Lorenzo Franceschi-Bicchierai

@[email protected]
8.5K Followers
1.8K Following
1.2K Posts

Real-time cyber historian of the late capitalist era @TechCrunch, writing about the intersection of hackers, human rights, and spies.

Also writing a book about Hacking Team and the history of government spyware.

Posts about infosec, surveillance by day. 🍕, ⚽️, 🎸, 🎮 by night. 


☎️ Signal: +1 917 257 1382

💻 Keybase/Telegram: @ lorenzofb

✉️ [email protected]

Previously: VICE Motherboard, Mashable, WIRED's Danger Room.

Twitterhttps://twitter.com/lorenzofb
Personal Sitehttps://lorenzofb.com
PronounsHe/him
Searchable viatootfinder
TechCrunchhttps://techcrunch.com/author/lorenzo-franceschi-bicchierai/
Show threadLorenzo Franceschi-Bicchierai16h ago

UPDATE: Google accused North Korean government hackers of being behind the supply chain attack against Axios.

“North Korean hackers have deep experience with supply chain attacks, which they’ve historically used to steal cryptocurrency. The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will have far reaching impacts,” said Google's John Hultquist.

https://techcrunch.com/2026/03/31/hacker-hijacks-axios-open-source-project-used-by-millions-to-push-malware/

North Korean hackers blamed for hijacking popular Axios open source project to spread malware | TechCrunch

A hacker inserted malware in Axios, an open source web tool downloaded tens of millions of times weekly, in a widespread hack.

TechCrunch
Show threadLorenzo Franceschi-Bicchierai19h ago
@lorenzomoon I don't have the expertise to answer that question definitively. I heard that GrapheneOS is very good at security, so you may be fine with either. My gut instinct is to tell you to go with Apple because it's a much larger company with an elite security team. But maybe that's a reductive argument.
Show threadLorenzo Franceschi-Bicchierai19h ago
@thedarktangent I have no idea how that happened! Just fixed
Lorenzo Franceschi-Bicchierai19h ago

NEW: Someone hijacked an open-source software development tool to push malware to millions of people.

The supply chain attack was stopped in less than three hours, but it's still unclear how many people got hacked.

https://techcrunch.com/2026/03/31/hacker-hijacks-axios-open-source-project-used-by-millions-to-push-malware/

North Korean hackers blamed for hijacking popular Axios open source project to spread malware | TechCrunch

A hacker inserted malware in Axios, an open source web tool downloaded tens of millions of times weekly, in a widespread hack.

TechCrunch
Lorenzo Franceschi-Bicchierai20h ago
Zack Whittaker20h ago

NEW: Medical data giant CareCloud says hackers had access to one of its six environments that stores patients’ electronic health records for around eight hours during a March 16 cyberattack.

CareCloud is used by 45,000 doctors, physicians, and therapists to store data on millions of patients.

I asked CareCloud if it stores patients' data across its six environments, or if some of the environments store backups of the others. This may determine how large the breach is.

https://techcrunch.com/2026/03/31/carecloud-breach-hackers-accessed-patients-medical-records-ehr/

Health data giant CareCloud says hackers accessed patients' medical records | TechCrunch

CareCloud, a major provider of medical records storage, said hackers accessed one of its repositories of patient data earlier in March. It provides technnology for more than 45,000 providers covering millions of patients.

TechCrunch
Show threadLorenzo Franceschi-Bicchierai4d ago

UPDATE: The FBI has confirmed the hack of director Kash Patel's personal gmail account, says the leaked data "is historical in nature and involves no government information."

https://techcrunch.com/2026/03/27/iranian-hackers-claim-breach-of-fbi-director-kash-patels-personal-email-account/

Lorenzo Franceschi-Bicchierai4d ago

NEW: Iranian-linked hackers claim to have breached the personal Gmail account of FBI director Kash Patel, leaking emails and photos.

We were able to confirm that at least a portion of the emails are authentic.

The U.S. has accused Iran's government of being behind the hacking group Handala.

https://techcrunch.com/2026/03/27/iranian-hackers-claim-breach-of-fbi-director-kash-patels-personal-email-account/

Iranian hackers claim breach of FBI director Kash Patel's personal email account | TechCrunch

Handala, a pro-Iranian hacking group allegedly working for Iran’s government, published emails it said were taken from the Gmail account of FBI director Kash Patel.

TechCrunch
Lorenzo Franceschi-Bicchierai4d ago

SCOOP: Apple says it's not aware of anyone using Lockdown Mode getting hacked with spyware, on all kinds of devices.

There have already been a couple of documented cases of Lockdown Mode stopping spyware attacks. And there's been one case where an advanced hacking toolkit was designed to bail out if it detected Lockdown Mode on the target device.

If you're worried about spyware, you should use turn this security feature on.

https://techcrunch.com/2026/03/27/apple-says-no-one-using-lockdown-mode-has-been-hacked-with-spyware/

Apple says no one using Lockdown Mode has been hacked with spyware | TechCrunch

The tech giant's claim that it has not seen any successful spyware attacks targeting Apple devices with Lockdown Mode enabled comes amid a leak of hacking tools targeting users running devices with older software.

TechCrunch
Show threadLorenzo Franceschi-Bicchierai5d ago
I may have to post this on X unfortunately.
Lorenzo Franceschi-Bicchierai5d ago
Who is the Chaouki of the zero-day industry these days?