惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Scott Helme
Scott Helme
N
Netflix TechBlog - Medium
AI
AI
Security Latest
Security Latest
GbyAI
GbyAI
P
Proofpoint News Feed
Y
Y Combinator Blog
A
Arctic Wolf
G
Google Developers Blog
U
Unit 42
爱范儿
爱范儿
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
Vulnerabilities – Threatpost
Know Your Adversary
Know Your Adversary
Cisco Talos Blog
Cisco Talos Blog
T
Tor Project blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threatpost
L
Lohrmann on Cybersecurity
C
CERT Recently Published Vulnerability Notes
C
Check Point Blog
B
Blog RSS Feed
The GitHub Blog
The GitHub Blog
Microsoft Azure Blog
Microsoft Azure Blog
博客园 - 【当耐特】
博客园 - Franky
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
C
Cisco Blogs
云风的 BLOG
云风的 BLOG
NISL@THU
NISL@THU
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Microsoft Security Blog
Microsoft Security Blog
T
The Blog of Author Tim Ferriss
阮一峰的网络日志
阮一峰的网络日志
Latest news
Latest news
L
LINUX DO - 最新话题
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
美团技术团队
WordPress大学
WordPress大学
L
LangChain Blog
Stack Overflow Blog
Stack Overflow Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
酷 壳 – CoolShell
酷 壳 – CoolShell
大猫的无限游戏
大猫的无限游戏
The Hacker News
The Hacker News
Simon Willison's Weblog
Simon Willison's Weblog
V
V2EX
Project Zero
Project Zero
博客园_首页

