Cybersecurity Today – “Infrastructure Under Attack”

Episode Date: January 5, 2026
Host: David Shipley (filling in for Jim Love)

Episode Overview

This episode tackles the escalating threats to critical infrastructure from state and non-state actors, provides details on significant recent cyber incidents—including alleged US cyber operations in Venezuela, a major data breach at Nova Scotia Power, and new findings on the Trust Wallet hack—and reflects on what these events mean for cybersecurity professionals worldwide in 2026.

Key Discussion Points and Insights

1. Alleged US Cyber Operation in Venezuela

Timestamps: 00:24 – 05:48

Operation Overview: Over the weekend, the US conducted a military raid in Caracas resulting in the capture of Venezuelan President Nicolas Maduro.
Cyber Disruption Hinted:
- President Trump suggested at a Mar-a-Lago press conference that US “technical capabilities” helped cut power in Caracas.
  - Quote:
    “Caricass was largely turned off… a certain expertise that we have… It was dark and it was deadly.” — President Donald Trump [01:11]
- General Dan Kane, Chairman of the Joint Chiefs of Staff, mentioned US Cyber Command, Space Command, and other combatant commands “layering different effects” to “create a pathway” for US forces.
  - Quote:
    “Began layering different effects… to create a pathway.” — Gen. Dan Kane [01:45]
Network Outages Observed:
- NetBlocks detected significant loss of internet connectivity in Caracas concurrent with the power cuts.
  - Quote:
    “…if the cyber attacks contributed, the disruption was likely targeted and not a broader attack across the entire network space.” — Alp Tokar, NetBlocks [02:36]
Implications:
- These public allusions to cyber offensives against civilian infrastructure mark a potential escalation in cyberwarfare norms, blurring the line previously considered uncrossable.
- Follows previous Venezuelan allegations that US cyber attacks disrupted its oil company (PDVSA); the US has not commented.

Host Commentary:

“The open public discussion around the potential use of cyber to attack civilian critical infrastructure means the threat landscape just escalated for everyone, everywhere.”
— David Shipley [04:22]

2. Nova Scotia Power 2025 Breach

Timestamps: 05:49 – 09:49

Incident Overview:
- Nova Scotia Power suffered a major data breach in April 2025, with up to 375,000 customers’ data compromised by a Russian-linked threat actor.
- The company is fighting to keep root cause details secret; the public report is heavily redacted.
Response Details:
- NS Power engaged legal counsel (Osler) and cybersecurity firm Mandiant for investigation and response—standard practice for legal privilege.
- Contains discussion on legal battles over shielding technical breach details in Canada, the US (Capital One), and Australia (Metabank).
  - Quote:
    “Blanket approaches to prevent disclosure of expert reports have been fought over in the courts around the world…” [07:19]
Key Findings:
- Incident likely began March 19, discovered April 25.
- Attack affected enterprise and billing systems, including Oracle’s E-Business Suite, Active Directory, and, notably, the Privileged Access Management system.
- No evidence attackers accessed operational technology or energy delivery (OT) systems, but report avoids stating those systems were never at risk.
- Full restoration expected by September 2026—17 months after discovery.
  - Quote:
    “Full restoration efforts for all affected systems may take until September 2026, 17 months after the incident was discovered…” [09:10]
- Ongoing projects: Network/backup complete (Nov 2025), MDR by end January, IAM by end September.

Host Commentary:

"Oracle's E Business Suite has popped up in a number of major incidents in 2025."
— David Shipley [08:34]

3. Trust Wallet Browser Extension Compromised (Shai Hulud Supply Chain Attack)

Timestamps: 09:50 – 10:51

Incident Overview:
- Trust Wallet’s Chrome browser extension was compromised, resulting in $8.5 million stolen from over 2,500 wallets.
Link to Shai Hulud Campaign:
- Attackers accessed exposed developer GitHub secrets, including Chrome Web Store API keys, enabling malicious builds to bypass Trust Wallet’s release workflow.
- Pattern matches tactics associated with the Shai Hulud supply chain campaign, known for targeting developer credentials and release pipelines.
  - Quote:
    “…the mechanism described here—stolen secrets leading to trusted release pipeline compromise—is consistent with what researchers have been warning about Shai Hulud.” [10:38]
Response:
- Trust Wallet revoked compromised APIs, suspended malicious domains, began user reimbursement.
- Attackers now impersonate Trust Wallet support, disseminating scam compensation forms and ads across social media and Telegram.

