Do it, imho

Ransomware negotiator pleads guilty to helping ransomware gang | TechCrunch A former employee of a cybersecurity firm pleaded guilty to aiding ransomware criminals to maximize their profits, with the goal of taking a cut of the ransom.

NEW: Angelo Martino, a former ransomware negotiator, pleaded guilty to helping a ransomware gang get more money — of which he took a cut — from their victims.

He was secretly playing both sides in several ransomware negotiations, and he also deployed ransomware himself with co-conspirators.

North Korea hackers blamed for $290M crypto theft | TechCrunch The hack against Kelp DAO is the largest crypto heist of the year so far.

NEW: North Korean government hackers are allegedly behind the theft of more than $290 million in crypto.

This is now the largest crypto heist of the year, after another recent one of $285 million.

techcrunch.com/2026/04/20/n...

App host Vercel says it was hacked and customer data stolen | TechCrunch Vercel blamed its breach on an earlier hack at Context AI, which allowed hackers to hijack a Vercel employee's account to steal customer data.

NEW by me: Cloud app host Vercel says it was hacked & that some customers' data was taken.

Vercel blames an earlier breach at Context AI. Hackers allegedly used their access in March to hack a Vercel employee, who had linked a Context AI app to their work account. (*deleted earlier incorrect post)

How hackers are helping criminal gangs hijack truck deliveries Cargo hijackings are on the rise, as cybercriminals use remote access tools to track and divert large shipments of high-end goods from delivery trucks around the world.

For this.weekinsecurity.com, I wrote about how hackers are helping criminal gangs hijack and steal delivery trucks packed full of consumer goods — from vapes to lobster meat heists, to potentially 12 tons of KitKat bars.

It's a growing but underreported problem. I explain more for subscribers. ❤️

Man who hacked US Supreme Court filing system sentenced to probation | TechCrunch Nicholas Moore hacked into three U.S. government networks using stolen credentials, and then bragged about it and posted victims' personal data on Instagram under the handle @ihackedthegovernment.

NEW: Nicholas Moore, who hacked the U.S. Supreme Court's document filing system and two other government agencies, was sentenced to one year of probation.

“I made a mistake,” Moore reportedly said during the sentencing hearing. “I am truly sorry. I respect laws, and I want to be a good citizen.”

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch A security researcher published details of three security vulnerabilities in Windows Defender, and the code used to exploit them. Now, hackers are taking advantage of the vulnerabilities in real-life ...

NEW: Hackers are exploiting unpatched Windows vulnerabilities that were disclosed publicly by a disgruntled researcher.

The researcher published code to exploit these bugs on GitHub. Now someone else has taken the code and used it in at least one attack in the wild, according to a security firm.

With US spy laws set to expire, lawmakers are split over protecting Americans from warrantless surveillance | TechCrunch Some lawmakers are calling for widespread reforms following years of surveillance scandals and abuses across successive U.S. administrations. But even if the spy law known as Section 702 expires in Ap...

I wrote some words for TechCrunch about Section 702, the U.S. government's warrantless surveillance law that is set to expire on Monday.

A bipartisan pro-privacy group of lawmakers are calling for passing major reforms that they say are “essential” for protecting the privacy rights of Americans.

Tell me how you really feel Kate!

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch Europol coordinated an operation against for-hire distributed denial-of-service (DDoS) services, including the arrest of four people and the takedown of 53 domains.

NEW: Cops send emails and letters to hackers: please stop hackin'.

techcrunch.com/2026/04/16/e...

Two Americans sentenced for helping North Korea steal $5 million in fake IT worker scheme | TechCrunch The U.S. Department of Justice announced that two Americans were sentenced to years in prison for helping the North Korean government place fake IT workers in U.S. companies.

NEW: Two Americans were sentenced to seven and a half and nine years in prison for helping North Korean fake remote IT workers get jobs at more than 100 companies.

The two were running laptop farms in the U.S. in a scheme that helped the fake IT workers funnel around $5 million to the regime.

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.

Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.

