Cybersecurity Surveillance & Encryption Policy (2025)

The Cybersecurity Stories That Defined 2025: Hacks, Surveillance, and High-Stakes Reporting

A look at 2025’s most striking cybersecurity stories—from encryption backdoors and Signal leaks to flight-data surveillance and swatting.

A
·
Ad
Close-up, dark, grainy shot of many rolled-up newspapers standing upright, with some text visible on their surfaces.
A dark and grainy close-up shows numerous rolled-up newspapers, some with visible headlines and articles.
Table of contents

Cybersecurity didn’t just shape the headlines in 2025—it shaped politics, policing, aviation, and even the most basic assumptions people have about privacy. Some of the year’s most memorable revelations weren’t about a new malware strain or a record-breaking breach, but about how power gets exercised through data: who can access it, how it’s obtained, and what happens when security practices fail.

Below is a guided tour through several standout cybersecurity and surveillance stories from across the media landscape, along with the key themes that made them resonate: source cultivation in hostile environments, government pressure on encryption, the real-world consequences of operational security mistakes, and the sprawling data economy that enables tracking at scale.

When a hacker story reads like espionage fiction

Some cybersecurity stories immediately feel cinematic, not because they exaggerate the stakes, but because the stakes are inherently human—trust, deception, vulnerability, and sometimes death. That’s what made Shane Harris’ account of corresponding with a senior Iranian hacker so gripping.

Harris described how, back in 2016, he began communicating with someone who claimed to be a hacker working for Iran’s intelligence services. The person said he had participated in high-profile operations, including the downing of an American drone and the notorious Saudi Aramco incident in which Iranian hackers wiped the oil giant’s computers. Skepticism was warranted—cyber sources can embellish, mislead, or run influence operations—but over time, Harris reported that details accumulated in a way that made the claims harder to dismiss.

Eventually, the source provided his real name. After the hacker died, Harris was able to assemble what had really happened, and the resulting narrative was, by Harris’ telling, even more surprising than the version the hacker had shared during their correspondence.

Beyond the plot, the story highlighted a constant challenge for cybersecurity reporters: verifying claims in a domain where evidence can be technically complex, politically dangerous, and intentionally obscured. In cyber reporting, a source can be both a critical guide and a potential trap—especially when intelligence services are part of the backdrop.

A secret U.K. demand that put Apple’s encryption stance to the test

One of the year’s most consequential privacy stories centered on a question that has haunted the tech industry for more than a decade: can a government force a company to break its own encryption promises?

The Washington Post reported that in January the U.K. government secretly served Apple with a court order demanding the company build a back door that would allow police to access iCloud data of any customer worldwide. The order came with a worldwide gag provision—meaning the public wouldn’t have known about it at all without the reporting.

The implications were enormous. If one country can quietly compel a mechanism to access encrypted data at a global scale, the precedent would not remain local. It could reshape how privacy commitments are viewed across borders, and it could force companies to choose between operating in a market and protecting security for all users.

Following the demand, Apple stopped offering its opt-in end-to-end encrypted cloud storage in the U.K. The disclosure also sparked a prolonged diplomatic dispute between the U.K. and the United States, and the public scrutiny reportedly led Downing Street to drop the request—before attempting again months later.

Even without broader technical details, the core tension is clear: end-to-end encryption is designed so that even the provider can’t access the data. Governments often argue that lawful access is necessary for criminal investigations, while security experts warn that “back doors” are inherently vulnerable—usable not just by police, but also by attackers who discover or steal them.

The year’s most unforgettable headline: war plans in a Signal group chat

Operational security failures usually become public through leaks, breaches, or investigations long after the fact. But one of 2025’s most surreal security stories unfolded in near real time.

The Atlantic’s editor-in-chief reported that he was inadvertently added to a Signal group chat involving senior U.S. government officials. According to the report, the officials discussed war plans on their phones—until the editor-in-chief realized the conversation appeared authentic and, soon after, saw real-world news coverage that aligned with what was being discussed.

The reporting triggered months of scrutiny into government operational security practices. The episode was characterized as the biggest government opsec mistake in history, and the fallout widened as additional reporting pointed to risky tooling decisions—such as the use of a knock-off Signal clone that was later compromised. Another layer of the broader saga involved reporting on how a Signal clone used by Trump administration officials was hacked, raising further questions about whether supposedly secure communications were anything but.

At a high level, the case underscored a basic cybersecurity lesson: encryption isn’t magic if access control fails. Secure apps can’t protect conversations if the wrong person gets invited, if devices are mishandled, or if an insecure “clone” replaces the tool people think they’re using.

Unmasking “Rey”: digging into Scattered LAPSUS$ Hunters

Attribution—figuring out who is behind an online persona—remains one of the hardest and most impactful parts of cybercrime reporting. Veteran journalist Brian Krebs has built a reputation around following small clues, and in 2025 he published a notable example of that craft.

Krebs reported that he identified the person behind the handle “Rey,” described as an admin connected to a cybercrime group calling itself Scattered LAPSUS$ Hunters—portrayed as an “advanced persistent teenagers” group.

What made the story stand out wasn’t only the identification. Krebs’ reporting also included conversations with someone close to the hacker and later the hacker himself, who admitted to criminal activity and said he was trying to get out of the cybercrime world.

The larger theme is one that keeps repeating in cybercrime coverage: the barrier to entry for certain forms of hacking and fraud has dropped, while the social dynamics—status, community, bragging rights, coercion—can pull very young people into serious crimes. The “teenage hacker” trope persists because it keeps being real, and because online ecosystems can accelerate escalation from mischief to major harm.

