The Cybersecurity Investigations We Couldn't Stop Reading in 2025

Every year, the tech journalism world produces exceptional cybersecurity reporting that deserves recognition. While we didn’t publish these stories ourselves, we found them too compelling to ignore — each one showcasing investigative excellence that others might envy. Here’s a rundown of the most impactful cybersecurity investigations from 2025 that captured our attention and reshaped how we think about security, privacy, and accountability.

The Personal Cost of Being a Cybersecurity Source

Some stories transcend typical tech journalism because they reveal the human element behind cybersecurity narratives. Shane Harris of The Atlantic documented an extraordinary months-long correspondence with a prominent hacker who claimed insider knowledge of major cyber operations, including attacks on critical infrastructure and international targets. What began as journalistic skepticism evolved into a compelling relationship. When the source’s death exposed the deeper truth behind their claims, Harris pieced together a narrative far more complex than originally presented. This investigation highlighted the real challenges and dangers that cybersecurity reporters face when cultivating high-level sources in the digital underworld.

When Tech Giants Face Secret Government Demands

The Washington Post’s January 2025 report on a secret U.K. court order demanding Apple create a backdoor into iCloud represented a watershed moment for digital rights. The order, hidden under a global gag order, required Apple to enable police access to encrypted user data. This was the first demand of its kind. The Post’s reporting forced the issue into public view, sparking a months-long diplomatic dispute between governments and prompting Apple to discontinue its opt-in end-to-end encrypted cloud storage service in the affected region. The story demonstrated how investigative journalism can expose surveillance overreach that would otherwise remain hidden from the public eye.

Unmasking the Teenager Behind a Notorious Hacker Collective

Brian Krebs, one of the industry’s most experienced cybersecurity reporters, conducted a methodical investigation that traced an online hacker alias back to a young perpetrator in Jordan. By following digital breadcrumbs, Krebs identified the individual behind the handle used by members of an advanced persistent threat group. His reporting included interviews with people close to the suspect and even the suspect himself, who reportedly confessed and claimed to be attempting to escape the cybercriminal lifestyle. The investigation exemplified how patient digital forensics and source development can expose even the most elusive online actors.

How a Little-Known Data Broker Enabled Mass Surveillance

404 Media’s investigative series exposed a massive warrantless surveillance program operating in plain sight. The Airlines Reporting Corporation — a data broker established by the airline industry — had been selling access to five billion flight records and travel itineraries, including passenger names and financial information, to federal agencies including ICE and the State Department. Journalists used their reporting to apply public and legislative pressure, ultimately forcing the company to shut down the warrantless data access program. This story demonstrated the power of independent media to uncover and dismantle systems of mass surveillance.

The Underground World of Phone Location Tracking

Mother Jones discovered an exposed database from a mysterious surveillance company containing tracked location data on thousands of individuals worldwide, spanning from 2007 through 2015. The dataset revealed how malicious actors exploited SS7 (Signalling System No. 7), an obscure telecommunications protocol, to track phone locations of high-profile targets globally. The investigation mapped a shadowy ecosystem of phone surveillance that operates largely outside public awareness or regulatory oversight.

Investigating Mass Hoax Emergency Calls Targeting Schools

Wired’s investigation into nationwide “swatting” attacks examined the real human cost of this growing threat. By profiling the perpetrators, the call center operators dealing with false reports, and the investigators tracking the attackers, the story revealed how hoax emergency calls have evolved from pranks into genuine public safety crises. One prolific attacker, known as Torswats, conducted sustained campaigns against schools and operators across the country, while security researchers worked independently to identify and expose the perpetrator behind the threat.

Why These Stories Matter

The investigations that stood out in 2025 shared a common thread: they exposed hidden systems, held powerful institutions accountable, and required months of dedicated reporting. While we might envy the access these journalists achieved and the impacts their work generated, these stories remind us why rigorous cybersecurity journalism remains essential. Each investigation unraveled something the public needed to know — from government overreach to corporate data exploitation to evolving criminal tactics. As digital threats grow more sophisticated, the work of exposing them becomes ever more critical.