Lorenzo Franceschi-Bicchierai

@[email protected]
8.6K Followers
1.8K Following
1.2K Posts

Real-time cyber historian of the late capitalist era @TechCrunch, writing about the intersection of hackers, human rights, and spies.

Also writing a book about Hacking Team and the history of government spyware.

Posts about infosec, surveillance by day. 🍕, ⚽️, 🎸, 🎮 by night. 


☎️ Signal: +1 917 257 1382

💻 Keybase/Telegram: @ lorenzofb

✉️ [email protected]

Previously: VICE Motherboard, Mashable, WIRED's Danger Room.

Twitterhttps://twitter.com/lorenzofb
Personal Sitehttps://lorenzofb.com
PronounsHe/him
Searchable viatootfinder
TechCrunchhttps://techcrunch.com/author/lorenzo-franceschi-bicchierai/
Lorenzo Franceschi-Bicchierai12m ago

NEW: Hackers are exploiting unpatched Windows vulnerabilities that were disclosed publicly by a disgruntled researcher.

The researcher published code to exploit these bugs on GitHub. Now someone else has taken the code and used it in at least one attack in the wild, according to security firm Huntress.

“With these being so easily available now, and already weaponized for easy use, for better or for worse I think that ultimately puts us in another tug-of-war match between defenders and cybercriminals,” Huntress' John Hammond told us.

http://techcrunch.com/2026/04/17/hackers-are-abusing-unpatched-windows-security-flaws-to-hack-into-organizations/

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

A security researcher published details of three security vulnerabilities in Windows Defender, and the code used to exploit them. Now, hackers are taking advantage of the vulnerabilities in real life attacks, according to a cybersecurity firm.

TechCrunch
Lorenzo Franceschi-Bicchierai3h ago
Zack Whittaker3h ago

I wrote some words for TechCrunch about Section 702, the U.S. government's warrantless surveillance law that is set to expire on Monday.

A bipartisan pro-privacy group of lawmakers are calling for passing major reforms that they say are “essential” for protecting the privacy rights of Americans.

But even if the spy law expires, a quirk in the law means the government's spy powers will not automatically lapse.

Read more: https://techcrunch.com/2026/04/17/with-us-spy-laws-set-to-expire-lawmakers-are-split-over-protecting-americans-from-warrantless-surveillance/

With US spy laws set to expire, lawmakers are split over protecting Americans from warrantless surveillance | TechCrunch

Some lawmakers are calling for widespread reforms following years of surveillance scandals and abuses across successive U.S. administrations. But even if the spy law known as Section 702 expires in April, the government's spy powers will not automatically lapse.

TechCrunch
Lorenzo Franceschi-Bicchierai23h ago

NEW: Cops send emails and letters to hackers: please stop hackin'.

https://techcrunch.com/2026/04/16/european-police-email-75000-people-asking-them-to-stop-ddos-attacks/

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch

Europol coordinated an operation against for-hire distributed denial-of-service (DDoS) services, including the arrest of four people and the takedown of 53 domains.

TechCrunch
Lorenzo Franceschi-Bicchierai1d ago

NEW: Two Americans were sentenced to seven and a half and nine years in prison for helping North Korean fake remote IT workers get jobs at more than 100 companies.

The two were running laptop farms in the U.S. in a scheme that helped the fake IT workers funnel around $5 million to the regime.

https://techcrunch.com/2026/04/16/two-americans-sentenced-for-helping-north-korea-steal-5-million-in-fake-it-worker-scheme/

Two Americans sentenced for helping North Korea steal $5 million in fake IT worker scheme | TechCrunch

The U.S. Department of Justice announced that two Americans were sentenced to years in prison for helping the North Korean government place fake IT workers in U.S. companies.

TechCrunch
Lorenzo Franceschi-Bicchierai1d ago
Zack Whittaker3d ago

New, by me: Adobe has fixed a bug in its flagship PDF readers that hackers have been abusing for at least four months to break into people's Windows and macOS computers and steal data.

A security researcher who discovered the hacks said it works by tricking victims into opening a malicious PDF.

https://techcrunch.com/2026/04/14/adobe-fixes-pdf-zero-day-security-bug-that-hackers-have-exploited-for-months/

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch

It's not clear how many people were compromised by this hacking campaign, but a security researcher said the hackers were targeting victims since at least November 2025.

TechCrunch
Lorenzo Franceschi-Bicchierai1d ago
TechCrunch2d ago
Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner. https://techcrunch.com/2026/04/14/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites/?utm_source=dlvr.it&utm_medium=mastodon
Lorenzo Franceschi-Bicchierai1d ago
Zack Whittaker2d ago

NEW, by me: Sweden has blamed Russian government-linked hackers for attempting a destructive cyber attack on a thermal plant in western Sweden in 2025.

The cyberattack failed, but it's the latest in a string of Russia-linked incidents targeting critical infrastructure in Europe in recent years.

https://techcrunch.com/2026/04/15/sweden-blames-russian-hackers-for-attempting-destructive-cyberattack-on-thermal-plant/

Sweden blames Russian hackers for attempting 'destructive' cyberattack on thermal plant | TechCrunch

Sweden's minister for civil defense said Russian hackers are "now attempting destructive cyber attacks against organizations in Europe."

TechCrunch
Lorenzo Franceschi-Bicchierai1d ago
Zack Whittaker1d ago

NEW, by me: Fashion retailer Express exposed customers' personal information and order details to the web for anyone to view. Some customer order pages had already been listed in search engine results.

The bug is now fixed after we alerted the company, but wouldn't say if it would notify customers.

https://techcrunch.com/2026/04/16/fashion-retailer-express-left-customers-personal-data-and-order-details-exposed-to-the-internet/

Exclusive: Fashion retailer Express left customers' personal data and order details exposed to the internet

Retail giant Express was publicly spilling customer information to the open web. The bug is now fixed after TechCrunch alerted Express, but the company would not say if it plans to notify customers.

TechCrunch
Lorenzo Franceschi-Bicchierai3d ago

The FBI announced it took down the "full-service cybercrime platform" W3LL, which allowed cybercriminals to purchase a phishing kit to create fake login pages.

W3LL “facilitated the sale of more than 25,000 compromised accounts,” over the years according to the FBI.

http://techcrunch.com/2026/04/13/fbi-announces-takedown-of-phishing-operation-that-targeted-thousands-of-victims/

FBI announces takedown of phishing operation that targeted thousands of victims | TechCrunch

Cybercriminals allegedly used the W3LL phishing kit to target more than 17,000 victims worldwide, stealing their passwords and multi-factor authentication codes.

TechCrunch
Lorenzo Franceschi-Bicchierai4d ago

NEW: Booking says hackers accessed customers’ personal data, including names, emails, physical addresses, phone numbers, and booking details.

The company refused to say how many customers' were affected by this incident.

http://techcrunch.com/2026/04/13/booking-com-confirms-hackers-accessed-customers-data/

Booking.com confirms hackers accessed customers' data | TechCrunch

The travel giant notified customers that their personal data, including names, email addresses, and phone numbers, may have been accessed in a security incident.

TechCrunch