The standout cybersecurity investigations of 2025 we admired elsewhere

TL;DR

TechCrunch rounded up investigative cybersecurity reporting from other outlets that stood out in 2025, highlighting stories about state hacking, secret surveillance demands, data brokers, and criminal exposés. The compilation points to recurring themes: government access to data, weak operational security, and investigative journalism driving tangible outcomes.

What happened

TechCrunch published a year-end roundup of notable cybersecurity investigations run by other news organizations in 2025. The list included The Atlantic’s reporting on a months-long correspondence between a reporter and an Iranian hacker who later died; The Washington Post’s revelation of a secret U.K. court order seeking an Apple backdoor and Apple’s subsequent decision to stop offering a U.K. opt-in encrypted cloud option; and The Atlantic editor Jeffrey Goldberg’s accidental placement in a Signal group containing senior U.S. officials discussing military plans. Other pieces cited were Brian Krebs’s identification of a hacker tied to the Scattered LAPSUS$ Hunters group, 404 Media’s exposure of an Airlines Reporting Corporation program selling access to five billion flight records (which the company said it would shut down), Wired’s hands-on examination of 3D-printed "ghost" guns tied to a high-profile killing, Mother Jones’s discovery of a leaked phone-tracking dataset, NPR’s whistleblower reporting on a federal data-access effort dubbed DOGE, and Wired’s investigation of swatting campaigns against schools.

Why it matters

• Investigations revealed how easily sensitive data and communications can be exposed, whether through government orders, data brokers, or technical vulnerabilities.
• Reporting led to concrete industry responses, such as Apple’s policy change in the U.K. and the Airlines Reporting Corporation announcing a shutdown of a warrantless data program.
• Stories highlighted failures in operational security at high levels, with implications for national security and public accountability.
• Coverage put pressure on agencies and private companies, demonstrating the role of investigative journalism in prompting policy and behavioral changes.

Key facts

• TechCrunch compiled a subjective list of exemplary cybersecurity investigations published by other outlets in 2025.
• The Atlantic’s Shane Harris detailed months-long contact with a person claiming to be an Iranian intelligence hacker who later died.
• The Washington Post published a story revealing a secret U.K. court order that sought to compel Apple to build access to iCloud data globally.
• Apple stopped offering its opt-in end-to-end encrypted cloud storage option to U.K. customers after the court order surfaced.
• Jeffrey Goldberg of The Atlantic was accidentally added to a Signal group of senior U.S. officials discussing war plans, a lapse that became a foundation for reporting on government OPSEC failures.
• Brian Krebs identified the real person behind an online handle tied to the Scattered LAPSUS$ Hunters group and reported that the individual confessed.
• 404 Media exposed that the Airlines Reporting Corporation had a program selling access to around five billion flight records; ARC said it would close the warrantless data program.
• Wired built a 3D-printed firearm to explore legal and technical questions about "ghost guns" after a killing linked to an alleged 3D-printed weapon.
• Mother Jones found an exposed dataset from a surveillance company called First Wap containing phone-tracking records on thousands of people.
• NPR reported a federal whistleblower’s account of a unit called DOGE allegedly accessing sensitive government data and the threats the whistleblower faced.

What to watch next

• Whether the U.K. government revisits or modifies legal demands for access to encrypted cloud data after the diplomatic exchanges reported (ongoing, noted that Downing Street dropped the request then attempted again).
• Implementation and oversight of the Airlines Reporting Corporation’s pledge to shut down its warrantless data program and any follow-up enforcement actions.
• Investigations or legal proceedings tied to the alleged use of 3D-printed "ghost" guns and any regulatory responses to such weapons (not confirmed in the source).
• Further developments in federal inquiries into DOGE or other programs that sought broader access to government-held or personal data (not confirmed in the source).

Quick glossary

• End-to-end encryption: A method of securing communications so that only the communicating users can read the messages; service providers cannot access the plaintext.
• Backdoor: A way to bypass normal authentication or encryption, often sought by governments to access data stored or transmitted by a service.
• Swatting: A hoax in which someone deceives emergency services into sending armed responders to an innocent person's location by reporting a violent or life-threatening incident.
• Ghost gun: A firearm that is privately manufactured or assembled without serial numbers and typically not subject to standard background checks or registration.
• Data broker: A company that collects, aggregates, and sells personal information about individuals, often compiling it from multiple sources.

Reader FAQ

Did Apple comply with the U.K. court order?
The source reports Apple stopped offering its opt-in end-to-end encrypted cloud storage to U.K. customers after the order surfaced.

Was the Airlines Reporting Corporation program shut down?
The source says ARC announced it would shut down the warrantless data program after reporting by 404 Media.

Did investigative reporting have real-world consequences?
Yes — according to the roundup, reporting prompted company policy changes and the announced closure of at least one data program.

Was there confirmation that the Iranian hacker was killed?
Yes — The Atlantic’s reporting as summarized in the roundup states the hacker later died.

Are future regulatory or legal outcomes from these stories settled?
Not confirmed in the source.

It’s the end of the year. That means it’s time for us to celebrate the best cybersecurity stories we didn’t publish. Since 2023, TechCrunch has looked back at the best…

Sources

• These are the cybersecurity stories we were jealous of in 2025
• 5 must-read cybersecurity stories of 2025
• Top Cybersecurity Companies in USA 2025 (Reviewed)
• Cybersecurity 2025: Wake-up calls, shifting risks and lessons

Related posts

• US Trade Dominance Is Poised to Erode as Tariff Battles Intensify
• ‘We Ain’t Seen Nothing Yet’ — Trump’s Mass Deportations Will Grow From Here
• IT team forced to camp in office after boss’s side-project Y2K screensaver fails