Mastodawn

The mystery around a cyberattack against Venezuela's state-run oil company last December deepens with the discovery this week of a "highly destructive" wiper that may have been used in the attack. Previous reports had indicated that the December attack was a ransomware incident. But the wipr found this week was compiled last September, and hard-coded into it is the domain for Petróleos de Venezuela (PDVSA) , the state-run oil company. The hard-coded domain means the attackers had designed their precision weapon to only destroy data on the oil company's systems, not on any other system outside the company's domain. My story is below. Please consider becoming a paid subscriber if you like my work.

https://www.zetter-zeroday.com/hwiper-targeting-venezuelas-state-oil-company-discovered/

Mystery Around Venezuelan Cyberattack Deepens, with New Discovery of "Highly Destructive" Wiper

The mystery around a cyberattack that struck Venezuela's state-owned oil company in December is growing, following an announcement by researchers this week that they had discovered a "highly destructive" wiper program that appears to have been designed to target the oil company and may have been used in the December

ZERO DAY

Kim Zetter Apr 9

Former Trenchant exec who stole exploits from his employer and sold them to a Russian broker says he was suffering depression & money troubles when he decided to sell the exploits. Also, new info reveals the nature of the work he did for an Australian intel agency before joining Trenchant. My story is linked below. Please consider becoming a paid subscriber if you like my work on this piece. It's 4,000 words and I'm making it available for free to everyone. But I can only do that because some subscribers have generously become paid subscribers.

https://www.zetter-zeroday.com/trenchant-exec-says-he-had-depression-money-troubles-when-he-decided-to-sell-zero-days-to-russian-buyer-also-new-info-reveals-nature-of-his-work-for-australian-intelligence-agency/?ref=zero-day-newsletter

The Sad Decline of Trenchant Exec Who Had Everything, Before Deciding to Steal and Sell Zero Days to Russian Buyer

Peter Joseph Williams, a former L3 Trenchant executive recently convicted of secretly selling zero-day exploits to a Russian broker, says he was suffering anxiety, burnout, years of depression, and financial difficulties when he decided to steal exploits from his US employer and sell them to the Russian buyer. Williams, who

ZERO DAY

Kim Zetter Mar 11

Iranian hacktivists hit US medical device maker Stryker with a "severe" attack that wiped systems and shut down global operations for the company. The hacktivist group, Handala, claim they hit the company in retaliation for the US bombing of a girls' school in Iran and that they struck more than 200,000 of Stryker's servers, systems and devices and remotely wiped many of them. https://www.zetter-zeroday.com/iranian-hacktivists-strike-medical-device-maker-stryker-in-severe-attack-that-wiped-systems/

Iranian Hacktivists Strike Medical Device Maker Stryker in "Severe" Attack that Wiped Systems

Stryker, a leading maker of medical devices, was hit early this morning with a cyberattack that has reportedly caused the company's systems to shut down globally. The company has acknowledged the attack and called it "severe" in communication with employees. A known Iranian hacktivist group named Handala posted messages on

ZERO DAY

Kim Zetter Feb 24

Peter Williams, the former Trenchant executive who stole zero-day exploits from his employer and sold them to a Russian exploit buyer between 2022-2025, was sentenced today to 7 years and 3 months in prison in a hearing that was partially closed to the public due to the sensitive nature of the tools he stole.

https://www.zetter-zeroday.com/trenchant-exec-who-sold-his-employers-zero-day-exploits-to-russian-buyer-sentenced-to-7-years-in-prison/

Trenchant Exec Who Sold His Employer's Zero-Day Exploits to Russian Buyer Sentenced to 7 Years in Prison

A former Trenchant executive who pleaded guilty last year to selling his company's software hacking tools to a zero-day broker in Russia was sentenced today to seven years and three months in federal prison. The US Treasury Department simultaneously announced today that it was sanctioning the owner of the Russian

ZERO DAY

Kim Zetter Feb 17

When a hacker who goes by the names "Waifu" and "Judische" began posting death threats against security researcher Allison Nixon, she had no idea why he targeted her. So she set out to unmask him. The quest led her to uncover the identity of Connor Riley Moucka, a 25-yr-old Canadian who was ringleader of the infamous Snowflake/AT&T hacks as well as Cameron John Wagenius (aka Kiberphant0m
online), an active-duty US Army soldier, who both were arrested. Here's my story, as well as a free link below that.

https://www.technologyreview.com/2026/02/16/1132526/allison-nixon-hackers-security-researcher

https://archive.is/20260216131016/https://www.technologyreview.com/2026/02/16/1132526/allison-nixon-hackers-security-researcher

Hackers made death threats against this security researcher. Big mistake.

