A

You're listening to the Cyberwire Network, powered by N2K.

B

Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effort, transform complexity into simplicity and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire. Venezuela blames physical attacks for blackouts as cyber questions swirl, Trump reverses a chip technology sale over national security issues and removes sanctions linked to Predator spyware. Greek officials say an air traffic shutdown was not a cyber attack. The US army launches a new officer specialization in AI and machine learning. The Kim Wolf botnet infects more than 2 million devices worldwide. Zoom Stealer uses browser extensions to grab sensitive online meeting data. The European Space Agency confirms a cybersecurity incident Former lawmakers and cyber policy leaders warn that U.S. cyber defenses are slipping on today's afternoon cyber tea. Host Ann Johnson welcomes Troy Hunt, founder of have I Been Pwned? And a researcher swipes left on White supremacy.

C

Foreign.

B

It's Monday, January 5th, 2026. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Happy New Year and thanks for joining us. It is great to have you with us here. Today the United States launched a coordinated military operation in Caracas that led to the capture of Venezuelan President Nicolas Maduro, accompanied by widespread power and Internet outages. President Donald Trump suggested The blackout reflected U.S. expertise, while Joint Chiefs Chair John Daniel Kane said U.S. cyber Command and Space Command helped layer different effects to enable the operation. Officials did not confirm whether cyberattacks were used. Internet monitoring group NetBlocks recorded connectivity losses during the outage, noting any cyber roll would likely have been targeted. Venezuela's government claims the blackout resulted from physical attacks on substations, not hacking. The incident has renewed attention on cyber enabled warfare, especially given recent allegations by oil firm PDVSA that the US previously targeted its infrastructure. If confirmed, the Caracas outage would represent one of the most visible uses of US Cyberpower in a military operation. President Trump ordered the reversal of a $2.9 million chip technology sale, citing US security risks tied to foreign ownership. The deal, approved in 2024 under Joe Biden, transferred computer chip and wafer fab assets from M Corp. Corporation to Hifo Corporation. Trump said Credible evidence shows HiFo's owner is a citizen of the People's Republic of China and ordered divestment within 180 days. Elsewhere, the Treasury Department removed sanctions on three individuals linked to the Intellexa consortium, reversing Biden era designations tied to the Predator spyware operation. Those delisted include Mehram Harpaz, Andrea Gambazi and Sarah Hamau, all sanctioned in 2024 for roles supporting Intellexa's opaque corporate structure. Treasury said the decision followed a reconsideration petition and concluded the individuals had sufficiently distanced themselves from the consortium. The move marks a sharp shift from the Biden administration's aggressive crackdown on spyware vendors. Digital rights groups warned the delisting risks undermining accountability, noting Predator was used to target dozens of US Officials and remains active globally despite signs of reduced use. Greece temporarily shut its airspace after a major radio communications failure disrupted air traffic control systems nationwide. Transport Minister Christos Damas said the incident, caused by noise across multiple communication channels, was unlikely to be a cyber attack, though investigations continue. Flights were grounded, delayed or diverted for hours, stranding thousands of passengers. The Greek Civil Aviation Authority said. Backup systems were also affected. Authorities launched judicial and internal probes, while controllers renewed calls to modernize aging equipment. The US army is creating a new officer specialization in artificial intelligence and machine learning, designated 49B. Set to begin in January, the move aims to build a data centric force by improving decision making, intelligence, logistics and robotic system integration. Officers with relevant backgrounds are encouraged to apply and will receive advanced master's level training through 2026. The initiative follows the Pentagon's launch of Genai Mil, an AI system based on Google's Gemini model, amid broader government efforts to accelerate AI adoption In defense, Krebs on security highlights a rapidly growing botnet called Kimwolf that has infected more than 2 million devices worldwide, exposing a major blind spot in home network security, according to researchers at Synthient, Kimwolf spreads by abusing residential proxy services to tunnel through firewalls and compromised devices assumed to be protected behind home routers. The botnet primarily infects unofficial Android TV boxes and digital photo frames, many of which ship with malware pre installed or with insecure features like Android Debug Bridge enabled by default. Synthient traced much of Kimwolf's growth to vulnerabilities in the residential proxy network iPidia, which attackers use to access internal local networks and deploy malware at scale. While IPidia says it has since patched the flaws, researchers warn the campaign highlights how proxy networks and insecure consumer devices can enable large scale abuse, including DDoS attacks, fraud and deep intrusion into private home networks. Researchers have uncovered a large scale browser extension campaign dubbed Zoomstealer that has affected roughly 2.2 million users across Chrome, Firefox and Microsoft Edge. According to Coy Security, 18 malicious but fully functional extensions collected sensitive online meeting data, including URLs, IDs, embedded passwords, participant details and corporate metadata from platforms like Zoom, Microsoft Teams and Google Meet. Zoom Stealer is one of three related campaigns reaching more than 7.8 million users over seven years, attributed to a single threat actor tracked as Dark Specter, believed to be China linked. Researchers say the stolen data enables corporate espionage, sales, intelligence and highly convinc social engineering. Despite being reported, several extensions remain available, highlighting ongoing risks from overly permissive browser add ons. The European Space Agency has confirmed it's investigating a cybersecurity incident after reports that hackers access data from servers linked to the agency. With more on that story, here's Maria Vermazes, host of the T Minus Space Daily podcast.

