Recent Posts
Social•Feb 18, 2026
Angolan Journalist Targeted with Predator Spyware, Study Shows
A new investigation from @AmnestyTech found that a journalist in Angola was targeted with Predator spyware in 2024. We also know that @citizenlab found links to Predator infrastructure in Angola in 2023, and links to FinFisher infrastructure in 2015. https://t.co/N2TIUdGKkn
By Runa Sandvik
Social•Feb 14, 2026
15 Minutes, Terminal Power Reveal OS X Implant
Decided to try Claude by revisiting a malware analysis project that I originally presented at @objective_see in 2021: the CIA's OS X implant called Green Lambert. It's amazing what you can do with a terminal and ~15 min of free...
By Runa Sandvik
Social•Feb 12, 2026
Ex‑Trenchant Exec Sold Internal Hacks to Russian Broker
Former exec at exploit development firm Trenchant, owned by L3Harris, admitted to selling internal hacking tools to a Russian broker. Did the company notify the vendors whose products were exploited so that they could be patched? https://t.co/4wKJgZoIkl
By Runa Sandvik
Social•Feb 2, 2026
Chinese Actors Hijack Notepad++ Updates, Infect Select Users
Between June and December 2025, a “likely Chinese state-sponsored group” compromised the infrastructure used by Notepad++ and served malicious updates to selectively targeted users. https://t.co/w5kp0kyy5z https://t.co/rug70afvgL
By Runa Sandvik
Social•Jan 31, 2026
Access Controls Matter More Than Tools in Secure Tip Lines
I helped design and implement the secure tip line at the New York Times in 2016. Who can access what, when, where, and how is just as important as the specific apps, tools, and settings that are used. https://t.co/bXZ9qmWkqy
By Runa Sandvik
Social•Jan 31, 2026
FBI Record Shows Reporter’s Devices Secured, Signals Disappearing
New court record from the FBI details the state of the devices seized from Washington Post reporter Hannah Natanson: phone was on w/Lockdown Mode; personal laptop was off; work laptop was on w/Touch ID; several Signal chats used disappearing messages....
By Runa Sandvik
Social•Jan 30, 2026
Norwegian Police Probe Italian Firm over FLIR Camera Installation
Police in Norway are investigating an Italian company suspected of installing high-end FLIR cameras on a rooftop overlooking Melkøya, the endpoint of the pipeline for natural gas from the Barents Sea. https://t.co/6wbZBfOLzj
By Runa Sandvik
Social•Jan 29, 2026
Apple's iPhone Privacy Shield Lacks U.S. Carrier Support
Apple’s new iPhone security feature limits cell networks from collecting precise location data, but appears to have very limited support in the U.S. at the moment. Here’s to hoping all the big carriers get on board too. https://t.co/tCJT63yJO3 https://t.co/PK9jhIlU18
By Runa Sandvik
Social•Jan 27, 2026
WhatsApp Adds Anti‑spyware Blocks for Unknown Media
Powerful new features announced by @WhatsApp today to defend against sophisticated spyware. Includes the ability to block attachments and media from people not in your contact list. https://t.co/nvd2F83n4Z
By Runa Sandvik
Social•Jan 26, 2026
Journalists Should Use Signal Usernames, Not Personal Numbers
A number of Washington Post journalists asked for tips from government workers last year and posted their personal phone numbers for @signalapp. Please know that Signal allows you to create a username, meaning you can keep your phone number private....
By Runa Sandvik
Social•Jan 24, 2026
Government May Subpoena Google, Proton for Natanson’s Accounts
Given how aggressively the government has pursued Hannah Natanson and the Washington Post, it would not surprise me if Google and Proton also received subpoenas for access to her accounts.
By Runa Sandvik
Social•Jan 23, 2026
Spain's Top Court Stalls Pegasus Probe over Israeli Silence
A “chronic lack of cooperation from the Israeli authorities” has forced Spain’s highest criminal court to shelve its investigation into use of Pegasus against Spanish ministers, inc. the prime minister. Cases uncovered by @citizenlab go back to 2021. https://t.co/GUEJ1Mq02R
By Runa Sandvik