Book of the day by Nicole Perlroth: Why the invisible cyber arms race affects your vote, your water, and your safety

New York Times cybersecurity reporter Nicole Perlroth spent a decade investigating hacks that most people never hear about — Russian attacks on nuclear plants, North Korean strikes on hospitals, Chinese infiltration of critical infrastructure. Her reporting revealed something terrifying: governments worldwide are stockpiling digital weapons that can shut down your electricity, contaminate your water, delete your medical records, or flip your vote. And they're losing control of these weapons.

In 2026, as AI accelerates both attack and defense capabilities, the cyber arms race has become the most dangerous conflict most people know nothing about. Every device you own, every system you depend on — banking, healthcare, utilities, transportation — runs on software riddled with vulnerabilities. The professionals who understand this threat aren't paranoid. They're realistic about how fragile our digital infrastructure actually is.

Headway, a daily growth app trusted by 55 million users worldwide, breaks down Nicole Perlroth's 'This Is How They Tell Me the World Ends: The Cyberweapons Arms Race' into quick insights you can apply immediately. Whether you're commuting or waiting in line, you can start understanding the invisible war being waged through the devices in your pocket.

Zero-day exploits are digital weapons of mass destruction

Perlroth explains that a zero-day vulnerability is a software flaw nobody knows about except the person who discovered it. Think of it as a secret door into every iPhone, every Windows computer, every Android device running that software. Hackers can walk through that door, steal everything inside, and leave without anyone noticing. The term "zero-day" means the software maker has had zero days to fix it because they don't know it exists.

These vulnerabilities are worth millions. Governments pay hackers top dollar — first thousands, then hundreds of thousands, now millions per exploit — to find these secret doors and keep them secret. The U.S. government became the world's biggest hoarder of zero-days, stockpiling digital weapons the same way it stockpiled nuclear weapons during the Cold War. The difference? Nuclear weapons require uranium enrichment facilities and missile silos. Zero-day exploits fit on a thumb drive.

The insight that changes everything: Every app on your phone, every program on your laptop, every system controlling your city's infrastructure contains vulnerabilities. The question isn't whether they exist. It's who finds them first — security researchers trying to fix them, or governments and criminals trying to exploit them.

📘 Download Headway to explore Perlroth's full investigation into how the cyber arms market actually works. 

The U.S. lost control of its weapons stockpile

Perlroth's most disturbing finding: the United States spent years secretly buying zero-day vulnerabilities and building cyberweapons, then lost control of them. In 2016 and 2017, a group called Shadow Brokers leaked some of the NSA's most powerful hacking tools onto the internet. Suddenly, America's most sophisticated cyberweapons were available to anyone with an internet connection.

What happened next proves why this matters. Within months, those leaked NSA tools powered WannaCry, a ransomware attack that hit hospitals across Britain's National Health Service. Patients couldn't access their records. Ambulances were diverted. Cancer treatments were delayed. People died. North Korea used American weapons to attack British hospitals, and there was nothing anyone could do to stop it because the tools were already public.

Russia used the same leaked NSA exploits to create NotPetya, which started as an attack on Ukraine but spread globally, causing $10 billion in damage to companies like Maersk, FedEx, and Merck. One pharmaceutical company spent $670 million recovering from an attack that exploited tools the U.S. government had kept secret instead of helping Microsoft fix the vulnerability.

The practical shift: The devices you depend on aren't just vulnerable to attack. They're vulnerable to attacks using weapons your own government built and then lost. When governments hoard vulnerabilities instead of disclosing them, they're choosing offensive capability over your safety. Every zero-day the NSA buys is a vulnerability your hospital's computers still have.

Headway's 2,500+ book summaries let you explore cybersecurity, geopolitics, and technology from multiple angles — from Snowden's autobiography to books on digital privacy and national security. The more frameworks you absorb in quick 3-20 minute sessions, the better you understand how digital threats connect to physical consequences.

📘 Check it yourself. Users report that understanding the intersection of technology and geopolitics through multiple books dramatically improved their ability to evaluate security risks in their own lives.

Mercenaries are selling exploits to dictatorships

Perlroth discovered a thriving global marketplace where private companies find zero-day vulnerabilities and sell them to the highest bidder. Israeli companies, European firms, American contractors — they scout the same talent that tech companies recruit, offer better pay, and put those engineers to work finding ways to break into iPhones, Android phones, and computers worldwide.

Who buys these exploits? Democracies buy them, claiming they need them for counterterrorism. But dictatorships buy them too, and they use them differently. Saudi Arabia used Israeli spyware to track journalist Jamal Khashoggi before murdering him. The UAE used the same tools to spy on dissidents, activists, and rival governments. Mexico used them to spy on journalists investigating corruption. Once the technology exists and a market develops, controlling who uses it becomes impossible.

The economics are brutal. A security researcher can report a vulnerability to Apple and maybe get $100,000. Or they can sell it to a broker who'll pay $2 million, who'll then sell it to a government for $3 million. The researcher makes twenty times more money by keeping the vulnerability secret. Every economic incentive pushes toward keeping your devices vulnerable rather than making them secure.

What this means for you: The next time you update your phone's operating system, understand what's happening. Those security patches fix vulnerabilities that someone discovered. In the best case, Apple or Google found them internally. More likely, a security researcher reported them. But for every vulnerability that gets patched, dozens or hundreds remain undiscovered. Some are known only to governments. Others are known only to criminals. And because there's more money in exploiting vulnerabilities than fixing them, the number of known-but-secret vulnerabilities grows every year.

📘 Start building your cyber awareness with Headway's bite-sized wisdom delivered every morning that you can practice throughout your day. 

Understand the invisible war affecting your daily life

Perlroth's book proves that cyberwarfare isn't science fiction or a distant threat. It's happening now, affecting elections, hospitals, banks, and utilities. In 2026's increasingly connected world, ignorance about digital threats isn't bliss — it's vulnerability.

Headway makes building this awareness simple and fun. Beyond 'This Is How They Tell Me the World Ends,' you'll find 2,500+ book summaries in text and audio covering technology, security, geopolitics, and current affairs. The app's gamified challenges turn abstract threats into understandable frameworks — whether you're standing in line, floating in a pool, or commuting to work.

The app adapts to how you learn best, making self-growth more convenient, enjoyable, and intuitive. Start with 15 minutes today and discover how understanding invisible threats makes you dramatically better at protecting yourself.

📘 Download Headway and join 55 million people who've made daily growth a habit.