Host Commentary:

“…attackers are now impersonating Trust Wallet support accounts and pushing fake compensation forms and scam ads, including through Telegram.”
— David Shipley [10:45]

Memorable Quotes & Their Context

| Timestamp | Speaker | Quote | |-----------|----------------|-----------------------------------------------------------------------------------------------------| | 01:11 | Trump | “Caricass was largely turned off… a certain expertise that we have… It was dark and it was deadly.” | | 01:45 | Gen. Dan Kane | “Began layering different effects… to create a pathway.” | | 02:36 | Alp Tokar | “…if the cyber attacks contributed, the disruption was likely targeted and not a broader attack…” | | 04:22 | Host | “The open public discussion… means the threat landscape just escalated for everyone, everywhere.” | | 07:19 | Host | “Blanket approaches to prevent disclosure of expert reports have been fought over in the courts…” | | 08:34 | Host | “Oracle’s E Business Suite has popped up in a number of major incidents in 2025.” | | 09:10 | Host | “Full restoration efforts… may take until September 2026, 17 months after the incident…” | | 10:38 | Host | “…the mechanism described here... is consistent with what researchers have been warning about…” | | 10:45 | Host | “…attackers are now impersonating Trust Wallet support accounts… including through Telegram.” |

Important Segments & Timestamps

Alleged US cyber operation against Venezuela’s capital: 00:24 – 05:48
Nova Scotia Power breach details & legal implications: 05:49 – 09:49
Trust Wallet/Shai Hulud supply chain attack update: 09:50 – 10:51

Tone and Style

David Shipley’s delivery is calm, factual, and analytical. He contextualizes breaking news within recent industry and geopolitical trends, delivering deep insight with a sense of urgency for professionals yet without unwarranted alarmism.

Conclusion

This episode highlights critical shifts in the cybersecurity threat landscape, particularly the normalization of cyber operations targeting civilian infrastructure and the persistent challenges of supply chain security. It emphasizes the urgent need for security professionals and organizations globally to strengthen defenses and revisit incident response strategies in light of both state-sponsored and criminal threats.

Transcript

A (0:00)

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack with wired, wireless and cellular all in one integrated solution that's built for performance and scale. You can find them at meter.com CST.

B (0:24)

