Cybersecurity Today – “Infrastructure Under Attack”
Episode Date: January 5, 2026
Host: David Shipley (filling in for Jim Love)
Episode Overview
This episode tackles the escalating threats to critical infrastructure from state and non-state actors, provides details on significant recent cyber incidents—including alleged US cyber operations in Venezuela, a major data breach at Nova Scotia Power, and new findings on the Trust Wallet hack—and reflects on what these events mean for cybersecurity professionals worldwide in 2026.
Key Discussion Points and Insights
1. Alleged US Cyber Operation in Venezuela
Timestamps: 00:24 – 05:48
- Operation Overview: Over the weekend, the US conducted a military raid in Caracas resulting in the capture of Venezuelan President Nicolas Maduro.
- Cyber Disruption Hinted:
- President Trump suggested at a Mar-a-Lago press conference that US “technical capabilities” helped cut power in Caracas.
- Quote:
“Caricass was largely turned off… a certain expertise that we have… It was dark and it was deadly.” — President Donald Trump [01:11]
- Quote:
- General Dan Kane, Chairman of the Joint Chiefs of Staff, mentioned US Cyber Command, Space Command, and other combatant commands “layering different effects” to “create a pathway” for US forces.
- Quote:
“Began layering different effects… to create a pathway.” — Gen. Dan Kane [01:45]
- Quote:
- President Trump suggested at a Mar-a-Lago press conference that US “technical capabilities” helped cut power in Caracas.
- Network Outages Observed:
- NetBlocks detected significant loss of internet connectivity in Caracas concurrent with the power cuts.
- Quote:
“…if the cyber attacks contributed, the disruption was likely targeted and not a broader attack across the entire network space.” — Alp Tokar, NetBlocks [02:36]
- Quote:
- NetBlocks detected significant loss of internet connectivity in Caracas concurrent with the power cuts.
- Implications:
- These public allusions to cyber offensives against civilian infrastructure mark a potential escalation in cyberwarfare norms, blurring the line previously considered uncrossable.
- Follows previous Venezuelan allegations that US cyber attacks disrupted its oil company (PDVSA); the US has not commented.
Host Commentary:
“The open public discussion around the potential use of cyber to attack civilian critical infrastructure means the threat landscape just escalated for everyone, everywhere.”
— David Shipley [04:22]
2. Nova Scotia Power 2025 Breach
Timestamps: 05:49 – 09:49
- Incident Overview:
- Nova Scotia Power suffered a major data breach in April 2025, with up to 375,000 customers’ data compromised by a Russian-linked threat actor.
- The company is fighting to keep root cause details secret; the public report is heavily redacted.
- Response Details:
- NS Power engaged legal counsel (Osler) and cybersecurity firm Mandiant for investigation and response—standard practice for legal privilege.
- Contains discussion on legal battles over shielding technical breach details in Canada, the US (Capital One), and Australia (Metabank).
- Quote:
“Blanket approaches to prevent disclosure of expert reports have been fought over in the courts around the world…” [07:19]
- Quote:
- Key Findings:
- Incident likely began March 19, discovered April 25.
- Attack affected enterprise and billing systems, including Oracle’s E-Business Suite, Active Directory, and, notably, the Privileged Access Management system.
- No evidence attackers accessed operational technology or energy delivery (OT) systems, but report avoids stating those systems were never at risk.
- Full restoration expected by September 2026—17 months after discovery.
- Quote:
“Full restoration efforts for all affected systems may take until September 2026, 17 months after the incident was discovered…” [09:10]
- Quote:
- Ongoing projects: Network/backup complete (Nov 2025), MDR by end January, IAM by end September.
Host Commentary:
"Oracle's E Business Suite has popped up in a number of major incidents in 2025."
— David Shipley [08:34]
3. Trust Wallet Browser Extension Compromised (Shai Hulud Supply Chain Attack)
Timestamps: 09:50 – 10:51
- Incident Overview:
- Trust Wallet’s Chrome browser extension was compromised, resulting in $8.5 million stolen from over 2,500 wallets.
- Link to Shai Hulud Campaign:
- Attackers accessed exposed developer GitHub secrets, including Chrome Web Store API keys, enabling malicious builds to bypass Trust Wallet’s release workflow.
- Pattern matches tactics associated with the Shai Hulud supply chain campaign, known for targeting developer credentials and release pipelines.
- Quote:
“…the mechanism described here—stolen secrets leading to trusted release pipeline compromise—is consistent with what researchers have been warning about Shai Hulud.” [10:38]
- Quote:
- Response:
- Trust Wallet revoked compromised APIs, suspended malicious domains, began user reimbursement.
- Attackers now impersonate Trust Wallet support, disseminating scam compensation forms and ads across social media and Telegram.
Host Commentary:
“…attackers are now impersonating Trust Wallet support accounts and pushing fake compensation forms and scam ads, including through Telegram.”
— David Shipley [10:45]
Memorable Quotes & Their Context
| Timestamp | Speaker | Quote | |-----------|----------------|-----------------------------------------------------------------------------------------------------| | 01:11 | Trump | “Caricass was largely turned off… a certain expertise that we have… It was dark and it was deadly.” | | 01:45 | Gen. Dan Kane | “Began layering different effects… to create a pathway.” | | 02:36 | Alp Tokar | “…if the cyber attacks contributed, the disruption was likely targeted and not a broader attack…” | | 04:22 | Host | “The open public discussion… means the threat landscape just escalated for everyone, everywhere.” | | 07:19 | Host | “Blanket approaches to prevent disclosure of expert reports have been fought over in the courts…” | | 08:34 | Host | “Oracle’s E Business Suite has popped up in a number of major incidents in 2025.” | | 09:10 | Host | “Full restoration efforts… may take until September 2026, 17 months after the incident…” | | 10:38 | Host | “…the mechanism described here... is consistent with what researchers have been warning about…” | | 10:45 | Host | “…attackers are now impersonating Trust Wallet support accounts… including through Telegram.” |
Important Segments & Timestamps
- Alleged US cyber operation against Venezuela’s capital: 00:24 – 05:48
- Nova Scotia Power breach details & legal implications: 05:49 – 09:49
- Trust Wallet/Shai Hulud supply chain attack update: 09:50 – 10:51
Tone and Style
David Shipley’s delivery is calm, factual, and analytical. He contextualizes breaking news within recent industry and geopolitical trends, delivering deep insight with a sense of urgency for professionals yet without unwarranted alarmism.
Conclusion
This episode highlights critical shifts in the cybersecurity threat landscape, particularly the normalization of cyber operations targeting civilian infrastructure and the persistent challenges of supply chain security. It emphasizes the urgent need for security professionals and organizations globally to strengthen defenses and revisit incident response strategies in light of both state-sponsored and criminal threats.