Zack Whittaker

Zack Whittaker

Security Editor

Zack Whittaker is the security editor at TechCrunch. You can send tips securely via Signal and WhatsApp to +1 646-755-8849. He can also be reached by email at zack.whittaker@techcrunch.com.

The Latest from Zack Whittaker

A government watchdog spent $15,000 to crack a federal agency’s passwords in minutes

A government watchdog has published a scathing rebuke of the Department of the Interior’s cybersecurity posture, finding it was able to crack thousands of employee user accounts because the depa

Microsoft ends Windows 7 security updates

Pour one out for Windows 7, the decade-old operating system that today reached the end of the security line. Some three years after Microsoft called time on mainstream support of Windows 7, the techno

Meet the cybercriminals of 2022

Arrested, seized, doxed and detained. These are just some of the ways police and prosecutors around the world took down the biggest cybercrime operations of the year, even if it meant resorting to new

It’s all in the (lack of) details: 2022’s badly handled data breaches

Data breaches can be extremely harmful to organizations of all shapes and sizes — but it’s how these companies react to the incident that can deal their final blow. While we’ve seen some exc

LastPass says hackers stole customers’ password vaults

Password manager giant LastPass has confirmed that cybercriminals stole its customers’ encrypted password vaults, which store its customers’ passwords and other secrets, in a data breach e

Even the FBI says you should use an ad blocker

This holiday season, consider giving the gift of security with an ad blocker. That’s the takeaway message from an unlikely source — the FBI — which this week issued an alert warning that cyb

Support King, banned by FTC, linked to new phone spying operation

A year after it was banned by the Federal Trade Commission, a notorious phone surveillance company is back in all but name, a TechCrunch investigation has found. A groundbreaking FTC order in 2021 ban

Parsing LastPass’ data breach notice

Two weeks ago, the password manager giant LastPass disclosed its systems were compromised for a second time this year. Back in August, LastPass found that an employee’s work account was compromi

Apple fixes ‘actively exploited’ zero-day security vulnerability affecting most iPhones

Apple has confirmed that an iPhone software update it released two weeks ago fixed a zero-day security vulnerability that it now says was actively exploited. The update, iOS 16.1.2, landed on November

Xnspy stalkerware spied on thousands of iPhones and Android devices

A little-known phone monitoring app called Xnspy has stolen data from tens of thousands of iPhones and Android devices, the majority whose owners are unaware that their data has been compromised. Xnsp

Florida state tax website bug exposed filers’ data

A security flaw on the Florida Department of Revenue website exposed at least hundreds of taxpayers’ Social Security numbers and bank account numbers, a security researcher found. Kamran Mohsin

LastPass says it was breached — again

Password manager LastPass said it’s investigating a security incident after its systems were compromised for the second time this year. LastPass chief executive Karim Toubba said in a blog post

Hackers are locking out Mars Stealer operators from their own servers

A security research and hacking startup says it has found a coding flaw that allows it to lock out operators of the Mars Stealer malware from their own servers and release their victims. Mars Stealer

Booz Allen says former staffer downloaded employees’ personal data

U.S. government contractor Booz Allen Hamilton has disclosed that a former staffer downloaded potentially tens of thousands of employees’ personal information from the company’s internal

A simple Android lock screen bypass bug landed a researcher $70,000

Google paid the security researcher for reporting a bug that skirted Android lock screen protections.

Google says surveillance vendor targeted Samsung phones with zero-days

Google says it has evidence that a commercial surveillance vendor was exploiting three zero-day security vulnerabilities found in newer Samsung smartphones. The vulnerabilities, discovered in Samsung&

Twitter chief information security officer Lea Kissner departs

Twitter’s most senior cybersecurity staffer Lea Kissner has departed the social media giant. Kissner announced the move in a tweet on Thursday, saying they made the “hard decision” t

Aiphone door entry systems can be ‘easily’ bypassed thanks to NFC bug

The vulnerability in the door entry security system, used in government buildings and apartment complexes, cannot be fixed.

SolarWinds says it’s facing SEC ‘enforcement action’ over 2020 hack

The long hangover from a 2020 state-sponsored compromise still isn’t over for SolarWinds, as the software giant targeted by Russian government hackers has to pony up $26 million to shareholders

Twitter to delay verification check mark rollout until after US midterm elections

Twitter is reportedly delaying the rollout of verification check marks to subscribers as the social network attempts to steer clear of possible impact to Tuesday’s midterm elections. The Elon Mu
Load More