TechCrunch

Robots beat human records at Beijing half-marathon Palantir posts mini-manifesto denouncing inclusivity and ‘regressive’ cultures TechCrunch Mobility: Uber enters its assetmaxxing era Cracks are starting to form on fusion energy’s funding boom Blue Origin successfully re-uses a New Glenn rocket for the first time ever Tesla brings its robotaxi service to Dallas and Houston VC Ron Conway says he has a ‘rare form of cancer’ AI chip startup Cerebras files for IPO Anthropic’s relationship with the Trump administration seems to be thawing The App Store is booming again, and AI may be why “Tokenmaxxing” is making developers less productive than they think Hackers are abusing unpatched Windows security flaws to hack into organizations Zoom teams up with World to verify humans in meetings Gigs turns your concert history into a personal live music archive Chef Robotics escaped the robot cooking graveyard and says it’s thriving — here’s why Uber will now pick up your returns from your doorstep Anthropic launches Claude Design, a new product for creating quick visuals Google’s AI Mode can now help you find products in stock nearby Bluesky confirms DDoS attack is cause of continued app outages Bluesky confirms DDoS attack is cause of continued app outages Netflix plans to add a vertical video feed, use AI for recommendations SaySo is a new short-form video app that aims to restore users’ trust in news Loop raises $95M to build supply chain AI that predicts disruptions Are we tokenmaxxing our way to nowhere? New leaders, new fund: Sequoia has raised $7B to expand its AI bets Netflix co-founder and chair Reed Hastings to leave board Upscale AI in talks to raise at $2B valuation, says report Physical Intelligence, a hot robotics startup, says its new robot brain can figure out tasks it was never taught From the Startup Battlefield stage to the International Space Station: geCKo Materials built a sticky product Slash, a Ramp competitor founded by teenagers, raises $100M at $1.4B valuation OpenAI takes aim at Anthropic with beefed-up Codex that gives it more power over your desktop European police email 75,000 people asking them to stop DDoS attacks Anthropic CPO leaves Figma’s board after reports he will offer a competing product Google now lets you explore the web side-by-side with AI Mode Two Americans sentenced for helping North Korea steal $5 million in fake IT worker scheme InsightFinder raises $15M to help companies figure out where AI agents go wrong AI traffic to US retailers rose 393% in Q1, and it’s boosting their revenue too Roblox’s AI assistant gets new agentic tools to plan, build, and test games Google adds Nano Banana-powered image generation to Gemini’s Personal Intelligence Google is now targeting bad ads over bad actors You’ve heard of hybrid cars. Now meet a hybrid cement plant. Runway CEO says AI could help Hollywood make 50 films instead of one $100M blockbuster Meta raises Quest 3 and Quest 3S prices due to RAM shortage Canva’s AI assistant can now call various tools to make designs for you Fashion retailer Express left customers’ personal data and order details exposed to the internet This simulation startup wants to be the Cursor for physical AI DeepL, known for text translation, now wants to translate your voice Amazon-backed X-energy files to raise up to $800M in IPO Ford EV and tech chief leaving automaker Wait, could they still actually break up Live Nation? Monarch Tractor’s collapse ends with an acquisition by Caterpillar OpenAI updates its Agents SDK to help enterprises build safer, more capable agents Hightouch reaches $100M ARR fueled by marketing tools powered by AI LinkedIn data shows AI isn’t to blame for hiring decline… yet Feds will require data centers to show their power bills AI learning app Gizmo levels up with 13M users and a $22M investment Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Google rolls out a native Gemini app for Mac This Khosla-backed autonomous pod startup just raised $170M — now it’s aiming for more Accel raises $5B to back late-stage bets India’s vibe-coding startup Emergent enters OpenClaw-like AI agent space Anthropic shrugs off VC funding offers valuing it at $800B+, for now Motorola sues social platforms and creators over posts, raising speech concerns in India Airwallex is about to take on Stripe and the rest of the payments industry — in the physical world After sale of its shoe business, Allbirds pivots to AI Sweden blames Russian hackers for attempting ‘destructive’ cyberattack on thermal plant Vercel CEO Guillermo Rauch signals IPO readiness as AI agents fuel revenue surge Hack at Anodot leaves over a dozen breached companies facing extortion The largest orbital compute cluster is open for business Trump officials may be encouraging banks to test Anthropic’s Mythos model Apple reportedly testing four designs for upcoming smart glasses X says it’s reducing payments to clickbait accounts TechCrunch Mobility: Who is poaching all the self-driving vehicle talent? From LLMs to hallucinations, here’s a simple guide to common AI terms At the HumanX conference, everyone was talking about Claude Slate Auto: Everything you need to know about the Bezos-backed EV startup Walmart-owned Flipkart, Amazon are squeezing India’s quick-commerce startups Kalshi wins temporary pause in Arizona criminal case AMC will stream ‘The Audacity’ premiere in 21 parts on TikTok Sam Altman responds to ‘incendiary’ New Yorker article after attack on his home Nvidia-backed SiFive hits $3.65B valuation for open AI chips NASA Artemis II splashes down in Pacific Ocean in ‘perfect’ landing for moon mission How to watch NASA’s Artemis II splash back down to Earth TechCrunch is heading to Tokyo — and bringing the Startup Battlefield with it France to ditch Windows for Linux to reduce reliance on US tech YouTube Premium and YouTube Music are getting more expensive Every fusion startup that has raised over $100M Last 24 hours: Save up to $500 on your TechCrunch Disrupt 2026 pass PSA: If you use the Meta AI app, your friends will find out and it will be embarrassing Anthropic temporarily banned OpenClaw’s creator from accessing Claude Snap gets closer to releasing new AI glasses after years-long hiatus Stalking victim sues OpenAI, claims ChatGPT fueled her abuser’s delusions and ignored her warnings Florida AG to probe OpenAI, alleging possible connection to FSU shooting ChatGPT finally offers $100/month Pro plan EFF is the latest organization to leave X What founders can learn from Anjuna’s layoffs and recovery Volkswagen drops all-electric ID.4 in the US in pivot back to gas SUVs Florida AG announces investigation into OpenAI over shooting that allegedly involved ChatGPT StubHub to pay $10M to settle FTC allegations over ‘deceptive’ ticket pricing After data breach, $10B-valued startup Mercor is having a month
Hackers are trying to steal Signal users’ backups in new wave of widespread attacks
Lorenzo Franceschi-Bicchierai · 2026-05-29 · via TechCrunch

Hackers are targeting Signal users in an attempt to steal their chat backups as part of a new hacking campaign, TechCrunch has learned. 

