Maduro capture demonstrated US cybercapabilities.

Summary

By the CyberWire staff

Maduro capture demonstrated US cybercapabilities.

The New York Times reports that the United States used cyberattacks to cut power across Caracas and disrupt Venezuelan radar during a January 3rd operation to capture Venezuelan President Nicolás Maduro, who faces drug trafficking charges in the US. Anonymous US officials who were briefed on the operation told the Times that the operation included the ability to quickly restore electricity and limit collateral damage. Most hospitals in Venezuela also have backup generators due to frequent blackouts, and no fatalities were reported as a result of the power cut.

Details of the operation are sparse, but the Times notes that the incident "was one of the most public displays of offensive U.S. cybercapabilities in recent years" and "showed that at least with a country like Venezuela, whose military does not have sophisticated defenses against cyberattacks, the United States could use cyberweapons with powerful and precise effects."

Meter: the end-to-end, secure enterprise network

Fragmented networks create security blind spots that are hard to patch. Meter takes a different approach, with an integrated enterprise networking architecture designed for security at the core, the edge, and everywhere in between. Learn how Meter protects every site by default at meter.com/security.

Suspected Chinese threat actor is using Venezuela-themed spearphishing lures.

Researchers at Acronis warn that the Chinese threat actor Mustang Panda is targeting US government entities with spearphishing emails that reference US policy regarding Venezuela. The emails contain ZIP archives designed to deliver a backdoor dubbed "LOTUSLITE." Acronis says the malware "is a custom C++ implant that communicates with a hard-coded IP-based command-and-control server and supports basic remote tasking and data exfiltration with a decent persistence technique indicating an espionage-focused capability set rather than financially motivated objectives."

Experience the Power of Community at RSAC 2026 Conference

RSAC™ 2026 Conference returns to San Francisco March 23–26, bringing together the global cybersecurity community for four days of expert insights, hands-on learning, and breakthrough innovation. Join thousands of practitioners, executives, and innovators as they tackle today’s toughest challenges and explore solutions shaping tomorrow. From cutting-edge ideas to immersive programs and vibrant networking, this is where meaningful progress happens. Register today and be part of the conversations driving cybersecurity forward.

Dutch police arrest alleged AVCheck operator.

Dutch police have arrested a 33-year-old man who allegedly ran the popular malware screening website AVCheck, HackRead reports. AVCheck enabled malware developers to check if their code would be detected by antivirus software, allowing them to refine the code until it would run undetected. The service was shuttered by law enforcement in May 2025.

The suspect, a Dutch resident, had been living in the United Arab Emirates following AVCheck's shutdown. He was arrested at Amsterdam's Schiphol Airport on Sunday.

Notes.

Today's issue includes events affecting China, the Netherlands, the United Arab Emirates, the United States, and Venezuela.

The CyberWire will be on hiatus this Monday for the US Federal holiday of Martin Luther King Jr. Day. We'll be back as usual on Tuesday.

Attacks, Threats, and Vulnerabilities

Cisco finally fixes AsyncOS zero-day exploited since November (BleepingComputer) Cisco finally patched a maximum-severity AsyncOS zero-day exploited in attacks targeting Secure Email Gateway (SEG) appliances since November 2025.

RondoDox botnet exploits critical HPE OneView bug (The Register) : Check Point observes 40K+ attack attempts in 4 hours, with government organizations under fire

TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals (Infosecurity Magazine) TamperedChef creates backdoors and steals user credentials – particularly in organizations reliant on technical equipment

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

SpaceCom | Space Congress: The Global Conference & Expo for the Commercial Space Industry (Orlando, Florida, USA, Jan 28 - 30, 2026) SpaceCom | Space Congress is where the business of space gets done. As the flagship event of Commercial Space Week—co-located with the Space Mobility Conference and the GSA Spaceport Summit—this event unites aerospace, defense, and commercial leaders for three days of deal-making, partnership building, and technology discovery on the expo floor, in the conference program, and through curated networking that drives real results.

HIP Europe 26 (Frankfurt, Germany, Feb 10, 2026) Get ready to elevate your identity security skills at HIP Europe — your gateway to becoming a Hybrid Identity Protection (HIP) Hero. With the departure of original Active Directory experts and the rise of identity as the primary attack surface, the need for identity threat detection and response (ITDR) talent has never been greater. This event is the perfect opportunity to enhance your (or your team's) ITDR strategy and strengthen your organization's operational resilience.

Wild West Hackin’ Fest @ Mile High 2026 (Denver, Colorado, USA, Feb 11 - 13, 2026) More than just a conference, Wild West Hackin’ Fest (WWHF) is committed to offering high quality information security education to beginners and seasoned professionals alike. With reasonably priced training, conferences, hands-on labs, and workshops, WWHF lowers the barrier to entry for those seeking to enter into the world of information security. WWHF also offers a venue for those already established in the industry to share ideas, give back, and continue learning.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 01.16.26

Top stories.

Maduro capture demonstrated US cybercapabilities.

Suspected Chinese threat actor is using Venezuela-themed spearphishing lures.

Dutch police arrest alleged AVCheck operator.

Notes.

Attacks, Threats, and Vulnerabilities

Events