According to a recent report from The New York Times, a significant grid outage that occurred during a U.S. military operation in Venezuela on January 3 has been attributed to a cyberattack. Military sources indicated that cyber weapons were utilized to target the nation’s electricity infrastructure and disrupt radar systems.
Since the operation, there has been extensive speculation about whether the U.S. forces integrated both cyber and kinetic tactics to apprehend Venezuelan President Nicolás Maduro. This conjecture intensified following comments from former U.S. President Donald Trump, who suggested that the blackout was indicative of “certain expertise that we have.”
Experts have voiced skepticism regarding the operation’s cyber components. They referenced challenges faced by Russian forces in synchronizing cyberattacks with physical assaults in Ukraine, as well as the limited availability of advanced munitions specifically designed to disrupt power systems. Further details can be examined in the report titled Trump, the US and a Blackout: What Cut Off Venezuela’s Grid?.
However, citing unnamed sources who have been briefed on the situation, The Times noted that military officials believe the operation showcased a refined capability for precise cyberattacks. This includes a capacity to restore electrical grid operations promptly when needed.
Data Breach Exposes Identities of ICE and Border Patrol Personnel
The identities, email addresses, and phone numbers of thousands of employees from the U.S. Immigration and Customs Enforcement (ICE) and Customs and Border Patrol (CBP), including frontline agents, have allegedly been released on a publicly accessible website maintained by a group known as ICE List, which describes itself as an “accountability initiative.”
ICE List founder Dominick Skinner disclosed to The Daily Beast that the leaked data comprises about 1,800 active agents and around 150 supervisors. Agents involved in strict immigration enforcement measures during the Trump administration have employed various methods, such as wearing masks, to conceal their identities.
The scrutiny of U.S. immigration enforcement intensified after the January 7 fatal shooting of Minneapolis resident and U.S. citizen Renée Good by an ICE agent. Trump has indicated that he may invoke the Insurrection Act to deploy military forces to Minnesota in response to ongoing protests against ICE.
Data Compromise at BreachForums Exposes Nearly 324,000 Users
A major data leak has occurred at BreachForums, an English-speaking cybercriminal forum, where a hacker published a stolen database containing the usernames, email addresses, and IP addresses of approximately 323,986 users. The breach was made public by someone using the moniker “James,” who shared the information on shinyhunt.er, a site seemingly affiliated with the ShinyHunters cybercriminal organization.
CloudSEK, a cybersecurity firm, reported that the compromised data originated from a MySQL database, indicating that the forum utilized MyBB open-source software. Many records can be validated against other sources, but some have been modified or contain fictitious information, suggesting potential tampering.
Analysis indicates that a significant number of users are from the U.S., followed by Germany, with members identified from various countries, including France and China. The motives of the hacker, who attached a lengthy manifesto alongside the leaked data, remain unclear.
Researchers noted that this incident likely resulted from a backend compromise, possibly exploiting application vulnerabilities or configuration errors. BreachForums initially emerged in 2022 under the leadership of Conor Brian Fitzpatrick, currently incarcerated, and has faced various disruptions, including FBI interventions.
Endesa Reports Data Breach Affecting Customer Information
Spanish energy company Endesa has confirmed a breach that has compromised its commercial systems, leading to the exposure of customer data. A cybercriminal has claimed responsibility, alleging the theft of a large dataset containing sensitive personal information of over 20 million individuals.
According to Endesa, unauthorized access enabled the attacker to acquire personal data linked to energy contracts, including names, contact details, and potentially even banking information. The integrity of passwords and login credentials remains intact.
The company has not specified when the breach occurred or the total number of affected customers, raising concerns about the protection of sensitive consumer data.
Privacy Risks with Telegram’s Proxy Features
A new vulnerability in the Telegram mobile application may expose users’ real IP addresses through cleverly disguised proxy links. This issue, first identified in a Russian-language Telegram post, involves malicious t.me links masquerading as benign URLs, facilitating user tracking.
Attackers can create these harmful proxy servers, allowing them to log users’ real IP addresses when the links are activated. A demonstrated proof-of-concept highlighted that Telegram’s automated testing mechanism for these proxies bypasses configured VPNs, sending direct requests to the attackers’ servers.
While Telegram’s MTProto proxies offer ways to navigate censorship, the exploitation of this feature can pose significant risks, increasing the efficacy of data exfiltration attacks directed at users.
MuddyWater Group Upgrades Malware Arsenal
The Iran-linked cyberespionage group MuddyWater is reportedly refining its tactics with a newly developed Rust-based remote access Trojan (RAT) known as “RustyWater.” This malware is actively employed in spear-phishing campaigns targeting organizations in the Middle East.
Cybersecurity experts note that RustyWater represents a departure from the group’s previous reliance on script-heavy methods, instead favoring more flexible and stealthy modular components. Initial infection vectors include phishing emails with weaponized documents designed to manipulate victims into executing the payload.
The modular design of RustyWater allows for various post-compromise capabilities, which can be enhanced after access is gained. The group’s transition to using compiled malware indicates a growing trend among attackers to improve performance while complicating detection efforts for cybersecurity defenders.
This campaign, affecting a range of sectors from telecommunications to finance, underscores an evolving threat landscape that organizations must actively monitor and defend against.
Dutch Court Sentences Hacker in Cocaine Smuggling Case
A Dutch appeals court has handed a seven-year prison sentence to a 44-year-old man for infiltrating port-related computer systems to facilitate cocaine smuggling into the Netherlands. The court ruled that the hacking incident was a calculated effort to aid organized drug trafficking.
The Amsterdam Court of Appeal determined that the defendant accessed critical operational information, enabling drug shipments to pass through port processes undetected. Using a USB device, he chronicled various unlawful activities that provided a tactical advantage for the traffickers.
ServiceNow Addresses AI Agent Vulnerability
ServiceNow, a leading software provider, has addressed a critical vulnerability that allows unauthorized attackers to impersonate users and exploit AI-driven workflows in affected environments. The flaw, referred to as BodySnatcher and listed as CVE-2025-12420, poses significant risks to organizations utilizing ServiceNow’s Virtual Agent API and Now Assist.
AppOmni, the firm that revealed the vulnerability, indicated that attackers could leverage just a victim’s email address to execute privileged actions within the software, bypassing standard security features like single sign-on and multifactor authentication under specific configurations.
Organizations using affected versions of ServiceNow must take immediate action to mitigate this risk and ensure that their information systems remain secure.
Other Stories From This Week
Reporting by Information Security Media Group’s David Perera in Northern Virginia.
