DOJ Says Trenchant Boss Sold Exploits to Russian Broker Capable of Accessing ‘Millions of Computers and Devices’
The DOJ has charged Peter Williams, former general manager of Trenchant—a cyber‑offensive unit of L3Harris—with stealing eight zero‑day exploits and selling them to a Russian broker for about $1.3 million in cryptocurrency. Prosecutors say the tools could grant access to millions of computers and devices worldwide, including in the United States. The sentencing memorandum seeks a nine‑year prison term, three years supervised release, $35 million restitution and a $250,000 fine. Williams is expected to be deported to Australia after serving his sentence.
Hacktivist Scrapes over 500,000 Stalkerware Customers’ Payment Records
A hacktivist identified as “wikkid” scraped more than 536,000 payment records from the stalkerware vendor Struktura, also operating as Ersten Group. The leaked dataset reveals customer email addresses, the specific surveillance app purchased, payment amounts, card type and last four...
China’s Salt Typhoon Hackers Broke Into Norwegian Companies
The Norwegian Police Security Service has confirmed that the Chinese‑backed hacking group Salt Typhoon breached several Norwegian companies, exploiting vulnerable network devices to conduct espionage. This marks Norway as the latest nation to publicly acknowledge a Salt Typhoon intrusion. The group, described...
Data Breach at Govtech Giant Conduent Balloons, Affecting Millions More Americans
A ransomware attack in January 2025 crippled Conduent’s systems and has now been linked to at least 15.4 million affected Texans and 10.5 million Oregonians, far exceeding the company’s earlier estimate of four million victims. The breach exposed names, Social Security numbers, medical...
Notepad++ Says Chinese Government Hackers Hijacked Its Software Updates for Months
The Notepad++ developer confirmed that state‑linked Chinese hackers hijacked the editor’s update mechanism from June to December 2025, delivering malicious payloads to a limited set of users. The attackers exploited a vulnerability on a shared‑hosting server to redirect update requests...
Informant Told FBI that Jeffrey Epstein Had a ‘Personal Hacker’
A confidential informant told the FBI in 2017 that Jeffrey Epstein hired a personal hacker, described as an Italian from Calabria with expertise in iOS, BlackBerry and Firefox vulnerabilities. The informant claimed the hacker created zero‑day exploits and sold them...
Russian Hackers Breached Polish Power Grid Thanks to Bad Security, Report Says
Poland’s Computer Emergency Response Team confirmed that Russian state‑linked hackers infiltrated wind, solar and a heat‑and‑power plant by exploiting default passwords and the absence of multi‑factor authentication. The attackers deployed wiper malware that disabled monitoring systems at renewable sites, though...
Amid Trump Attacks and Weaponized Sanctions, Europeans Look to Rely Less on US Tech
European leaders are accelerating efforts to curb dependence on U.S. technology after a series of Trump‑era sanctions, including the placement of ICC judge Kimberly Prost on a sanctions list that crippled her daily life. The European Parliament’s recent report highlighted...
Saudi Satirist Hacked with Pegasus Spyware Wins Damages in Court Battle
A London High Court judge awarded Saudi satirist Ghanem Al‑Masarir more than £3 million in damages after finding compelling evidence that his iPhone was compromised with NSO Group’s Pegasus spyware. The ruling concluded the hacking was directed or authorised by the...
UStrive Security Lapse Exposed Personal Data of Its Users, Including Children
UStrive, a nonprofit mentoring platform for students, fixed a security lapse that let any logged‑in user view personal data of others, including children. The flaw stemmed from a vulnerable Amazon‑hosted GraphQL endpoint, exposing at least 238,000 records containing names, emails,...
How a Hacking Campaign Targeted High-Profile Gmail and WhatsApp Users Across the Middle East
A WhatsApp‑delivered phishing campaign targeting high‑profile Gmail and WhatsApp users across the Middle East was uncovered after activist Nariman Gharib shared a malicious link. Researchers traced the attack to DuckDNS‑masked domains such as alex-fabow.online, which harvested credentials, two‑factor codes, and...
US Cargo Tech Company Publicly Exposed Its Shipping Systems and Customer Data to the Web
Bluspark Global, a U.S. shipping‑tech firm behind the Bluvoyix platform, left its API and customer data exposed to the public internet. Researchers discovered unauthenticated endpoints, plaintext passwords, and the ability to create admin accounts, granting access to decades‑old shipment records....
Man to Plead Guilty to Hacking US Supreme Court Filing System
Nicholas Moore, a 24‑year‑old from Springfield, Tennessee, is set to plead guilty to unauthorized access of the U.S. Supreme Court’s electronic filing system on 25 separate days between August and October 2023. Prosecutors allege he obtained information from a protected...
