NEW: Ireland is working on a law to regulate the use of spyware by the police.

There's no details yet, but the Irish government promises to balance the need to fight serious crime with spyware, with the need to respect privacy and human rights.

In this story I also included a little history lesson, a quick look back at Europe's two decades of using spyware.

Ireland proposes new law allowing police to use spyware | TechCrunch

The Irish government announced that it wants to pass a law that would grant police more surveillance powers, such as using spyware to fight serious crime, while aiming to protect the privacy rights of its citizens.

TechCrunch (techcrunch.com)

These are good pieces on the alleged U.S. cyberattack against the Venezuelan power grid. It seems that for now the skepticism is warranted until we get more details and some independent confirmation from threat intelligence/infrastrucure researchers.

1) This Linkedin post by @msbrumfield

https://www.linkedin.com/posts/cynthiabrumfield_ministerio-del-poder-popular-para-la-energ%C3%ADa-activity-7414651354180329472-VCXg/

2) This blog post by @dangoodin

Why I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity

NYT says US hackers were able to turn off power and then quickly turn it back on.

Ars Technica (arstechnica.com)

3) And here's the New York Times piece that cites "U.S. officials briefed on the operation."

nytimes.com

(www.nytimes.com)

NEW: Nicholas Moore, a hacker who broke into the systems of the U.S. Supreme Court and the Department of Veteran Affairs stole the personal data of victims and then posted it online on his @ihackthegovernment Instagram account.

Moore faces a maximum of a year in prison and a fine of up to $100,000.

Supreme Court hacker posted stolen government data on Instagram | TechCrunch

Nicholas Moore pleaded guilty to stealing victims’ information from the Supreme Court and other federal government agencies, and then posting it on his Instagram @ihackthegovernment.

TechCrunch (techcrunch.com)

NEW: Iran is entering its second week (170 hours and counting) of a nationwide internet blackout, now one of the longest in history.

Depending on who's counting, this shutdown either the third longest, or in the top ten.

Either way, the ongoing internet blackout is helping the Iranian authorities hide their brutal crackdown on protesters, which has killed more than 2,000 people according to one estimate.

Iran’s internet shutdown is now one of its longest ever, as protests continue | TechCrunch

Iran’s government-imposed internet shutdown enters its second week as authorities continue their violent crackdown on protesters.

TechCrunch (techcrunch.com)

NEW: 24-year-old Nicholas Moore will plead guilty to hacking the U.S. Supreme Court electronic filing system in 2023.

There aren't a lot of public details about this case for now. It will be interesting to find out what he accessed or stole.

Man to plead guilty to hacking US Supreme Court filing system | TechCrunch

A 24-year-old from Tennessee is expected to admit to accessing the Supreme Court’s electronic filing system without authorization dozens of times throughout 2023.

TechCrunch (techcrunch.com)

This always works.

This is one interesting detail in the report. I think here NSO suggests that they procure zero-days from outside researchers or brokers.

As of 18:45 UTC (1:45 pm ET/10:15 Tehran time) the internet has dropped to zero in Iran, according to Kertik.

(Chart via @dougmadory)

NEW: NSO Group has released a transparency report that is even less transparent than its own previous transparency reports, as it contains no data or information on customers at all.

Experts say the report is just an attempt to appease and push the U.S. government to be removed from a blocklist.

The spyware maker did not respond to our questions asking it to share details on the customers that it has rejected, investigated, suspended, or terminated due to human rights abuses.

Critics pan spyware maker NSO's transparency claims amid its push to enter US market | TechCrunch

The infamous spyware maker released a new transparency report claiming to be a responsible spyware maker, without providing insight into how the company dealt with problematic customers in the past.

TechCrunch (techcrunch.com)

NEW: The internet in Iran is nearly completely shut down, according to monitoring firms.

The blackout comes in the midst of countrywide protests that have lasted for days after spikes in prices and shortages of basic goods. The govenrment has responded with a violent crackdown.

“I think we’re at a near-total disconnection from the outside world now,” said Amir Rashidi, an Iranian cybersecurity researcher. 

Internet collapses in Iran amid protests over economic crisis | TechCrunch

Internet monitoring firms and experts say Iran’s internet has almost completely shut down, as protests spread through major cities.

TechCrunch (techcrunch.com)

NEW: A hacktivist (@back2theRoot) dressed as Pink Ranger from the Power Rangers wiped three white supremacist websites on stage at the end of a talk at Chaos Communication Congress (39C3).

The hacker also published users’ data, including full profiles with pictures and geolocation, on the website okstupid.lol.

The three racist websites are still down, a week after the live hack.

Hacktivist deletes white supremacist websites live onstage during hacker conference | TechCrunch

A hacker known as Martha Root broke in and deleted three white supremacist websites at the end of a talk during the annual hacker conference Chaos Communication Congress in Germany.

TechCrunch (techcrunch.com)

NEW: Apple, Google, and WhatsApp now regularly notify their users if they suspect they have been targeted or hacked with government spyware, such as that made by Intellexa, NSO Group, or Paragon.

Getting one of these can be scary, shocking, and confusing. So we spoke to experts and wrote a guide on what to do, and where to go, if you receive one of those notifications.

https://techcrunch.com/2025/12/29/youve-been-targeted-by-government-spyware-now-what/

NEW: Meet the folks at AccessNow's Digital Security Helpline, who have been investigating government spyware abuses for more than a decade, helping journalists and dissidents all over the world.

Hassen Selmi, who heads the incident response team, told me his team looks into around 1,000 cases a year. Half of those turn into full investigations, and around 25 result in confirmed spyware infections.

Here’s how Selmi’s team fights spyware abuses.

Meet the team that hunts government spyware

For years, Access Now’s Digital Security Helpline has been aiding journalists and dissidents who have been targeted with government spyware. This is how they operate.

TechCrunch (techcrunch.com)

Out of curiosity, thinking that perhaps I missed something important or interesting, I searched for “Hacking Team” on YouTube and found this video.

I watched only 2 minutes, which are full of made up stuff presented as facts. Now I wonder if the script was AI generated. It has been 200k views.

https://www.youtube.com/watch?v=CJqwOHEY0Q8

NEW: Hackers stole more than $2.7 billion in crypto last year, according to multiple blockchain monitoring companies.

North Korea alone stole 2 of those billions, thanks to the jackpot of the Bybit hack, which netted them $1.4 billion.

Hackers stole over $2.7B in crypto in 2025, data shows | TechCrunch

This was another banner year for crypto hacks and heists — 2025 was the third year in a row that a new crypto theft record was set.

TechCrunch (techcrunch.com)

NEW: U.S. insurance giant Aflac says its June data breach affected 22.6 million people.

The hackers, the company says, stole data such as Social Security numbers, government IDs, and health information.

https://techcrunch.com/2025/12/23/us-insurance-giant-aflac-says-hackers-stole-personal-data-of-22-6-million/

What's up with all these "secret location" Barcelona offensive cybersecurity conferences?

NEW: La Poste, France's postal and banking services company, hit by a suspected Distributed Denial of Service attack.

The postal service called the incident “a major network incident” that was disrupting “all of our information systems.”

France's postal and banking services disrupted by suspected DDoS attack | TechCrunch

France's postal service, La Poste, said it was hit by a disruptive cyberattack that knocked its services offline.

TechCrunch (techcrunch.com)