The Cybersecurity Stories That Captured Our Attention in 2025

As we wrap up another year, it’s worth taking stock of the cybersecurity reporting that stood out — the investigations that exposed hidden threats, the sources who risked everything to tell the truth, and the systemic vulnerabilities that made headlines for all the right reasons.

For years now, cybersecurity journalism has expanded dramatically. Dozens of talented reporters are digging into stories about hacking, privacy breaches, and surveillance systems every single week. Some of the best work happens outside the traditional tech press. Here’s our rundown of the stories that deserved far more attention than they received.

A Journalist’s Secret Correspondence With an Iranian State Hacker — Before He Vanished

One of the year’s most gripping cybersecurity narratives came from a reporter who spent months exchanging messages with someone claiming to be a top operative in Iran’s intelligence hacking apparatus. The source alleged involvement in major operations — including the downing of a U.S. drone and a devastating attack on Saudi Aramco that wiped company systems clean.

Initially skeptical, the journalist watched as the story evolved. The hacker revealed his true identity, and the details checked out. But then everything changed. When the source went silent permanently, the journalist pieced together what had actually happened — a story more remarkable than anything the hacker had initially claimed.

This account serves as a rare window into how cybersecurity reporters cultivate and verify sources in the underground hacking world, where trust is fragile and stakes are life-or-death.

Encrypted iCloud Data: The Secret Court Order Apple Tried to Hide

In early 2025, a bombshell reporting revealed that a major tech company had been handed a sealed court order demanding it build surveillance infrastructure into encrypted cloud storage. The directive came from an English-speaking government and included a worldwide gag order — meaning the public would never have known it existed.

A major news outlet broke the story anyway. The demand represented a historic shift in the encryption wars: governments were no longer just asking for backdoors in concept, they were demanding them in practice, with legal force.

The targeted tech giant’s response? It pulled end-to-end encryption for users in that jurisdiction entirely, effectively surrendering rather than comply. The revelation sparked months of diplomatic tension and forced public scrutiny of surveillance authority that had previously operated in complete darkness.

When Government War Room Secrets Leaked Over Unencrypted Chat

Picture this: a journalist gets added to a group chat by accident. Within hours, he’s reading real-time military strategy discussions from senior defense officials — complete with operational planning, target locations, and tactical assessments.

The officials thought they were secure. They were catastrophically wrong. The breach exposed not just careless communication practices, but fundamental operational security failures at the highest levels of government. The journalist’s decision to report what he saw triggered months of investigations into how easily classified military discussions had been exposed to an outsider.

This story became emblematic of how even the most secure-minded institutions can fail spectacularly at the basics of information protection.

The Hacker Teenager Behind a Notorious Cybercrime Collective

One of cybersecurity’s most experienced investigators spent months following digital breadcrumbs to unmask the real identity of a prolific hacker operating under an alias. The target was part of an advanced persistent threat group known for coordinated attacks across multiple sectors.

Through careful research and source development, the reporter eventually made contact not just with people close to the hacker, but with the hacker himself — who confessed and claimed he was trying to escape the criminal underworld.

The investigation highlighted how modern threat actors often turn out to be younger than expected, and how personal motivations can shift even among those deeply embedded in cybercriminal ecosystems.

Airlines’ Massive Surveillance Program Gets Shut Down

An independent news outlet did what most mainstream media couldn’t: it took down an entire surveillance infrastructure operating in plain sight. The target was a data-sharing program run by a consortium of major airlines that had been selling access to billions of flight records to government agencies — including names, financial details, and itineraries of ordinary travelers.

Five billion flight records. Names. Payment information. All available to federal agencies without warrants.

Only after months of intense reporting and political pressure did the program’s operators agree to shut down the warrantless data sales. It’s a rare example of impact journalism forcing institutional change on privacy grounds.

The Hunt for Those Behind Fake Emergency Calls

Swatting — the practice of making false emergency calls to send armed police to someone’s location — has evolved from a hacker prank into a genuine public safety crisis. One long-form investigation profiled both the victims and perpetrators of this phenomenon, giving voices to 911 operators, school administrators, and the prolific attackers themselves.

The reporting documented how a single operator made hundreds of convincing false threats targeting schools across the country, tormenting communities and emergency services. It also followed the hackers who eventually tracked down and exposed the perpetrator.

Exposing the Shadow World of Cell Phone Tracking

A journalist discovered an exposed database containing thousands of phone tracking records spanning nearly a decade. The dataset revealed that high-profile figures worldwide — from political figures to Hollywood actors to Vatican adversaries — had their locations secretly monitored through an obscure telecommunications protocol.

The revelation exposed how outdated infrastructure in global phone networks creates persistent surveillance vulnerabilities that can be exploited by determined attackers with minimal technical barriers to entry.

The common thread running through these stories? They all revealed how the systems we depend on — from government communications to airline databases to encrypted messaging apps — contain fundamental vulnerabilities that nobody wants to acknowledge until they’re exposed publicly. The best cybersecurity journalism forces that reckoning.