A single defect in an overnight cybersecurity update has taken down key internet services around the globe.

Why it matters: Major U.S. airlines have grounded their flights. TV news station Sky News went off air for an hour. Australia's largest bank, Commonwealth Bank, said customers haven't been able to transfer their funds.

Threat level: CrowdStrike, a major cybersecurity company whose customers include some of the biggest companies in the world, said a faulty software update — not a malicious cyberattack or a nation-state attack — is behind the widespread outages.

• A spokesperson for the American Hospital Association tells Axios that some U.S. hospitals and health care systems have been affected.
• The Social Security Administration has closed its local offices, and federal officials are scoping out the full impact on government agencies.
• Some experts estimate it could be days until all affected organizations are back up and running.

Zoom in: Overnight, CrowdStrike and Microsoft customers started reporting network outages commonly known as the "blue screen of death."

• The screen makes it impossible for anyone to access their computer, essentially locking them out of their system until they can find another way to gain access.
• CrowdStrike CEO George Kurtz said today that the blue screen is the result of a software bug found in an update for its endpoint security product. The issue is affecting only Windows systems.
• CrowdStrike has released guidance to resolve the issue — but many experts have noted that to fix the issue, customers have to be able to access their systems, which is difficult if they're already facing the blue screen.
• "Because the endpoints have crashed — the Blue Screen of Death — they cannot be updated remotely and the problem must be solved manually, endpoint by endpoint," Omer Grossman, CIO at Israeli cyber company CyberArk, said in an emailed statement. "This is expected to be a process that will take days."

Between the lines: Endpoint detection and response products monitor what traffic is passing through a system to keep malicious files, viruses and malware at bay.

• CrowdStrike's endpoint tools rely heavily on the cloud to protect all internet-connected devices running on a corporate network.
• However, to do this, CrowdStrike's technology requires widespread access to a computer's operating system so it can scan for potentially malicious technology.
• The faulty CrowdStrike software update has hindered customers whose virtual machines are running Microsoft's Windows Client and Windows Server.

State of play: Kurtz told NBC that many customers are already rebooting their systems and coming back online. But others may take a bit more time to fully recover.

• "We're deeply sorry for the impact that we've caused to customers, to travelers, to anyone affected by this, including our company," he said.

The big picture: CrowdStrike is a huge player in the cybersecurity field, known for working with major banks, governments and universities.

• In November, CrowdStrike was considered the worldwide leader in endpoint security sales, with an 18.5% market share in the second quarter of last year, according to a report from Canalys.

What we're watching: The repercussions of an outage this widespread will be felt for weeks, if not months.

• Experts already anticipate that this will be considered the largest IT outage in history. CrowdStrike has not said how the product update passed its own internal reviews.
• A White House official confirmed to Axios that the president has been briefed on the matter. Lawmakers are likely to send letters and hold hearings on the issue in the coming weeks.

The worldwide, cross-industry internet outage this morning was caused by an error at CrowdStrike, a company meant to prevent such crises.

Why it matters: The global meltdown that grounded flights and halted banking is a black eye for cybersecurity vendor CrowdStrike, which has been trusted by U.S. federal security agencies and some of the biggest companies in the world.

• CrowdStrike software is used by the airline, banking, media and entertainment, oil and gas, pharmaceutical, state government, technology, and other sectors.

Catch up quick: The outage was not linked to a security incident or cyberattack, CrowdStrike said. It was caused by a defect in an overnight product update.

• A fix for the issue was deployed, the company said this morning.

State of play: Based in Austin, Texas, CrowdStrike is a publicly traded company that provides cloud security tools, endpoint security, incident response, and threat intelligence products.

• Last year, it added a generative AI assistant for customers, Charlotte AI.

What they're saying: "CrowdStrike secures the most critical areas of risk — endpoints and cloud workloads, identity, and data — to keep customers ahead of today's adversaries and stop breaches," its website says.

• The outage affects devices hosted by Microsoft's Windows operating system.
• CrowdStrike's Falcon sensor, linked with the crash, was "built to stop breaches via a unified set of cloud-delivered technologies," the company's site says.

By the numbers: CrowdStrike made up almost 15% of the market share for security software segments in 2023, per a July analysis from management consulting company Gartner.

• It was second to Microsoft, which had 40%.

Between the lines: The Cybersecurity and Infrastructure Security Agency selected CrowdStrike in 2021 as one of the major platforms to support some of its security initiatives.

• The company was one of the first industry partners to work with CISA's Joint Cyber Defense Collaborative, launched to improve risk management across the federal, state and local levels.

Zoom in: CrowdStrike worked with the Democratic National Committee in 2016 to investigate a suspected hack and concluded that Russian intelligence-affiliated adversaries had breached the DNC.

• U.S. intelligence agencies and other security companies corroborated CrowdStrike's conclusions.

Flashback: CrowdStrike launched in 2012.

• The company released its first annual global threat report in 2018.
• It became publicly traded in 2019.

Context: CrowdStrike said it works with:

• 298 of the Fortune 500 companies.
• 8 of the top 10 financial services firms.
• 7 of the top 10 manufacturers.
• 43 of the 50 U.S. states.

@ D.C.

👨🏻‍⚖️ A judge dismissed all but one SEC charge yesterday against SolarWinds in a lawsuit over its 2020 Russian cyberattack. (Axios)

🏛 Sens. Richard Blumenthal (D-Conn.) and Josh Hawley (R-Mo.) sent a letter to AT&T and cloud storage company Snowflake seeking more details about a recent breach. (Reuters)

📲 Federal investigators relied on technology from Cellebrite to unlock a phone tied to the suspected shooter in the Donald Trump assassination attack, according to sources (Washington Post) — although leaked documents suggest that Cellebrite can't unlock newer iPhone models (404 Media).

@ Industry

🤝 The top AI model operators and tech companies are working together to develop cybersecurity and safety standards for AI tools. (Axios)

⚠️ A recent series of data breaches underscores how corporations have struggled to implement basic cybersecurity controls. (Wall Street Journal)

🤖 OpenAI has released a mini version of its powerful GPT-4o model to help expand use of its popular chatbot. (CNBC)

@ Hackers and hacks

☎️ A hacker has leaked a database of about 440,000 Life360 customers' phone numbers and other personal information on the dark web. (BleepingComputer)

🛢️ Oil and gas operators are taking a bigger hit in ransomware attacks, according to a new Sophos report. (CyberScoop)

On the upside: We have new inspiration for what should appear on the Sphere while many of us are at Black Hat and DEF CON in a few weeks!