Fintech Firm Betterment Confirms Data Breach After Hackers Send Fake Crypto Scam Notification to Users
Betterment confirmed that hackers breached its systems on Jan 9 through a social‑engineering attack on third‑party platforms, exposing customers' names, emails, addresses, phone numbers and dates of birth. The intruders used the stolen data to send a fraudulent crypto‑investment notification promising...
Founder of Spyware Maker pcTattletale Pleads Guilty to Hacking and Advertising Surveillance Software
Bryan Fleming, founder of the U.S. spyware firm pcTattletale, entered a guilty plea in San Diego federal court to charges of computer hacking, illegal sale and advertising of surveillance software, and conspiracy. The case represents the first successful U.S. federal...
These Are the Cybersecurity Stories We Were Jealous of in 2025
TechCrunch’s year‑end roundup spotlights the most compelling cybersecurity stories it didn’t publish in 2025, ranging from high‑profile investigations to niche technical exposés. Highlights include The Washington Post revealing a secret UK court order forcing Apple to build a backdoor, The...
How a Spanish Virus Brought Google to Málaga
Bernardo Quintero finally identified the anonymous programmer behind the 1992 Virus Málaga, a harmless malware that sparked his fascination with cybersecurity. The discovery linked the virus to Antonio Enrique Astorga, who later became a teacher and left a lasting legacy....
US Insurance Giant Aflac Says Hackers Stole Personal and Health Data of 22.6 Million People
Aflac announced that hackers accessed personal and health information of 22.65 million customers, including Social Security numbers, medical records, and government IDs. The breach, disclosed in June, is linked to the Scattered Spider cyber‑criminal collective, which has been targeting insurers. Aflac’s...
Inside Uzbekistan’s Nationwide License Plate Surveillance System
Uzbekistan’s Ministry of Internal Affairs operates a national license‑plate‑reading system that monitors traffic with over a hundred high‑resolution cameras across the country. Security researcher Anurag Sen uncovered that the system’s web interface is publicly accessible without authentication, exposing GPS locations...
Hacks, Thefts, and Disruption: The Worst Data Breaches of 2025
TechCrunch’s 2025 cyber‑horror review highlights unprecedented breaches across government, enterprise and consumer sectors. The U.S. federal system faced multiple intrusions, culminating in the DOGE operation led by Elon Musk that accessed citizen records. ransomware gang Clop exploited a zero‑day in...
Cisco Says Chinese Hackers Are Exploiting Its Customers with a New Zero-Day
Cisco disclosed that Chinese‑linked hackers are exploiting a critical zero‑day vulnerability in its AsyncOS software, specifically targeting the Secure Email Gateway and Secure Email and Web Manager appliances. The flaw, active since at least November 2025, allows full device takeover and...
Hacking Group Says It’s Extorting Pornhub After Stealing Users’ Viewing Data
Scattered Lapsus$ Hunters, linked to the ShinyHunters gang, announced an extortion attempt against Pornhub after stealing personal data of premium members through a breach at analytics provider Mixpanel. The stolen information includes email addresses, location, and detailed viewing activity such...
Data Breach at Credit Check Giant 700Credit Affects at Least 5.6 Million
Credit‑check provider 700Credit disclosed a breach that compromised personal data of at least 5.6 million individuals, including names, addresses, dates of birth and Social Security numbers. The intrusion, traced to an unidentified actor, affected information collected from auto‑dealership customers between May...
Home Depot Exposed Access to Internal Systems for a Year, Says Researcher
A Home Depot employee inadvertently posted a private GitHub access token, exposing hundreds of internal source‑code repositories and cloud‑based order‑fulfillment and inventory systems for roughly a year. Security researcher Ben Zimmermann discovered the token in early November, tested its privileges,...
Flaw in Photo Booth Maker’s Website Exposes Customers’ Pictures
A security researcher discovered that Hama Film, a photo‑booth maker owned by Vibecast, left customer photos and videos publicly accessible due to a flaw in its file‑storage website. The issue was reported in October, but the company has not remedied...
Security Flaws in Freedom Chat App Exposed Users’ Phone Numbers and PINs
Freedom Chat, a secure‑messaging app launched in June, was found to expose users' phone numbers and PIN codes through two critical backend flaws. Researcher Eric Daigle demonstrated that nearly 2,000 phone numbers could be enumerated and that PINs were broadcast...
CEO of South Korean Retail Giant Coupang Resigns After Massive Data Breach
Coupang’s chief executive Park Dae‑jun resigned after a data breach that exposed personal information of roughly 34 million South Koreans, about half the nation’s population. The breach, which began in June and was only detected in November, was initially down‑played as...
Petco Takes Down Vetco Website After Exposing Customers’ Personal Information
Petco’s Vetco Clinics portal was partially taken offline after TechCrunch uncovered an insecure direct object reference (IDOR) that let anyone download PDF records containing owners' personal details and pet medical histories. The vulnerability exposed names, addresses, contact information, vaccination and...
