Brutkey

Lorenzo Franceschi-Bicchierai
@lorenzofb@infosec.exchange

Do you have any tips about cybersecurity, surveillance, spyware, zero-days...all things cyber?

Contact me here: ☎️ Signal: + 1 917 257 1382

📷Keybase/Telegram: lorenzofb

Lorenzo Franceschi-Bicchierai
@lorenzofb@infosec.exchange

NEW: Microsoft handed the FBI the recovery keys to decrypt the hard drives of three laptops encrypted with BitLocker.

BitLocker is enabled by default in modern Windows laptops, but Microsoft also prompts users to upload the recovery keys to the company's cloud, which opens up this possibility.

http://techcrunch.com/2026/01/23/microsoft-gave-fbi-a-set-of-bitlocker-encryption-keys-to-unlock-suspects-laptops-reports/

Lorenzo Franceschi-Bicchierai
@lorenzofb@infosec.exchange

NEW: A hacktivist (@back2theRoot@chaos.social) dressed as Pink Ranger from the Power Rangers wiped three white supremacist websites on stage at the end of a talk at Chaos Communication Congress (39C3).

The hacker also published users’ data, including full profiles with pictures and geolocation, on the website okstupid.lol.

The three racist websites are still down, a week after the live hack.

http://techcrunch.com/2026/01/05/hacktivist-deletes-white-supremacist-websites-live-on-stage-during-hacker-conference/

Lorenzo Franceschi-Bicchierai
@lorenzofb@infosec.exchange

The Cyber Police Department of Ukraine sent this email to me, @zackwhittaker@mastodon.social, and some other cyber journalists.

Basically, it seems they are asking for help going after hackers expecting journalists to share information we would never share with law enforcement. Nope, this is not how it works.

Lorenzo Franceschi-Bicchierai
@lorenzofb@infosec.exchange

NEW: The U.K. government is reportedly once again requesting Apple build a backdoor so government officials can access end-to-end encrypted iCloud backups in the country.

Last time this happened, Apple disabled iCloud's Advanced Data Protection, the opt-in feature that lets users encypt cloud backups.

https://techcrunch.com/2025/10/01/uk-government-tries-again-to-access-encrypted-apple-customer-data-report/

Lorenzo Franceschi-Bicchierai
@lorenzofb@infosec.exchange

SCOOP: ICE's Homeland Security Investigation signed a $3 million contract with Magnet Forensics, which makes phone hacking tech for law enforcement agencies that is "essential to mission of protecting national security & public."

Magnet Forensics makes the phone unlocking system Graykey.

We also found other recent contracts for the same technology for HSI in Charlotte and Detroit.

http://techcrunch.com/2025/09/18/ice-unit-signs-new-3-million-contract-for-phone-hacking-tech/

Lorenzo Franceschi-Bicchierai
@lorenzofb@infosec.exchange

NEW: Here's how @zackwhittaker.com found that TeaOnHer was spilling the personal data of its users — including photos of drivers' licenses — on the internet, for all to see.

The security issues were so trivial all it took him was around ten minutes.

The result is that anyone could have scraped all the users' IDs just by looking around the app's API.

https://techcrunch.com/2025/08/13/how-we-found-teaonher-spilling-users-drivers-licenses-in-less-than-10-minutes/

Lorenzo Franceschi-Bicchierai
@lorenzofb@infosec.exchange

What's worse, when Zack reached out to the app's developer, he initially dismissed the concerns.

“You must have us confused with ‘the Tea app’," referring to the dating safety app for women that his app was trying to replicate (but for men.) Then he quietly fixed the issues and ghosted us.

https://techcrunch.com/2025/08/13/how-we-found-teaonher-spilling-users-drivers-licenses-in-less-than-10-minutes/

Lorenzo Franceschi-Bicchierai
@lorenzofb@infosec.exchange

NEW: Here's how @zackwhittaker.com found that TeaOnHer was spilling the personal data of its users — including photos of drivers' licenses — on the internet, for all to see.

The security issues were so trivial all it took him was around ten minutes.

The result is that anyone could have scraped all the users' IDs just by looking around the app's API.

https://techcrunch.com/2025/08/13/how-we-found-teaonher-spilling-users-drivers-licenses-in-less-than-10-minutes/

Lorenzo Franceschi-Bicchierai
@lorenzofb@infosec.exchange

NEW: Two hackers broke into the computer of a hacker allegedly working for the North Korean spy group known as "Kimsuky."

The hackers then leaked a treasure trove of stolen data, exposing a North Korean spy operation against South Korean targets.

“Kimsuky, you’re not a hacker. You are driven by financial greed, to enrich your leaders, and to fulfill their political agenda. You steal from others and favour your own. You value yourself above the others: You are morally perverted,” the two wrote in their Phrack magazine article. “You hack for all the wrong reasons.”

https://techcrunch.com/2025/08/12/hackers-breach-and-expose-a-major-north-korean-spying-operation/

Lorenzo Franceschi-Bicchierai
@lorenzofb@infosec.exchange

NEW: U.S. government announces seizure of servers and $1 million in Bitcoin from cybercriminal gang behind the Royal and Blacksuit ransomware.

https://techcrunch.com/2025/08/11/u-s-government-seized-1-million-from-russian-ransomware-gang/

Lorenzo Franceschi-Bicchierai
@lorenzofb@infosec.exchange

NEW: Electronic Arts was forced to respond to a flood of cheaters in Battlefield 6's open beta this weekend.

The company says it blocked more than 300,000 to cheat, and that players reported 104,000 "instances of potential cheaters."

https://techcrunch.com/2025/08/11/electronic-arts-blocks-more-than-300000-attempts-to-cheat-after-launching-battlefield-6-beta/