TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Cyberattacks & Data Breaches Trellix Source Code Breach Highlights Growing Supply Chain Threats Trellix Source Code Breach Highlights Growing Supply Chain Threats by Rob Wright May 5, 2026 3 Min Read Vulnerabilities & Threats Why Security Leadership Makes or Breaks a Pen Test Why Security Leadership Makes or Breaks a Pen Test by Jai Vijayan May 5, 2026 5 Min Read World Related Topics DR Global Middle East & Africa Asia Pacific Latin America See All The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Partner Perspectives Dark Reading Resource Library Threat Intelligence Cyberattacks & Data Breaches Vulnerabilities & Threats Cybersecurity Operations News Since 2006, Dark Reading has been at the forefront of covering cybersecurity, providing deep insights and analysis beyond the headlines. All those major news events? We were there. Shifts in technology trends? We wrote about them. Enjoy this special anniversary coverage celebrating where we've been and what's next. From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber As part of Dark Reading's 20th anniversary celebration, its staff looks back on 20 of the biggest newmaking events from the past two decades that shaped our industry and the risk landscape for today's security teams. Dark Reading Editorial Team May 6, 2026 31 Min Read From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber Over the past two decades, cyber has evolved into a board-level business risk, with early Internet worms and endpoint viruses giving way to industrial-grade operations that can disrupt hospitals, utilities, and supply chains, erode public trust, and rattle markets. The lesson for security leaders is straightforward: in a hyperconnected enterprise, the blast radius is no longer just digital, it’s operational and strategic. As part of Dark Reading's 20th anniversary celebration, our staff took a look back at the biggest cyber moments in the past two decades that have rewritten the playbook for security teams and changed the face of how we perceive cybersecurity threats and defense strategies. We revisit the impact of WannaCry and NotPetya; the SolarWinds compromise; Colonial Pipeline; the rise of Anonymous; the birth of ChatGPT; and much more. As we examine these 20 defining moments, we also consider their present-day ramifications, and their legacy can’t be overstated. Liability concerns now abound, with disclosure rules, critical infrastructure directives, and sector-specific obligations raising the stakes for CISOs and boards. Attacker automation (including AI) and supercharged exploit pipelines are compressing defenders’ response windows. There's also been a steady rise of intrusions that can degrade operations and safety, not just data; and ransomware has become an core operations risk. And meanwhile, supply chain vectors and identity abuse now challenge the limits of how attackers can reach their victims, especially in the age of agentic AI and non-human identities. Join us as we revisit a few major catalysts for these evolutions, gleaned from Dark Reading's 20 years of industry coverage. Click here for all of our DR20 content , which will be rolling out across the month of May. Keep checking back for new items! Stuxnet Sabotages Centrifuges and the 'Airgap' The discovery in July 2010 of what was believed to be the first known kinetic cyberattack on industrial systems and processes served as a massive klaxon of warning to critical infrastructure and operational-technology (OT) network operators worldwide. Stuxnet targeted the secretive Natanz nuclear facility in Iran, forcing thousands of centrifuges used to enrich uranium to spin wildly out of control and fail. The attack also shattered the illusion that logically separating IT and OT networks — known as air-gapping — kept industrial plants and their processes immune from cyberattacks. The complex worm malware consisted of four zero-day exploits that traveled to the plant's Windows-based machines via USB devices that were somehow plugged into plant machines. Stuxnet infected machines running Siemens SIMATIC Step 7 or Siemens SIMATIC WinCC industrial control system (ICS) software, which communicated with the programmable logic controllers (PLC) that operated the centrifuges used for enriching uranium. The attack, reportedly the handiwork of US and Israel nation-state hackers, demonstrated next-level cyber capabilities. Ralph Logan, an ICS security expert who studied Stuxnet while at The Honeynet Project, says it was Stuxnet's stunning "precision" that gave him and his team pause. "This wasn't crude destruction; it was engineered sabotage designed to appear as mechanical failure," Logan recalls. "That precision signaled something we understood immediately: this represented a doctrine shift, not just an attack. A nation-state had demonstrated that critical infrastructure could be targeted with surgical accuracy and … it worked." Stuxnet's story didn't end there. Three years later, researchers at Symantec found what they described as a precursor to Stuxnet, aka Stuxnet 0.5 , malware dating back to 2005 that targeted Siemens 417 PLCs to sabotage the valves that fed uranium hexaflouride gas into the uranium enrichment centrifuges. And just last month, SentinelOne researchers cited a cyber weapon that predates Stuxnet's discovery. The malware framework, tracked as fast16 , could sabotage systems by injecting stealthy errors into their mathematical computations. Anonymous, LulzSec Hacking Sprees Put Cybersecurity Teams on Notice When Anonymous and LulzSec emerged in the mid-2000s to usher in the era of "hacktivist" and nuisance-related messaging campaigns, they lit a fire under security teams in both the private and public sectors and represented an important new wrinkle in the cyber-risk landscape. While their exploits now seem like quaint relics of a bygone era, given they've been largely replaced by ransomware gangs, extortion groups, and nation-state advanced persistent threat (APT) actors, it's important to remember that the likes of Scattered Spider and ShinyHunters probably wouldn't exist without these two pioneering the idea of a hacking collective. Anonymous emerged in the mid-2000s and members, with their notorious Guy Fawkes masks, began their hacking activity in earnest in 2008 with simple distributed denial of service (DDoS) attacks against the controversial Church of Scientology. Later, they mounted attacks in support of WikiLeaks , the Pirate Bay, and other causes before graduating to data breaches and leaks, where they breached San Francisco's Bay Area Rapid Transit (BART) system as well as government websites and agencies in China and Syria, among others. As the 2010s progressed, the group shifted to more politically motivated hacks before its activity waned. LulzSec, on the other hand, was short-lived by comparison. The rival group launched in 2011, ostensibly to spotlight porous cybersecurity defenses of major organizations. However, the group would admit from time to time that the hacking was largely for members' own amusement or "the lulz." Its exploits include hack-and-leak attacks against Fox News, PBS, and Sony Pictures (no, not that one ). The group also compromised senate.gov, the website for the US Senate, leaking usernames and passwords. The group, which disbanded later that year, was viewed as a "grey hat" hacktivist operation, but US authorities didn't see it that way. The FBI labeled LuzlSec as an "international cyber criminal group" and arrested several members , including Hector "Sabu" Monsegur. And instead of website hacks and DDoS attacks, today's hacker collectives, like "The Com," are conducting devastating, financially motivated cyberattacks against a wide range of organizations. But it all started with Anonymous and LulzSec. Theft of RSA's SecurID Seed Changes 2-Factor Authentication Attackers, widely believed to be a Chinese advanced persistent threat (APT) group, launched a multipronged campaign in 2011 against RSA Security that included spear-phishing emails, malicious Flash code embedded in Excel spreadsheets, and multistage malware. The attackers successfully stole the seed information for RSA SecurID tokens , essentially rendering all existing tokens useless. Up until this incident, RSA SecurID was considered the gold standard for two-factor authentication (2FA). The tokens generated one-time passwords (OTPs) that expired after 30 to 60 seconds (depending on their configuration), making it difficult for attackers to log in even if they had valid credentials. By stealing the seed information — the cryptographic keys used to generate the OTPs — the attackers could predict future codes for compromised tokens, requiring organizations to replace them all. The threat was not theoretical: stolen seed data was used in an attack against Lockheed Martin a few months later. This incident was one of the