#cybersecurity

#cybersecurity

It's the end of the year. That means it's time for us to celebrate the best cybersecurity stories we didn't publish. Since 2023, TechCrunch has looked back at the best stories across the board from the year in cybersecurity. If you're not familiar, the idea is simple. There are now dozens of journalists who cover cybersecurity in the English language. There are a lot of stories about cybersecurity, privacy, and surveillance that are published every week.

After 33 years, Bernardo Quintero decided it was time to find the person who changed his life the anonymous programmer who created a computer virus that had infected his university decades earlier. The virus, called Virus Malaga, was mostly harmless. But the challenge of defeating it sparked Quintero's passion for cybersecurity, eventually leading him to found VirusTotal, a startup that Google acquired in 2012. That acquisition brought Google's flagship European cybersecurity center to Malaga, transforming the Spanish city into a tech hub.

Investors are concerned with future stock performance over the next one, five, or 10 years. While most Wall Street analysts will calculate 12-month forward projections, it is clear that nobody has a consistent crystal ball, and plenty of unforeseen circumstances can render even near-term projections irrelevant. 24/7 Wall St. aims to present some further-looking insights based on CrowdStrike's own numbers, along with business and market development information that may be of help with your own research.

The livestream was hosted by @RealMattMoney, who can be seen in a Bloomberg screenshot - see below - on the White House's "Live News" section sitting at a typical streaming setup, and wearing gaming headphones and a dark gray t-shirt. An overlay shows his stream chat, where viewers praise his analysis. Beneath the video window, the stream's title, displayed in elegant White House font, promises there will be "no mid-stream ads," plus a little descriptor offering a $10 discount if you click a link for "StreamYard."

But what would happen if such a technology were to land in the hands of terrorists and criminals, who aren't beholden to the norms of modern warfare at all? In a new report, pan-European police agency Europol's Innovation Lab has imagined a not-so-distant future in which criminals could hijack autonomous vehicles, drones, and humanoid robots to sow chaos - and how law enforcement will have to step up as a result.

The livestream of a YouTube content creator talking about investments mysteriously appeared to take over a White House website, raising questions about whether the site was hacked. The livestream appeared for at least eight minutes late Thursday on whitehouse.gov/live, where the White House usually streams live video of the president speaking. It's unclear if the website was breached or the video was linked accidentally by someone in the government. The White House said in a statement that it was aware and looking into what happened.

OpenAI has released GPT-5.2-Codex, a new version of its agentic AI model for software development that focuses specifically on professional software engineering and cybersecurity. The model builds on GPT-5.2 but has been further optimized to work independently within complex development environments. With this release, OpenAI is positioning Codex not just as a programming assistant but as a broader support technology for the entire software development process.

As reported in Chinese state media, tests of the network saw it shift 72 terabytes of data in 1.6 hours, across a distance of around 1,000 km between a radio telescope in Guizhou province and a university in Hubei. We think that's almost 100 Gbit/s, an impressive feat for a sustained long-distance data transfer even if it took place in a controlled environment.

A warning for WhatsApp users: cybercriminals have discovered an alarmingly simple way to access a user's conversations in real time by manipulating the app's device pairing or linking routine.

Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging. At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

Steve Schmidt, the chief security officer at Amazon, says his team has identified and blocked more than 1,800 attempts by North Korea to secure IT roles at the tech giant. He warns that this scheme is becoming more prevalent across the technology industry as the nation-state actor targets the lucrative salaries of generative artificial intelligence and machine learning jobs, and the troves of valuable data such workers have access to.

Technology plays an important role in how businesses operate, communicate, and deliver services. As systems become more advanced, many companies find themselves facing IT challenges that disrupt daily work, affect productivity, and impact customer experience. Believe it or not, these issues aren't limited to large organisations, as small and medium-sized businesses often feel the pressure even more, especially when IT responsibilities fall on already busy teams.

"SoundCloud recently detected unauthorized activity in an ancillary service dashboard," opens a Monday post from the company. "Upon making this discovery, we immediately activated our incident response protocols and promptly contained the activity. We also engaged leading third-party cybersecurity experts to assist in a thorough investigation and response." Not long after SoundCloud and its hired help contained the incident, the site became the subject of multiple denial of service attacks.

As the rest of the world rushes to harness the power of artificial intelligence, militant groups also are experimenting with the technology, even if they aren't sure exactly what to do with it. For extremist organizations, AI could be a powerful tool for recruiting new members, churning out realistic deepfake images and refining their cyberattacks, national security experts and spy agencies have warned.

