Cybersecurity Roundup: Major Incidents and Emerging Threats
U.S. Military Cyberattack Linked to Venezuela Grid Outage
The New York Times reported that a January 3 cyberattack on Venezuela’s electricity grid coincided with a U.S. military operation, suggesting a coordinated cyber-kinetic strike. U.S. officials claim the attack demonstrated precision targeting, including the ability to restore grid operations at will. While President Trump hinted at U.S. involvement, experts note the challenges of synchronizing cyber and physical attacks, citing Russia’s struggles in Ukraine. The operation’s full scope remains under scrutiny.
ICE and Border Patrol Staff Data Exposed Online
A public website, ICE List, published the identities, work emails, and phone numbers of nearly 2,000 ICE and Customs and Border Patrol agents, including frontline personnel. Founder Dominick Skinner stated the dataset aims for "accountability," though agents have previously concealed identities during enforcement actions. The leak follows heightened scrutiny of ICE after the fatal shooting of a U.S. citizen by an agent on January 7, prompting protests and potential military deployment under the Insurrection Act.
BreachForums User Data Leaked in Massive Dump
A hacker released a database containing 323,986 BreachForums users’ usernames, emails, and IP addresses. The breach, attributed to a user named "James," appears to stem from a backend compromise rather than scraping. The dataset includes metadata from a MyBB forum installation, with users spanning the U.S., Germany, and other nations. The forum’s current administrator dismissed the leak as outdated, but cybersecurity firm Resecurity confirmed many records as authentic. BreachForums, previously seized by law enforcement, has faced repeated disruptions since 2022.
Endesa Customer Data Breach Exposes Millions
Spanish energy firm Endesa confirmed a breach of its commercial systems, potentially exposing personal and financial data of over 20 million customers. A threat actor claimed responsibility, alleging the theft of a 1TB database containing names, national IDs, contract details, and IBAN numbers. Endesa stated passwords and credentials were unaffected but did not disclose the breach’s timing or affected customer count.
Telegram Proxy Links Expose Users’ Real IP Addresses
A new privacy flaw in Telegram’s mobile app allows attackers to harvest users’ real IP addresses via malicious proxy links. The issue, demonstrated by researcher "0x6rss," exploits Telegram’s automated proxy testing, which bypasses VPNs to send direct requests to attacker-controlled servers. The vulnerability affects both Android and iOS, with proof-of-concept code published on GitHub.
MuddyWater Upgrades Toolkit with Rust-Based Malware
Iran-linked cyberespionage group MuddyWater is deploying "RustyWater," a Rust-based remote access Trojan, in spear-phishing campaigns targeting Middle Eastern organizations. The malware, delivered via weaponized Word documents, features modular capabilities, anti-analysis techniques, and registry-based persistence. CloudSEK researchers note the shift to Rust reflects a broader trend toward stealthier, compiled malware.
Dutch Hacker Jailed for Port Cyberattack Aiding Cocaine Smuggling
A Dutch appeals court sentenced a 44-year-old man to seven years in prison for hacking port systems to facilitate the smuggling of 210 kg of cocaine. The defendant used a USB device to breach systems, obtaining operational data to evade detection. The court ruled the attack was a deliberate act of organized crime support.
ServiceNow Patches Critical AI Agent Vulnerability
ServiceNow addressed CVE-2025-12420, a flaw allowing unauthenticated attackers to impersonate users and abuse AI-driven workflows. Dubbed "BodySnatcher," the vulnerability enables identity spoofing via a victim’s email, bypassing SSO and MFA in certain configurations. The issue affects on-premises deployments of specific components.
Source: https://www.bankinfosecurity.com/breach-roundup-software-update-caused-verizon-outage-a-30535
U.S. Army DEVCOM cybersecurity rating report: https://www.rankiteo.com/company/usarmydevcom
"id": "USA1768516767",
"linkid": "usarmydevcom",
"type": "Cyber Attack",
"date": "1/2026",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"{'affected_entities': [{'industry': 'Energy',
'location': 'Venezuela',
'name': "Venezuela's electricity grid",
'type': 'Critical infrastructure'}],
'attack_vector': 'Cyber weapons',
'date_detected': '2025-01-03',
'description': 'A grid outage timed to coincide with a Jan. 3 U.S. military '
'operation in Venezuela was a cyberattack. The military '
'deployed cyber weapons against the electricity grid and to '
'interfere with radar.',
'impact': {'operational_impact': 'Grid blackout, radar interference',
'systems_affected': 'Electricity grid, radar systems'},
'motivation': 'Military operation support',
'references': [{'source': 'The New York Times'}],
'response': {'recovery_measures': 'Ability to reinitiate grid operations when '
'convenient'},
'threat_actor': 'U.S. Military',
'title': "U.S. Military Cyberattack on Venezuela's Electricity Grid",
'type': 'Cyberattack'}