Carly Page

Carly Page

Sr. Reporter, Cybersecurity

Carly Page is a Senior Reporter at TechCrunch, where she covers the cybersecurity beat. She has spent more than a decade in the technology industry, writing for titles including Forbes, TechRadar and WIRED.

You can contact Carly securely on Signal at +441536 853956 or via email at

The Latest from Carly Page

Microsoft employees exposed internal passwords in security lapse

The tech giant secured a cloud storage server that was inadvertently spilling Microsoft internal data and credentials to the open internet.

Should we ban ransom payments?

As cybercriminals continue to reap the financial rewards of their attacks, talk of a federal ban on ransom payments is getting louder. U.S. officials have long urged against paying ransom demands. But

NSA says it’s tracking Ivanti cyberattacks as hackers hit US defense sector

The U.S. National Security Agency has confirmed that hackers exploiting flaws in Ivanti’s widely used enterprise VPN appliance have targeted organizations across the U.S. defense sector. NSA spokesp

Feds hack LockBit, LockBit springs back. Now what?

Days after it was knocked offline by a sweeping, years-in-the-making law enforcement operation, the notorious Russia-based LockBit ransomware group has returned to the dark web with a new leak site co

Researchers say easy-to-exploit security bugs in ConnectWise remote-access software now under mass attack

Security researchers say a pair of easy-to-exploit flaws in a popular remote-access tool used by more than a million companies around the world are now being mass exploited, with hackers abusing the v

Hackers are exploiting ConnectWise flaws to deploy LockBit ransomware, security experts warn

Security experts are warning that a pair of high-risk flaws in a popular remote access tool are being exploited by hackers to deploy LockBit ransomware — days after authorities announced that they h

Researchers warn high-risk ConnectWise flaw under attack is ’embarrassingly easy’ to exploit

Security experts are warning that a high-risk vulnerability in a widely used remote access tool is “trivial and embarrassingly easy” to exploit, as the software’s developer confirms

Six things we learned from the LockBit takedown

A sweeping law enforcement operation led by the U.K.’s National Crime Agency (NCA) this week took down LockBit, the notorious Russia-linked ransomware gang that for years has wreaked havoc on busine

Authorities disrupt operations of notorious LockBit ransomware gang

A coalition of international law enforcement agencies, including the U.S. Federal Bureau of Investigation and the U.K.’s National Crime Agency, have disrupted the operations of the notorious LockBit

Why are ransomware gangs making so much money?

For many organizations and startups, 2023 was a rough year financially, with companies struggling to raise money and others making cuts to survive. Ransomware and extortion gangs, on the other hand, h

BMW security lapse exposed sensitive company information, researcher finds

A misconfigured cloud storage server belonging to automotive giant BMW exposed sensitive company information, including private keys and internal data, TechCrunch has learned. Can Yoleri, a security r

UK utility giant Southern Water says hackers stole personal data of hundreds of thousands of customers

U.K.-based water utility Southern Water has confirmed that hackers stole the personal data of as many as 470,000 customers in a recent data breach. Southern Water, which provides water and wastewater

Researchers say attackers are mass-exploiting new Ivanti VPN flaw

Hackers have begun mass exploiting a third vulnerability affecting Ivanti’s widely used enterprise VPN appliance, new public data shows. Last week, Ivanti said it had discovered two new security fla

China-backed Volt Typhoon hackers have lurked inside US critical infrastructure for ‘at least five years’

China-backed hackers have maintained access to American critical infrastructure for “at least five years” with the long-term goal of launching “destructive” cyberattacks, a coalition of U.

HopSkipDrive says personal data of 155,000 drivers stolen in data breach

Student rideshare startup HopSkipDrive has confirmed a data breach involving the personal data of more than 155,000 drivers. Los Angeles-based HopSkipDrive offers an Uber-style rideshare service for c

Remote access giant AnyDesk resets passwords and revokes certificates after hack

Remote desktop software provider AnyDesk confirmed late Friday that a cyberattack allowed hackers to gain access to the company’s production systems, putting the company in lockdown for almost a wee

FTC orders Blackbaud to overhaul ‘reckless’ security practices in wake of 2020 breach

Education tech company Blackbaud agreed to settle with the U.S. Federal Trade Commission over the company’s security practices that resulted in a 2020 data breach. The FTC alleges that Blackbaud, a

US gives federal agencies 48 hours to disconnect flawed Ivanti VPN tech

U.S. cybersecurity agency CISA has ordered federal agencies to urgently disconnect Ivanti VPN appliances given the risk of malicious exploitation due to multiple software flaws. In an update to an eme

Okta lays off 400 employees — almost exactly a year after last staff cuts

U.S. access and identity management giant Okta has said it is laying off approximately 400 employees, or 7% of its global workforce. The layoffs come almost exactly a year to the day after Okta announ

US disrupts China-backed hacking operation amid warning of threat to American infrastructure

The U.S. government announced Wednesday it had disrupted a China-backed hacking operation targeting U.S. critical infrastructure, amid warnings that Beijing is preparing to cause “real-world har
Load More