The new chief of MI6, Blaise Metreweli, will warn of "the acute threat posed by Russia" when she makes her first public speech later. She will highlight so-called hybrid warfare, which includes incidents such as cyber attacks and drones suspected of being launched near critical infrastructure by Russian proxies. Ms Metreweli will describe this as "an acute threat posed by an aggressive, expansionist and revisionist Russia".

When the library system's IT department detected suspicious activity on one of the library's servers Thursday morning, staff immediately "turned off the server in the middle of this happening," as well as shut down all remote access to the library's computer systems, library director Todd Dunkelberg said. "That stopped all activity," Dunkelberg said Friday about the cyberattack, which was first reported by KTVZ, as well as Oregon Public Broadcasting.

Bacon wrote, This means the top two positions at NSA and the four-star commander at Cyber Command will remain vacant for 8 months and counting. We are at Cyber War every day, and the inability to get leaders in place is gross negligence. Bacon went on to blame the chaos on infighting in the White House and the involvement of whacky Laura Loomer in hiring.

LastPass failed customers and fell short on expectations that the company would employ robust measures to protect personal data. Password managers are a safe and effective tool for businesses and the public to manage their numerous login details and we continue to encourage their use, he said. However, as is clear from this incident, businesses offering these services should ensure that system access and use is restricted to ensure risks of attack are significantly reduced,

Despite overwhelming focus on the Department of Homeland Security's handling of immigration enforcement, a Thursday hearing on worldwide threats targeting the U.S. did feature some insights into the biggest cybersecurity challenges facing the nation. DHS Secretary Kristi Noem, National Counterterrorism Center Director Joe Kent and FBI National Security Branch operations chief Michael Glasheen testified before the House Homeland Security Committee in the annual hearing meant to discuss terrorism, cybersecurity, drones and other matters that concern Americans' security.

The retail giant, often compared to Amazon for its dominance in South Korean e-commerce and logistics, last month revealed details of a data breach affecting close to 34 million people. The breach allegedly began in June but wasn't noticed until November, when Coupang initially said over 4,500 customers had their data stolen. The company later revised that figure dramatically upward.

In December 2011, the CIA lost control of a stealth drone near the Iranian city of Kashmar, about 140 miles from the Afghanistan border, and it wound up in the regime's possession. On state television, the Iranian military displayed the boomerang-shaped craft like a trophy. Triumphant banners beneath its 30-foot wings said, in Farsi, THE US CAN'T MESS WITH US and WE'LL CRUSH AMERICA UNDERFOOT.

Cloudflare says it has fixed an outage that took down several websites and apps, including Zoom, LinkedIn, Shopify and Fortnite, early on Friday, in the latest major glitch involving the web traffic management giant whose shares dipped in premarket trading. Another Cloudflare outage took down several websites and apps early on Friday morning. An update on Cloudflare's status page said the nearly half-hour-long outage was the result of "issues with Cloudflare Dashboard and related APIs."

The big picture: Hassabis in May had predicted AI that meets or exceeds human capabilities - artificial general intelligence, or AGI - could come by 2030. What they're saying: In an interview with Axios' Mike Allen, Hassabis assessed the risk from a number of "catastrophic outcomes" of AI misuse as the technology develops, particularly "energy or water cyberterror." "That's probably almost already happening now, I would say, maybe not with very sophisticated AI yet, but I think that's the most obvious vulnerable vector," he said.

Case in point: Palo Alto finalized a $25 billion deal to buy Israeli cybersecurity firm CyberArk in July, giving the Silicon Valley firm access to a leader in the identity security and management space for people, machines and AI agents. The deal highlights how, regardless of how good an AI model is, no one can win the AI race without solid supporting services.

Speaking on 3 December at the Financial Times Cyber Resilience Summit 2025, security minister Dan Jarvis said: "We've heard the criticisms about the Computer Misuse Act, and how it can leave many cyber security experts feeling constrained in the activity that they can undertake. These researchers play an important role in increasing the resilience of UK systems, and securing them from unknown vulnerabilities."

Quietly launched earlier this year, Share and Defend collates data gleaned from public reports made to the NCSC, industry threat intelligence experts, protective domain name service (PDNS) providers and takedown actions. These datasets are then shared with internet service provider (ISP) partners, which in turn filter them through their own DNS platforms to stop their customers from accessing malicious websites.

The Communications Ministry said in a Wednesday statement that the "[g]overnment has decided not to make the pre-installation mandatory for mobile manufacturers." "The app is secure and purely meant to help citizens from bad actors in the cyber world," the statement said, adding that it was dropping the directive because the app was becoming very popular anyway, with 600,000 downloads of the app, called Sanchar Saathi ("communication partner"), since Tuesday.