A

Now, it's not the best way to kick off an intelligence briefing for a new year, but we are hoping that the story of a cybersecurity breach at a space agency will be a bit of a motivator to start 2026 with the right security procedures in place. That's because the European Space Agency has confirmed that some of its systems have been breached after a hacker offered to sell data allegedly stolen from the organization. Although it is unclear at this stage which data has been compromised, it's understood that the attack has not impacted any classified or highly sensitive mission systems. Threat actors have claimed a total of 200 gigabytes of data has been compromised. On December 30, 2025, ESA shared on X the following statement about this breach ESA is aware of a recent cybersecurity issue involving servers located outside the ESA corporate network. We have initiated a forensic security analysis currently in progress and implemented measures to secure any potentially affected devices. Our analysis so far indicates that only a very small number of external servers may have been impacted. These servers support unclassified collaborative engineering activities within the scientific community. All relevant stakeholders have been informed and we will provide further updates as soon as additional information becomes available. Reports have suggested that the attackers had systems accessed for potentially up to a week, possibly mapping continuous integration, continuous deployment pipelines and uncovering hard coded credentials. This could leave the potential, at least for adversaries to better understand ESA's infrastructure to identify potential vulnerabilities and even execute further supply chain attacks in the future. Here is hoping that the damage is contained and that this is the extent of the breach.

B

That's Maria Vermazes. Be sure to check out T minus wherever you get your podcasts. In an op ed for Cyberscoop, former lawmakers and cyber policy leaders warn that U.S. cyber defenses are slipping as adversaries accelerate offensive operations. Former Congressman Jim Langevin and Mark Montgomery, retired rear admiral and former executive director of the congressionally mandated Cyberspace Stellarium Commission, argue that China is persistently infiltrating US Government and critical infrastructure networks, while Russia, Iran and North Korea continue disruptive and preparatory cyber activity. Meanwhile, America's defensive posture is eroding. The authors draw on their experience with the Cyberspace Solarium Commission, which produced 116 recommendations in 2020 that temporarily strengthened U.S. cyber strategy. They say those gains are now fading due to leadership gaps, workforce shortages, weakened public private collaboration and lagging international coordination. They call for urgent action, including Senate confirmed leadership and stable funding for the Cybersecurity and Infrastructure Security Agency, expanded cyber workforce programs, restored information sharing mechanisms and renewed cyber diplomacy. Their message is blunt. Waiting for a cyber catastrophe is not an option. Coming up after the break Afternoon cybertease Ann Johnson speaks with Troy Hunt from have I Been Pwned? And a researcher swipes left on White Supremacy. What's your 2am Security worry? Is it do I have the right controls in place? Maybe are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. And it fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently, and finally get back to sleep. Get started at vanta.com cyber that's V-A-N-T A.com cyber. Microsoft's Ann Johnson is host of the afternoon cybertea podcast. And in this week's episode she's joined by Troy Hunt, founder of have I Been Pwned?

D

Security often fails not because of technology that is broken, but because the technology does not work for people. Breach data is really a story about us. It is about how attackers adapt and how people keep repeating the same mistakes.