Sweden blames Russian hackers for attempting 'destructive' cyberattack on thermal plant | TechCrunch Sweden's minister for civil defense said Russian hackers are "now attempting destructive cyber attacks against organizations in Europe."

NEW, by me: Sweden has blamed Russian government-linked hackers for attempting a destructive cyber attack on a thermal plant in western Sweden in 2025.

The cyberattack failed, but it's the latest in a string of Russia-linked incidents targeting critical infrastructure in Europe in recent years.

Exclusive: Fashion retailer Express left customers' personal data and order details exposed to the internet Retail giant Express was publicly spilling customer information to the open web. The bug is now fixed after TechCrunch alerted Express, but the company would not say if it plans to notify customers.

NEW, by me: Fashion retailer Express exposed customers' personal information and order details to the web for anyone to view. Some customer order pages had already been listed in search engine results.

The bug is now fixed after we alerted the company, but wouldn't say if it would notify customers.

FBI announces takedown of phishing operation that targeted thousands of victims | TechCrunch Cybercriminals allegedly used the W3LL phishing kit to target more than 17,000 victims worldwide, stealing their passwords and multi-factor authentication codes.

The FBI announced it took down the "full-service cybercrime platform" W3LL, which allowed cybercriminals to purchase a phishing kit to create fake login pages.

W3LL “facilitated the sale of more than 25,000 compromised accounts,” over the years according to the FBI.

Booking.com confirms hackers accessed customers' data | TechCrunch The travel giant notified customers that their personal data, including names, emails, physical addresses, phone numbers may have been accessed in a security incident.

NEW: Booking says hackers accessed customers’ personal data, including names, emails, physical addresses, phone numbers, and booking details.

The company refused to say how many customers' were affected by this incident.

It’s pretty jarring to read articles about the war in Iran that mention the energy crisis and the strait of Hormuz as its consequence, but don’t mention civilian casualties at all.

I feel like every article that discusses the war should include the worst consequences of it — even just two lines.

So, cyberthreaterator.com is now up and running. Look for new features and other stuff sometime soon, including a web API for generating threat names and attribution data for your own diabolical purposes.

I love it!

Oh! Is this your project?

The developers of VeraCrypt and WireGuard have both told me that they have regained access and their lockouts resolved. 👏

France to ditch Windows for Linux to reduce reliance on US tech | TechCrunch France's move to ditch Windows for Linux is its latest effort to reduce its reliance on American tech giants.

New: France said it plans to move its government computers currently running Windows to the open-source software Linux to further reduce its reliance on U.S. tech. Comes at a time of growing instability and unpredictability on the part of the Trump administration and weaponization of sanctions, etc.

Your ambitions as a billionaire are adorably humble.

Exactly!

stay tuned!

I really don't see how we explain the fact that Satoshi is sitting on top of billions in Bitcoin and not cashing them out for...reasons? Maybe they forgot the private key. Maybe they're dead. I'd be willing to bet on the second hypothesis.

I really don't believe this is a solvable mystery, given all the time, effort, and resources that have been dedicated to it. Unless Satoshi comes out themselves and tells their whole story, we will never know.

And, honestly, at this point the most likely explanation is that Satoshi is dead.

As someone who is obsessed with and would love to know the identity of Phineas Fisher, I really get the temptation to try to find Satoshi Nakamoto. I would love to know the real story there too.

But at this point, after...what? Half a dozen failed attempts? Perhaps it's time to let it go.

Thousands of North Koreans have secretly infiltrated US and European companies as remote IT workers North Korea's secret remote workers are a major threat facing U.S. and European businesses today, taking jobs in Fortune 100 and smaller companies alike. Here's how to recognize and combat the threat.

Since North Korea has been in the news thanks to two massive hacks just days apart, I'm re-sharing my long-read primer on the ongoing and major threat from North Korean hackers, what they do, how they do it, and why they're incredibly successful — so much so that they could even be your co-worker.

Italian digital rights group @osservatorionessuno.org analyzed a new sample of Spyrtacus, a used by Italian law enforcement and developed by SIO.

The delivery mechanism is the well known "fake ISP support" website and app (APK). That's why they call Spyrtacus "low-cost spyware.