On Wednesday, Washington Post analyst Josh Rogin posted a screenshot of a new kind of attack against Signal users, where hackers pretend to be the app’s support team and warn the target that their backed-up chats and media are “at risk of permanent loss due to a sync issue.” To avoid that, the message said, the target needs to share the recovery key that is used to access their online backups in the chat with the hackers. 

“This links your existing backup to your account. Failure to do this may result in losing access to your account and all stored data,” read the message purporting to come from an account called Signal Support.

This is a phishing attempt. If you get this message on Signal, do not follow the instructions. Many anti-CCP activists have also received this phishing attempt. Beware and be aware. pic.twitter.com/8J1YDcpUAX

— Josh Rogin (@joshrogin) May 27, 2026

Rogin said that several anti-Chinese Communist Party activists have received this malicious message. 

Mohammed Al-Maskati⁩, the director at Access Now’s Digital Security Helpline, which investigates cyberattacks against journalists, dissidents, and human rights activists, told TechCrunch that two people shared similar messages with him. Al-Maskati said that the two are not Chinese activists. This suggests that the hacking campaign could be more widespread and targeting other communities, or there may be different groups of hackers using the same strategy.

It’s not clear how effective the hacking campaign has been. Al-Maskati said that stealing the victim’s recovery keys for their chat backups is only one step in the attack, and that the hackers still have to take over the victim’s account. 

“We’re working on mitigations here, and monitoring,” Signal president Meredith Whittaker told TechCrunch.

In general, this type of attack relies on phishing targets, meaning tricking them into sharing some important and private information with the hackers. In this particular case, the hackers are pretending to be Signal’s support team to exploit the target’s trust in the app and the organization behind it.

It’s important to note that Signal says it “will never reach out” to users first, and will never ask for their registration code, PIN, or recovery key. That means any chat pretending to be coming from “Signal Support” is actually coming from malicious hackers. The organization publicly warned about this exact type of attack last month. 

Contact Us

Do you have more information about these attacks against Signal users? Or other similar attacks? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.

While there have been several campaigns of hackers impersonating Signal support in recent months, this is a new type of attack because it specifically targets backups, which can contain a victim’s older chats, photos, and documents.  

Previous hacking campaigns targeting Signal users attempted to hijack a victim’s account and then impersonate them, often with the potential goal of stealing the victim’s contacts or starting conversations with other people as if they were the account owner. In these cases, the hackers do not get access to past messages, since the attacks rely on them re-registering the victim’s account on a device they control. Because of how Signal is designed, older messages do not appear on the new device. 

Hackers can take over Signal accounts by hijacking someone’s phone number, for example. But Signal offers opt-in security features to protect against that, such as Registration Lock, which prevents attackers from linking a target’s number to a new device unless they steal the target’s PIN. 

In that scenario, one way to see older messages would be to access a victim’s online backup, which requires the recovery key.

Last year, Signal launched Secure Backups, a new opt-in feature that lets users upload their account’s contents to Signal’s servers, which are encrypted with a recovery key that the organization says is “never shared with Signal’s servers,” and “never leaves” the users’ device. Signal says users should store the recovery key securely on a notebook or inside a password manager. 

“Without your unique recovery key, no one (including Signal) can read, decrypt, or restore any of the data in your Secure Backup Archive,” Signal said.

That means only the user can access their archive in a scenario where they register their account on a new phone, download the encrypted backup from Signal’s servers, and then decrypt it with the recovery key. 

Updated to include comment from Signal.

When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.

Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy.

You can contact or verify outreach from Lorenzo by emailing lorenzo@techcrunch.com, via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram.

View Bio