C

As of the time of recording, we've got just over 17 billion breached records in this service. Nearly 7 billion unique email addresses. When someone gets breached, they usually get breached more than once. Time on the Internet increases risk, increases likelihood of exposure. I find that really that the biggest blocker for organisations disclosing is that their number one priority is not to their customers. Despite what the disclosure, emails often say. Their number one priority and is probably not surprising is to shareholders. And what that means is protecting organizational value, making sure that the share price doesn't take a hit, that investors don't lose confidence. And that's this conundrum that people are referring to as data breach fatigue, where we're getting so many of these notices that was sort of like, oh well, you know, it happened again. But maybe what it's doing as well is changing our behaviours or necessitating that we change our behaviors and we stop sort of treating each individual incident as some major thing and we structure ourselves such that we expect breach and we're resilient to breach. I have a benpone cyber security guy and I got phished earlier this year, like proper successfully phished. I was jet lagged and I had this email allegedly from mailchimp about my account being locked because of spam compliance and that seemed very feasible. And I followed the link and my password manager didn't autocomplete my strong unique password, so I copied and pasted it. I had two factor turned on and it requested the six digit token which I copied and pasted from my code generator into the phishing site and about 5 seconds later my brain went, hang on a second, you know this isn't right. So I demonstrated these human weaknesses that social engineering and scams and attackers take advantage of. One of them was fear. Losing access to my mailing list, it caught me in a moment of weakness. People have moments of weakness, you know, they're tired, they're rushed, they're concerned about losing something. The great thing about transparency is that it's, it's almost like a self evident proof. Open transparency can very quickly disprove, in this case, fraudulent claims.

D

In the same vein, do you think that we're moving toward more transparency More disclosure, openness, or will organizations try to minimize what they share? Unless it's mandated or regulated?

C

Yeah, and unfortunately, I think that's what it is. One of the things that a lot of people don't understand is around what are the obligations, the regulatory obligations of organisations for disclosure? For things like disclosure, the regulatory obligations are usually around reporting to the regulator. So you might have to, if you're in the uk, for example, report to the Information Commissioner's office and you have to report to them within 72 hours. But then you get to self assess around the necessity report to individuals. And GDPR uses terms like jeopardising the rights and freedoms of individuals. In Australia we have what we call the notifiable data breach scheme. And if the breach is likely to cause serious harm to the individuals, you need to disclose to them. But outside of that, and outside of particular specific classes of data, such as medical data or other financial data or other sensitive classes, you just don't need to disclose. And people, when the penny drops, they're outraged. They're like, how on earth do we not have to hear about this? So what will often happen for me is someone will send me data. And while we're doing this podcast, I saw one pop up where someone said, look, this organisation has had a data breach. And also here's a link to them denying it. And the link is to a tweet which basically just says fake news. I'll have a look at that data and I'll be able to verify it. And if it's legitimate, I'll get in touch with that organisation and say, look, I think you should look at this more closely. It's not consistent with what you've said online. And the advice I'll normally then give is, look, the truth is in the data. We will get to the bottom of the truth, and particularly if it's in public circulation, you cannot escape that truth. Now, this is your opportunity to have some control over the narrative. You can either analyse this, come up with reasonable conclusions, make statements about it and deal with it appropriately, or everyone will draw their own conclusions and they have the data. They will be able to draw accurate conclusions, in some cases, inaccurate conclusions in others. But unless you control the narrative, you have no ability to control what people say about it.

B

Be sure to check out the complete episode of Afternoon Cybertea. You can find that on the Cyberwire website or wherever are you. You get your favorite podcasts. Welcome to our ugly home. Reddit is back for a historically hideous season. It's our 100th ugly house. This place is mayhem. That is impressive. And if these walls could talk do you cry a lot?

C

I do.

B

They'd have a lot to say. What in God's name is this pit?

C

Don't get too close if you've seen the show.

B

I'm scared of that. Ugliest House in America Season premiere Wednesday at 8 on HGTV. And finally the lights dimmed at the Chaos Communication Congress and onto the stage walked one Martha Root, dressed as a pink Power Ranger, carrying a story about ideology, automation, and deeply neglected WordPress security. Over the next hour, Root calmly narrated how she infiltrated White Date, a white supremacist dating site and two related platforms, quietly harvesting more than 8,000 user profiles while the site's operators remained blissfully unaware. She described unleashing a custom AI chatbot to flirt, chat and socially engineer at scale, efficiently collecting photos, bios, messages and metadata, some complete with GPS coordinates. Then came the punchline. Live on stage, Root deleted the site's infrastructure, turning extremist matchmaking into a 404 error. A satirical preview of the leak now lives on Okstupid lol. With the full archive preserved by distributed denial of secrets, the lesson landed gently but firmly. Even self proclaimed master races still need better patch management. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast. Appreciate Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilby is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.

C

Sam.