Trump hints USU's cyber to turn off lights in Venezuela Nova Scotia Power fights keep its April 2025 breach incident details secret and trust Wallet hack link to Shai Hulud this is Cybersecurity Today and I'm your host David Shipley. Let's get started. US President Donald Trump and senior US Military officials over the weekend alluded to the use of cyber disruption in their recent raid on Venezuela's capital. Over the weekend, the United States carried out an operation in and around Caracas that ended with Venezuelan President Nicolas Maduro in US Custody. At a press conference at Mar A Lago, President Donald Trump suggested, without explicitly confirming a cyber attack, that U.S. technical capabilities helped cut power in the Venezuelan capital during the strikes. Trump said caricass was largely turned off and attributed it to, quote, a certain expertise that we have, adding, it was dark and it was deadly. During the same press conference, the Chairman of the Joint Chiefs of Staff, General Dan Kane said U.S. cyber Command, U.S. space Command and other combatant commands, quote, began layering different effects, end quote, to quote, create a pathway, end quote, for US Forces flying into the country early Saturday morning. Kaine did not explain what those effects were, and the White House Cyber Command and Space Command did not respond to media requests for comments on cyber operations in Venezuela. But there was an external indicator of disruption during the timeframe described. Internet monitoring group NetBlocks reported a loss of Internet connectivity in Caracas during power cuts early Saturday morning. NetBlock's founder, Alp Tokar, said that if the cyber attacks contributed, the disruption was likely targeted and not a broader attack across the entire network space. The US Government has not confirmed cyber activity affecting Venezuela's power grid, but the president's comments and military references to coordinated effects have renewed attention on how cyber capabilities can and should be used in conflict, including effects on civilian critical infrastructure. This news also follows recent accusations from Venezuela's state oil company Pete Vesa, which last month claimed the US Government was responsible for a cyber attack that caused disruptions in its business operations across the country. The Trump administration has not publicly commented on that allegation. Critical infrastructure and especially the operational technology that runs our power grids, water utilities, telecommunications companies and so much more have long been known to be incredibly vulnerable. We know that nation states and state sponsored hackers have the capacity to break into them, to spy and even to disrupt them. The bigger question has been what's been holding so many back. Many believe it's seen as a line not to be crossed lightly. But now that line may have been crossed in a very public way. So where does this leave cyber professionals? First, the open public discussion around the potential use of cyber to attack civilian critical infrastructure means the threat landscape just escalated for everyone everywhere. And it comes after we've learned from attacks like Salt Typhoon China's nation state team that compromised telecommunications critical infrastructure around the world that most countries are ill prepared to defend against nation state or even criminal compromises. And this has to change now. After this weekend, the global critical infrastructure security race just heated up even more. All right, our second story today stays with critical infrastructure. The incident report from Nova Scotia Power's major April 2025 breach was released on December 29th. Nova Scotia Power is fighting to keep key elements of that incident report, most importantly the actual details of how the compromise happened from being released to the broader public. We still don't know today what the root cause of the incident was, which did result in detailed personal information on up to 375,000 customers being compromised by a Russian linked threat actor. The report doesn't say if the initial compromise was the result of a phishing attack, credential stuffing, Internet connected system or software vulnerability, third party supply chain or insider threat. In the request to keep certain details redacted, however, NS Power alludes to references to software incursion. The regulatory body responsible for NS Power, the Nova Scotia Energy Board, has released the redacted 40 page incident report while it reviews Nova Scotia Power's request, what we do know from the report is that when it discovered the incident in April, Nova Scotia Power hired Osler, one of Canada's most powerful law firms, who in turn hired Mandian to help with the investigation and incident response. This is a standard approach that's often used to help shield technical details in an incident as privileged legal information. However, blanket approaches to prevent disclosure of expert reports have been fought over in the courts around the world, including by Canadian privacy regulators after the Life Labs health information breach. And in the United States, a ruling against Capital One in a data breach case in 2020 forced it to hand over a Mandian incident report. A 2025 ruling on the Australian health information breach at Metabank also ruled against the use of privilege in trying to shield technical reports. Under the direction of Osler, Mandian assisted Nova Scotia Power and other cybersecurity experts with containment, investigation and remediation efforts, and took immediate actions to and remediate the unauthorized activity, including containing and isolated affected servers, limiting network connectivity and identifying and resetting compromised account credentials and hardening the environment. The reaction to the incident didn't just focus on business systems. Risks to operational technology networks were also dealt with. According to the report, quote, teams within Nova Scotia Power began working diligently with cybersecurity experts to further isolate the operational technology and energy delivery systems. The report notes that they have no evidence attackers accessed operational technology or energy delivery systems. Interestingly, the report doesn't say those systems were never exposed or at risk. The report says forensic investigations were complex and the subsequent details were all redacted, except that it believed the incident started on March 19 and was discovered by Nova Scotia Power on April 25. The attack and recovery impacted enterprise reporting and planning systems including PeopleSoft, Power Plan and, interestingly, Oracle's E Business Suite. Oracle's E Business Suite has popped up in a number of major incidents in 2025. It also took down customer billing systems and IT systems, including Active Directory and most troubling, the Privileged Access Management system. According to the report, Full restoration efforts for all affected systems may take until September 2026, 17 months after the incident was discovered to be completed. An identity and access management project is set to be completed by September 30th. A new MDR project will be completed by the end of January. Network and backup projects were completed in November 2025, more than six months after the incident was discovered. Story 3 Today is an update on the Trust Wallet incident we covered in our December 29th special holiday update. Trust Wallet now believes the compromise of its Chrome browser extension is likely connected to the broader cross industry wide Shai Hulud supply chain campaign. Trust Wallet says the incident led to roughly $8.5 million being stolen from more than 2,500 wallets. In an update last week, Trust wallet said developer GitHub secrets were exposed which gave the attackers access to the extension, source code and critically, the Chrome Web Store API key. Trust Wallet says the attacker then obtained full Chrome Web Store API access through that leak key, allowing the builds to be uploaded directly without TrustWallet's standard internal release process, which normally requires internal approval and manual code review. TrustWallet says this is a key reason they believe the incident is likely related to Shai Hulud, because Shai Hulud is known for targeting the developer ecosystem to steal credentials, secrets and publishing access at scale and the mechanism described here stolen secrets leading to trusted release pipeline compromise is consistent with what researchers have been warning about Shai Hulud. Trust Wallet also described additional infrastructure involved in the incident, saying the attacker registered a domain used to host malicious code referenced by the Trojanized extension, and the company says it has since revoked the release. APIs worked to suspend malicious domains and started reimbursing affected users. Trust Wallet is also warning that attackers are now impersonating Trust Wallet support accounts and pushing fake compensation forms and scam ads, including through Telegram. I've been your host David Shipley Jim Love will be back on Wednesday. If you enjoy the show, please tell others. Consider leaving a review and remember to like and subscribe. We'd love to reach even more people and we continue to need your help. Thanks for listening and Happy New Year.

