chinese government hacking operations facilitated by private contractors. Like the hack-and-leak operation that…

8:05 am PST • February 23, 2024
Spyware leak offers ‘first-of-its-kind’ look inside Chinese government hacking efforts

Featured Article

Spyware startup Variston is losing staff — some say it’s closing

In July 2022, someone sent Google a batch of malicious code that could be used to hack Chrome, Firefox, and PCs running Microsoft Defender. That code was part of an exploitation framework called Heliconia. And at the time, the exploits used to target those applications were zero-days, meaning the software…

12:05 pm PST • February 15, 2024
Spyware startup Variston is losing staff — some say it’s closing

A bug in the online forum for the fertility tracking app Glow exposed the personal data of around 25 million users, according to a security researcher. The bug exposed users’…

Fertility tracker Glow fixes bug that exposed users’ personal data

Government hackers last year exploited three unknown vulnerabilities in Apple’s iPhone operating system to target victims with spyware developed by a European startup, according to Google. On Tuesday, Google’s Threat…

Government hackers targeted iPhone owners with zero-days, Google says

In 2019, Apple announced it would start sending some security researchers a “special” version of the iPhone designed to be used to find vulnerabilities, which could then be reported to…

Here is Apple’s official ‘jailbroken’ iPhone for security researchers

On Sunday, a user in a well-known hacking forum advertised what they claimed was a cache of stolen data from the rental car giant Europcar. The user claimed to have…

Europcar says someone likely used ChatGPT to promote a fake data breach

On Tuesday, hackers stole around $112 million of the Ripple-focused cryptocurrency XRP from a crypto wallet, Ripple’s co-founder and executive chairman has disclosed. Ripple’s Chris Larsen said on Wednesday that…

Hackers steal $112 million of XRP Ripple cryptocurrency

On Friday, Microsoft revealed that it had been the victim of a hack carried out by Russian government spies. Now, a week later, the technology giant said that it was…

Microsoft says Russian hackers also targeted other organizations

In a data breach notification letter filed with regulators this weekend, 23andMe revealed that hackers started breaking into customers’ accounts in April 2023 and continued through most of September. In…

23andMe admits it didn’t detect cyberattacks for months

Wouldn’t you want to know what tech giants know about you? That’s exactly what Russian government hackers want, too. On Friday, Microsoft disclosed that the hacking group it calls Midnight…

Hackers breached Microsoft to find out what Microsoft knows about them

Internet monitoring firms say a near-total internet blackout in Gaza is reaching its seventh day, the longest outage of the ongoing Israel-Hamas conflict so far. Doug Madory, the director of…

Web monitors say Gaza week-long internet outage is longest yet

Anyone who knows your WhatsApp number can figure out if you are only using the mobile app, or its companion web or desktop apps, a security researcher found. Tal Be’ery,…

PSA: Anyone can tell if you are using WhatsApp on your computer

Facing more than 30 lawsuits from victims of its massive data breach, 23andMe is now deflecting the blame to the victims themselves in an attempt to absolve itself from any…

23andMe tells victims it’s their fault that their data was breached

For yet another year, hackers stole billions of dollars in crypto. But for the first time since 2020, the trend is downwards, according to crypto security firms. This year, hackers…

Hackers stole $2 billion in crypto in 2023, data shows

Featured Article

These are the cybersecurity stories we were jealous of in 2023

Back in 2018, my former colleague at VICE Motherboard Joseph Cox and I started publishing a list of the best cybersecurity stories that were published elsewhere. It wasn’t just a way to tip our hats at our friendly competitors; by pointing to other publications’ stories, we were giving our readers…

4:00 am PST • December 22, 2023
These are the cybersecurity stories we were jealous of in 2023