Kim Zetter

@[email protected]
12.5K Followers
530 Following
392 Posts
Journalist - cybersecurity/national security. Author COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World's First Digital Weapon. Speaker/Signal. Newsletter is called Zero Day. Find it here: https://www.zetter-zeroday.com/. Become a paid subscriber to help support my independent journalism.
Bookhttps://www.amazon.com/Countdown-Zero-Day-Stuxnet-Digital/dp/077043617X/ref=tmm_hrd_swatch_0?_encoding=UTF8&qid=&sr=
Zero Day news sitehttps://www.zetter-zeroday.com/
Twitterhttps://twitter.com/KimZetter
Show threadKim ZetterApr 10

@mushroom_man @zackwhittaker

Brilliant. Thank you for making my morning

Kim ZetterApr 9

Former Trenchant exec who stole exploits from his employer and sold them to a Russian broker says he was suffering depression & money troubles when he decided to sell the exploits. Also, new info reveals the nature of the work he did for an Australian intel agency before joining Trenchant. My story is linked below. Please consider becoming a paid subscriber if you like my work on this piece. It's 4,000 words and I'm making it available for free to everyone. But I can only do that because some subscribers have generously become paid subscribers.

https://www.zetter-zeroday.com/trenchant-exec-says-he-had-depression-money-troubles-when-he-decided-to-sell-zero-days-to-russian-buyer-also-new-info-reveals-nature-of-his-work-for-australian-intelligence-agency/?ref=zero-day-newsletter

The Sad Decline of Trenchant Exec Who Had Everything, Before Deciding to Steal and Sell Zero Days to Russian Buyer

Peter Joseph Williams, a former L3 Trenchant executive recently convicted of secretly selling zero-day exploits to a Russian broker, says he was suffering anxiety, burnout, years of depression, and financial difficulties when he decided to steal exploits from his US employer and sell them to the Russian buyer. Williams, who

ZERO DAY
Kim ZetterMar 11
Iranian hacktivists hit US medical device maker Stryker with a "severe" attack that wiped systems and shut down global operations for the company. The hacktivist group, Handala, claim they hit the company in retaliation for the US bombing of a girls' school in Iran and that they struck more than 200,000 of Stryker's servers, systems and devices and remotely wiped many of them. https://www.zetter-zeroday.com/iranian-hacktivists-strike-medical-device-maker-stryker-in-severe-attack-that-wiped-systems/
Iranian Hacktivists Strike Medical Device Maker Stryker in "Severe" Attack that Wiped Systems

Stryker, a leading maker of medical devices, was hit early this morning with a cyberattack that has reportedly caused the company's systems to shut down globally. The company has acknowledged the attack and called it "severe" in communication with employees. A known Iranian hacktivist group named Handala posted messages on

ZERO DAY
Kim ZetterFeb 24

Peter Williams, the former Trenchant executive who stole zero-day exploits from his employer and sold them to a Russian exploit buyer between 2022-2025, was sentenced today to 7 years and 3 months in prison in a hearing that was partially closed to the public due to the sensitive nature of the tools he stole.

https://www.zetter-zeroday.com/trenchant-exec-who-sold-his-employers-zero-day-exploits-to-russian-buyer-sentenced-to-7-years-in-prison/

Trenchant Exec Who Sold His Employer's Zero-Day Exploits to Russian Buyer Sentenced to 7 Years in Prison

A former Trenchant executive who pleaded guilty last year to selling his company's software hacking tools to a zero-day broker in Russia was sentenced today to seven years and three months in federal prison. The US Treasury Department simultaneously announced today that it was sanctioning the owner of the Russian

ZERO DAY
Show threadKim ZetterFeb 18
@starluna I haven't heard this from anyone else
Kim ZetterFeb 17

When a hacker who goes by the names "Waifu" and "Judische" began posting death threats against security researcher Allison Nixon, she had no idea why he targeted her. So she set out to unmask him. The quest led her to uncover the identity of Connor Riley Moucka, a 25-yr-old Canadian who was ringleader of the infamous Snowflake/AT&T hacks as well as Cameron John Wagenius (aka Kiberphant0m
online), an active-duty US Army soldier, who both were arrested. Here's my story, as well as a free link below that.

https://www.technologyreview.com/2026/02/16/1132526/allison-nixon-hackers-security-researcher

https://archive.is/20260216131016/https://www.technologyreview.com/2026/02/16/1132526/allison-nixon-hackers-security-researcher

Hackers made death threats against this security researcher. Big mistake.

Allison Nixon had helped arrest dozens of members of The Com — a loose affiliation of online groups responsible for violence and hacking campaigns. Then she became a target.

MIT Technology Review
Kim ZetterJan 30

Polish grid systems targeted in December were wide open to attack, a new technical report from the Polish government reveals. Systems used default passwords and did not use multi-factor authentication. In some cases they also had outdated and unpatched software. Also, Polish investigators have found no evidence linking the attack to Russia's Sandworm hacking group, contrary to statements from security researchers. Instead, they attribute it to Berserk Bear, also a Russian group but one associated with the FSB instead of the GRU. Here's my story, which includes a link to the technical report.

https://www.zetter-zeroday.com/polish-grid-systems-targeted-in-cyberattack-had-little-security-per-new-report/

Polish Grid Systems Targeted in Cyberattack Had Little Security, Per New Report

The hackers behind a cyberattack that targeted Poland's grid infrastructure met little resistance when they hit systems at a heat-and-power plant and wind and solar farms last month. The intruders were able to easily access numerous systems at the affected facilities because the systems were configured with default usernames and

ZERO DAY
Kim ZetterJan 28

The hackers behind a cyberattack that targeted Poland's grid infrastructure in December disabled communication devices for at least 30 sites across a number of energy facilities in different parts of the country. The attackers were able to render the communication devices --known as remote terminal units or RTUs -- not only inoperable but also unrecoverable. This new information, combined with my story last week that the attack used a wiper aimed at erasing IT systems, shows that the attack was a multi-pronged operation targeting both IT and OT systems. Nonetheless, researchers are calling this an opportunistic attack rather than a fully planned one

https://www.zetter-zeroday.com/attack-against-polands-grid-disrupted-communication-devices-at-about-30-sites/

Attack Against Poland's Grid Disrupted Communication Devices at About 30 Sites

The hackers behind a cyberattack that targeted Poland's grid infrastructure in December disabled communication devices for at least 30 sites across a number of energy facilities in different parts of the country.  The hackers succeeded in disabling the communication systems, known as remote terminal units or RTUs, that are used

ZERO DAY
Show threadKim ZetterJan 27
@Amoshias I think we're talking past one another. I understand that because of the statute they charged him under, he wasn't charged with theft. But this doesn't change that it was in fact theft of confidential records that didn't belong to him. Just because they didn't charge him under a theft statute doesn't mean he didn't commit theft. You're talking about what he was actually charged with and I'm talking about what he did.
Show threadKim ZetterJan 27
@Amoshias Thanks for your comment. He did download the documents from the IRS server and took possession of them, and then provided them to unauthorized persons. So he didn't just provide them with information. He admitted to downloading them and physically giving them to reporters on a USB stick. I understand what he was charged with, but I'm also reporting on what he admitted to doing.