The airline data broker selling 5 billion flight records to the government

Cybersecurity isn’t only about hacking—it’s also about how data moves legally, quietly, and at scale. Few stories demonstrated that better than 404 Media’s reporting on airline travel surveillance.

In a major investigation, 404 Media revealed a program that sold access to massive volumes of flight records used by federal agencies. The reporting described a little-known data broker created by the airline industry called the Airlines Reporting Corporation, which was said to be selling access to 5 billion plane tickets and travel itineraries, including names and financial details of ordinary Americans.

According to the report, this access enabled government agencies such as ICE, the State Department, and the IRS to track people without a warrant. The Airlines Reporting Corporation—owned by United, American, Delta, Southwest, JetBlue, and other airlines—said it would shut down the warrantless data program after months of 404 Media’s reporting and growing pressure from lawmakers.

This story also served as a reminder that “surveillance” is often not a single spy agency running a single tool. It can be a supply chain: data gathered for commerce, packaged by brokers, and purchased or accessed by the state—sometimes with far less transparency than direct government collection would require.

Testing the reality of 3D-printed “ghost guns”

Digital culture increasingly collides with physical risk, and few areas illustrate that like 3D-printed weapons. Wired revisited that territory in a chilling piece tied to a major criminal case.

The killing of UnitedHealthcare CEO Brian Thompson in December 2024 remained a major story into the following year. Luigi Mangione, identified as the chief suspect, was arrested and indicted on charges tied to using a “ghost gun”—a 3D-printed firearm with no serial numbers, privately made without a background check, and effectively unknown to the government as a distinct registered weapon.

Drawing on its earlier experience reporting on the topic—such as Wired’s past work on building an untraceable AR-15-style ghost gun—the outlet set out to see how feasible it would be to recreate the kind of 3D-printed gun allegedly used. Wired’s detailed account of the build-and-test process explored not only the technical steps, but also the messy legal and ethical terrain around ghost guns.

The broader cybersecurity relevance here is that “security” problems increasingly include the spread of high-risk instructions and designs through online communities. Files, forums, and digital distribution models can alter real-world safety—sometimes faster than laws or enforcement can respond.

NPR and the whistleblower story about DOGE and sensitive government data

Cybersecurity is as much about internal controls and governance as it is about external attackers. NPR’s investigative reporting traced that theme through the Department of Government Efficiency (DOGE), a major running story of the year.

NPR reported on federal workers resisting efforts to access sensitive government data, describing how DOGE, framed as “the gang of Elon Musk’s lackeys,” moved through federal systems while tearing down protocols and red tape.

In a particularly alarming detail, NPR recounted an official whistleblower disclosure shared with members of Congress involving a senior IT employee at the National Labor Relations Board. While the employee sought help investigating DOGE activity, he reportedly “found a printed letter in an envelope taped to his door, which included threatening language, sensitive personal information and overhead pictures of him walking his dog, according to the cover letter attached to his official disclosure.”

That detail underscores a risk that is often underappreciated: when cybersecurity disputes become politicized, the pressure can shift from technical arguments to intimidation—especially for insiders who try to document or slow questionable access.

A leaked phone-tracking dataset and the long shadow of SS7

Location tracking is frequently marketed as a consumer convenience, but it can also become a surveillance weapon—especially when telecom infrastructure is involved. Mother Jones published a striking investigation into an exposed dataset connected to a surveillance company called First Wap.

The reporting followed journalist Gabriel Geiger, who described stumbling onto something unsettling, and ultimately dug into records covering thousands of people worldwide whose phone locations had been tracked. The dataset spanned 2007 through 2015 and enabled identification of numerous high-profile individuals, including a former Syrian first lady, the head of a private military contractor, a Hollywood actor, and an enemy of the Vatican.

The story also spotlighted Signaling System No. 7 (SS7), a long-criticized telecom protocol that can be abused for tracking. The significance for readers is sobering: even without installing spyware on a phone, certain parts of the global phone network have historically offered pathways for adversarial tracking if exploited by capable actors.

Inside the investigation into school “swatting” attacks

Cyber-enabled threats don’t always look like cyberattacks. Sometimes the “payload” is fear—and armed police arriving at the wrong door. Swatting has been a long-running menace, evolving from online harassment into a pattern of credible threats that can lead to severe consequences, including at least one death.

In a feature on a wave of attacks targeting schools, Wired’s Andy Greenberg examined the people caught in the middle of these hoaxes, including call operators forced to treat each report as potentially real. The story also profiled a prolific swatter known as Torswats, who spent months making fake—but convincing—threats aimed at schools nationwide, and described the parallel efforts of a hacker who tried to track the swatter down.

The cybersecurity takeaway is that identity and communications systems—caller ID, VOIP infrastructure, emergency dispatch workflows—can be exploited to trigger real-world violence or panic. And because the threat is mediated through trusted public institutions, the psychological and societal impact can be disproportionately large.

Conclusion

Across these stories, 2025’s defining cybersecurity thread was less about a single breach and more about exposure—of surveillance markets, of government pressure campaigns, of operational security failures, and of the human costs that follow. Together, they show why cybersecurity reporting matters: it can surface hidden systems, force public accountability, and clarify how digital decisions ripple into everyday life.

Attribution: This article is based on reporting originally published by TechCrunch.

Based on reporting originally published by TechCrunch. See the sources section below.

Sources

Ad

You might also like