Do you have any tips about cybersecurity, surveillance, spyware, zero-days...all things cyber? Contact me here: ☎️ Signal: + 1 917 257 1382 📷Keybase/Telegram: lorenzofb

@lorenzofb I decided to test whether EXIF data is removed from images sent over X's new encrypted chat feature like Signal and other messengers do. I can confirm it is not. I was able to extract information including GPS coordinates from a test image sent to me.

Read more:

Breaking my X abstinence to post a quick PSA on X Chat, the supposedly end-to-end encrypted chat here. Experts told me that nobody should trust it at this point.

I am at SummerCon today too, and ~ extremely ~ easy to find, so come say hi. If you prefer, I’m also on Signal (+1 917 257 1382)

If you are at SummerCon and want to say hi, I’m here. DM me or ping me on Signal +1 917 257 1382

Read the story of what Kaspersky calls a “legendary” hacking group here: https://t.co/eGKXgJaes0

NEW: More than a decade ago, Kaspersky discovered a mysterious "elite" hacking group it called Careto (“The Mask”), which then vanished and only resurfaced last year. We can now reveal that researchers who investigated it were confident that the Spanish government was behind it.

Hacker Conference HOPE Says U.S. Immigration Crackdown Caused Massive Crash in Ticket Sales 🔗 https://t.co/TIhZ6BwHaT https://t.co/TIhZ6BwHaT

1989: FBI Director William Sessions said "Viruses are easy to create and propagate, require little expertise, and may be nearly impossible to prevent or detect."

In case you are wondering, this chart shows what U.S. carriers do if they receive a government surveillance request.

NEW: Sen. Ron Wyden says AT&T, T-Mobile, and Verizon were not notifying senators of surveillance requests, despite being required to do so. Wyden also revealed — without naming it — that one carrier secretly turned over Senate data to law enforcement. https://t.co/IQSQaeDBal

NEW: Coinbase says its recent data breach affected at least 69,000 customers. Compmay said breach dates back to Dec. 26, 2024 and continued until earlier this month. Stolen data is great for doxing or even physical attacks. https://t.co/5QjKLQ8LVC

WaPo reports that NSO wanted to pitch its spyware to be used in Trump's immigration crackdown.

More bad news for NSO Group after it lost the lawsuit with WhatsApp.

NEW: A Massachusetts student plead guilty to hacking and extorting a U.S. education tech company. Prosecutors said the hacker stole personal data on 60 million students and 10 million teachers. And all signs point to that victim being PowerSchool. https://t.co/wvGcou9jcO

Despite what CISA says, Google told me: "there has been no reports of or evidence of exploitation of the vulnerability. We are reaching out to CISA for clarification of their categorization."

The pope's funeral, now Cannes. I expected Assange to spend most of his time posting on Twitter but I guess is all about IRL experiences these days.

The last time the UAE did this it ended up poorly for most people involved, so I'm sure it will go well this time.

NEW: Cocospy, Spyic and Spyzie, the stalkerware apps that were breached earlier this year and caught spying on millions of people's phones, now appear to have shut down. The apps not working, their websites gone, and Amazon-hosted cloud storage deleted. https://t.co/2bAVQRTf8k

NEW: The U.S. Department of Justice announced that Eric Council Jr. was sentenced to 14 months in prison for the hack of the U.S. Securities and Exchange Commission's X account. https://t.co/mryvHLA1Pv