Allison Nixon had helped arrest dozens of members of The Com — a loose affiliation of online groups responsible for violence and hacking campaigns. Then she became a target.

MIT Technology Review

Kim Zetter Jan 30

Polish grid systems targeted in December were wide open to attack, a new technical report from the Polish government reveals. Systems used default passwords and did not use multi-factor authentication. In some cases they also had outdated and unpatched software. Also, Polish investigators have found no evidence linking the attack to Russia's Sandworm hacking group, contrary to statements from security researchers. Instead, they attribute it to Berserk Bear, also a Russian group but one associated with the FSB instead of the GRU. Here's my story, which includes a link to the technical report.

https://www.zetter-zeroday.com/polish-grid-systems-targeted-in-cyberattack-had-little-security-per-new-report/

Polish Grid Systems Targeted in Cyberattack Had Little Security, Per New Report

The hackers behind a cyberattack that targeted Poland's grid infrastructure met little resistance when they hit systems at a heat-and-power plant and wind and solar farms last month. The intruders were able to easily access numerous systems at the affected facilities because the systems were configured with default usernames and

ZERO DAY

Kim Zetter Jan 28

The hackers behind a cyberattack that targeted Poland's grid infrastructure in December disabled communication devices for at least 30 sites across a number of energy facilities in different parts of the country. The attackers were able to render the communication devices --known as remote terminal units or RTUs -- not only inoperable but also unrecoverable. This new information, combined with my story last week that the attack used a wiper aimed at erasing IT systems, shows that the attack was a multi-pronged operation targeting both IT and OT systems. Nonetheless, researchers are calling this an opportunistic attack rather than a fully planned one

https://www.zetter-zeroday.com/attack-against-polands-grid-disrupted-communication-devices-at-about-30-sites/

Attack Against Poland's Grid Disrupted Communication Devices at About 30 Sites

ZERO DAY

Kim Zetter Jan 27

The Booz Allen tech contractor behind Treasury Department's unprecedented decision yesterday to cancel all 31 of its contracts with the consulting firm, took the job with Booz Allen - much like Edward Snowden before him - specifically to get access to IRS tax records of President Trump and leak them. And not only Trump's records, he stole the tax records of more than 400,000 other individual and corporate taxpayers -- leaking some of these to the media as well. All of this contributed to the Treasury decision yesterday. https://www.zetter-zeroday.com/booz-allen-tech-contractor-took-irs-job-specifically-to-leak-trumps-tax-records/

Booz Allen Tech Contractor Took IRS Job Specifically to Leak Trump's Tax Records

The US Treasury Department announced yesterday that it was canceling all contracts it holds with consulting firm Booz Allen Hamilton because the company failed to prevent one of its contractors from stealing and leaking tax records years ago when he was working on behalf of the firm for the Internal

ZERO DAY

Kim Zetter Jan 26

Metacurity Jan 26

Wow.

“Booz Allen failed to implement adequate safeguards to protect sensitive data, incl. the confidential taxpayer information it had access to through its contracts with the Internal Revenue Service.”

Treasury Cancels Contracts with Booz Allen Hamilton

https://home.treasury.gov/news/press-releases/sb0371

Kim Zetter Jan 23

Exclusive: A cyberattack targeting Poland's energy infrastructure in December used wiper malware that would have erased grid computers and rendered them inoperable had it not been thwarted, a researcher at @ESET told me. The researcher calls the attack "unprecedented" for Poland and "substantial."

https://www.zetter-zeroday.com/cyberattack-targeting-polands-energy-grid-used-a-wiper/

Cyberattack Targeting Poland’s Energy Grid Used a Wiper

A cyberattack that targeted power plants and other energy producers in Poland at the end of December used malware known as a “wiper” that was intended to erase computers and cause a power outage and other disruption to services, says European security firm ESET, which obtained a copy of the

ZERO DAY

Book	https://www.amazon.com/Countdown-Zero-Day-Stuxnet-Digital/dp/077043617X/ref=tmm_hrd_swatch_0?_encoding=UTF8&qid=&sr=
Zero Day news site	https://www.zetter-zeroday.com/
Twitter	https://twitter.com/KimZetter