Cybersecurity Today – “Infrastructure Under Attack”

Episode Date: January 5, 2026
Host: David Shipley (filling in for Jim Love)

Episode Overview

Key Discussion Points and Insights

1. Alleged US Cyber Operation in Venezuela

Timestamps: 00:24 – 05:48

Operation Overview: Over the weekend, the US conducted a military raid in Caracas resulting in the capture of Venezuelan President Nicolas Maduro.
Cyber Disruption Hinted:
- President Trump suggested at a Mar-a-Lago press conference that US “technical capabilities” helped cut power in Caracas.
  - Quote:
    “Caricass was largely turned off… a certain expertise that we have… It was dark and it was deadly.” — President Donald Trump [01:11]
- General Dan Kane, Chairman of the Joint Chiefs of Staff, mentioned US Cyber Command, Space Command, and other combatant commands “layering different effects” to “create a pathway” for US forces.
  - Quote:
    “Began layering different effects… to create a pathway.” — Gen. Dan Kane [01:45]
Network Outages Observed:
- NetBlocks detected significant loss of internet connectivity in Caracas concurrent with the power cuts.
  - Quote:
    “…if the cyber attacks contributed, the disruption was likely targeted and not a broader attack across the entire network space.” — Alp Tokar, NetBlocks [02:36]
Implications:
- These public allusions to cyber offensives against civilian infrastructure mark a potential escalation in cyberwarfare norms, blurring the line previously considered uncrossable.
- Follows previous Venezuelan allegations that US cyber attacks disrupted its oil company (PDVSA); the US has not commented.

Host Commentary:

“The open public discussion around the potential use of cyber to attack civilian critical infrastructure means the threat landscape just escalated for everyone, everywhere.”
— David Shipley [04:22]

2. Nova Scotia Power 2025 Breach

Timestamps: 05:49 – 09:49

Incident Overview:
- Nova Scotia Power suffered a major data breach in April 2025, with up to 375,000 customers’ data compromised by a Russian-linked threat actor.
- The company is fighting to keep root cause details secret; the public report is heavily redacted.
Response Details:
- NS Power engaged legal counsel (Osler) and cybersecurity firm Mandiant for investigation and response—standard practice for legal privilege.
- Contains discussion on legal battles over shielding technical breach details in Canada, the US (Capital One), and Australia (Metabank).
  - Quote:
    “Blanket approaches to prevent disclosure of expert reports have been fought over in the courts around the world…” [07:19]
Key Findings:
- Incident likely began March 19, discovered April 25.
- Attack affected enterprise and billing systems, including Oracle’s E-Business Suite, Active Directory, and, notably, the Privileged Access Management system.
- No evidence attackers accessed operational technology or energy delivery (OT) systems, but report avoids stating those systems were never at risk.
- Full restoration expected by September 2026—17 months after discovery.
  - Quote:
    “Full restoration efforts for all affected systems may take until September 2026, 17 months after the incident was discovered…” [09:10]
- Ongoing projects: Network/backup complete (Nov 2025), MDR by end January, IAM by end September.

Host Commentary:

"Oracle's E Business Suite has popped up in a number of major incidents in 2025."
— David Shipley [08:34]

3. Trust Wallet Browser Extension Compromised (Shai Hulud Supply Chain Attack)

Timestamps: 09:50 – 10:51

Incident Overview:
- Trust Wallet’s Chrome browser extension was compromised, resulting in $8.5 million stolen from over 2,500 wallets.
Link to Shai Hulud Campaign:
- Attackers accessed exposed developer GitHub secrets, including Chrome Web Store API keys, enabling malicious builds to bypass Trust Wallet’s release workflow.
- Pattern matches tactics associated with the Shai Hulud supply chain campaign, known for targeting developer credentials and release pipelines.
  - Quote:
    “…the mechanism described here—stolen secrets leading to trusted release pipeline compromise—is consistent with what researchers have been warning about Shai Hulud.” [10:38]
Response:
- Trust Wallet revoked compromised APIs, suspended malicious domains, began user reimbursement.
- Attackers now impersonate Trust Wallet support, disseminating scam compensation forms and ads across social media and Telegram.

Host Commentary:

“…attackers are now impersonating Trust Wallet support accounts and pushing fake compensation forms and scam ads, including through Telegram.”
— David Shipley [10:45]

wavePod

Infrastructure Under Attack: Cybersecurity Today for Monday January 5, 2026

Summary

Cybersecurity Today – “Infrastructure Under Attack”

Episode Overview

Key Discussion Points and Insights

1. Alleged US Cyber Operation in Venezuela

Host Commentary:

2. Nova Scotia Power 2025 Breach

Host Commentary:

3. Trust Wallet Browser Extension Compromised (Shai Hulud Supply Chain Attack)

Host Commentary:

Memorable Quotes & Their Context

Important Segments & Timestamps

Tone and Style

Conclusion

Transcript

Summary

Cybersecurity Today – “Infrastructure Under Attack”

Episode Overview

Key Discussion Points and Insights

1. Alleged US Cyber Operation in Venezuela

Host Commentary:

2. Nova Scotia Power 2025 Breach

Host Commentary:

3. Trust Wallet Browser Extension Compromised (Shai Hulud Supply Chain Attack)

Host Commentary:

Memorable Quotes & Their Context

Important Segments & Timestamps

Tone and Style

Conclusion