Chinese Actors Hijack Notepad++ Updates, Infect Select Users
Between June and December 2025, a “likely Chinese state-sponsored group” compromised the infrastructure used by Notepad++ and served malicious updates to selectively targeted users. https://t.co/w5kp0kyy5z https://t.co/rug70afvgL
Access Controls Matter More Than Tools in Secure Tip Lines
I helped design and implement the secure tip line at the New York Times in 2016. Who can access what, when, where, and how is just as important as the specific apps, tools, and settings that are used. https://t.co/bXZ9qmWkqy
FBI Record Shows Reporter’s Devices Secured, Signals Disappearing
New court record from the FBI details the state of the devices seized from Washington Post reporter Hannah Natanson: phone was on w/Lockdown Mode; personal laptop was off; work laptop was on w/Touch ID; several Signal chats used disappearing messages....
Norwegian Police Probe Italian Firm over FLIR Camera Installation
Police in Norway are investigating an Italian company suspected of installing high-end FLIR cameras on a rooftop overlooking Melkøya, the endpoint of the pipeline for natural gas from the Barents Sea. https://t.co/6wbZBfOLzj
Apple's iPhone Privacy Shield Lacks U.S. Carrier Support
Apple’s new iPhone security feature limits cell networks from collecting precise location data, but appears to have very limited support in the U.S. at the moment. Here’s to hoping all the big carriers get on board too. https://t.co/tCJT63yJO3 https://t.co/PK9jhIlU18
WhatsApp Adds Anti‑spyware Blocks for Unknown Media
Powerful new features announced by @WhatsApp today to defend against sophisticated spyware. Includes the ability to block attachments and media from people not in your contact list. https://t.co/nvd2F83n4Z
Journalists Should Use Signal Usernames, Not Personal Numbers
A number of Washington Post journalists asked for tips from government workers last year and posted their personal phone numbers for @signalapp. Please know that Signal allows you to create a username, meaning you can keep your phone number private....
Government May Subpoena Google, Proton for Natanson’s Accounts
Given how aggressively the government has pursued Hannah Natanson and the Washington Post, it would not surprise me if Google and Proton also received subpoenas for access to her accounts.
Spain's Top Court Stalls Pegasus Probe over Israeli Silence
A “chronic lack of cooperation from the Israeli authorities” has forced Spain’s highest criminal court to shelve its investigation into use of Pegasus against Spanish ministers, inc. the prime minister. Cases uncovered by @citizenlab go back to 2021. https://t.co/GUEJ1Mq02R
Microsoft Will Surrender BitLocker Keys to Police upon Court Order
If you store your BitLocker key with Microsoft, Microsoft can and will hand the key over to law enforcement in response to valid court orders. https://t.co/FPUJZPSU3h
Essential Digital Security Guide Still Relevant After FBI Seizure
I know people are looking for digital security guides and checklists in light of the FBI seizing devices of a Washington Post reporter. Here’s a guide I wrote for @gijn in 2024, which remains up to date and relevant. https://t.co/9vBMK8r1vV
Secure Solutions for Journalists and At‑Risk Professionals
I started Granitt in 2022 to help journalists and other groups of at-risk people continue to do their work safely and securely. Please get in touch if you’re looking for an assessment, policy and process development, training, or presentation. https://t.co/5eyprsSuBF
FBI Seizes Reporter’s Devices, Including Encrypted Drive
Here are the items the FBI seized from Washington Post reporter Hannah Natanson: a recorder, two laptops, an external drive, a smart watch, an iPhone. Her December article mentioned that she stored reporting notes on an encrypted external drive, so...
Newsrooms Must Adopt Holistic Safety Beyond Digital Checklists
I spoke to @CJR about the FBI seizing devices from a @washingtonpost reporter and what newsrooms should know. The way forward here is more than just a digital security checklist, but a holistic focus on safety: physical, digital, emotional, legal....
Iran-Linked Hack Targets Middle East Gmail, WhatsApp Accounts
Spoke to @zackwhittaker about a hacking campaign targeting high-profile Gmail and WhatsApp accounts across the Middle East, found by @NarimanGharib earlier this week. Gharib believes the campaign is linked to Iran, TechCrunch was unable to attribute it. https://t.co/XH9cRWtxh2