Target employees say leaked source code is real.

Announcement

An insider’s look at tech media.

We’re excited to welcome Inside the Media Minds to the N2K CyberWire network. The podcast from W2 Communications takes listeners inside the technology media landscape through honest conversations with the journalists shaping today’s narratives. The latest episode features a conversation with Roberto Torres of CIO Dive and is available now. Listen to Inside the Media Minds.

New episodes of SpyCast now available.

New episodes of SpyCast, the official podcast of the International Spy Museum, are now available on the N2K CyberWire network, bringing listeners back inside the shadowy world of international espionage. The latest episode features Brian Carbaugh, who reflects on leading the CIA’s Special Activities Center during some of the most consequential years in modern espionage. Listen and subscribe now.

Summary

By the CyberWire staff

Target employees say leaked source code is real.

Multiple current and former Target employees have confirmed the legitimacy of stolen source code being offered for sale by criminal threat actors, BleepingComputer reports. The employees recognized internal platform names, proprietary project identifiers, and elements of Target’s technology stack, including its customized CI/CD tooling.

Shortly after BleepingComputer contacted Target about the alleged leak, the company sent an internal memo to employees notifying them of a rapid security change that restricted access to its internal Git server to corporate networks or VPN only.

The source of the leak is unclear, but researchers at Hudson Rock say they identified a Target employee's workstation that was infected with infostealer malware in late September 2025. This workstation had "extensive access to internal services," including IAM, Confluence, wiki, and Jira. Hudson Rock told BleepingComputer, "It's especially relevant because, despite tens of infected Target employees we've seen, almost none had IAM credentials and none had wiki access, except for one other case."

Meter: the end-to-end, secure enterprise network

Fragmented networks create security blind spots that are hard to patch. Meter takes a different approach, with an integrated enterprise networking architecture designed for security at the core, the edge, and everywhere in between. Learn how Meter protects every site by default at meter.com/security.

CISA warns of actively exploited Gogs zero-day.

The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal agencies to lock down or stop using the self-hosted Git service Gogs, due to an unpatched high-severity flaw that was disclosed in December, the Register reports. The flaw, tracked as CVE-2025-8110, is a "path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution."

The vulnerability was discovered by researchers at Wiz, who identified more than 700 compromised Gogs instances exposed to the Internet. Attackers have been exploiting the flaw since at least July 2025, and a patch has not been released. CISA has ordered Federal civilian agencies to apply mitigations or discontinue use of Gogs by February 2nd.

Experience the Power of Community at RSAC 2026 Conference

RSAC™ 2026 Conference returns to San Francisco March 23–26, bringing together the global cybersecurity community for four days of expert insights, hands-on learning, and breakthrough innovation. Join thousands of practitioners, executives, and innovators as they tackle today’s toughest challenges and explore solutions shaping tomorrow. From cutting-edge ideas to immersive programs and vibrant networking, this is where meaningful progress happens. Register today and be part of the conversations driving cybersecurity forward.

Researchers identify large-scale Magecart operation.

Silent Push has published a report on a new Magecart credit card skimming campaign, which has been running since the beginning of 2022. The campaign uses malicious JavaScript to skim information from checkout pages tied to major payment networks, including American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay. The researchers note, "Enterprise organizations that are clients of these payment providers are the most likely to be impacted."

Notes.

Today's issue includes events affecting , and the United States.

Attacks, Threats, and Vulnerabilities

Silent Push Uncovers New Magecart Network: Disrupting Online Shoppers Worldwide (Silent Push) Silent Push Preemptive Cyber Defense Analysts recently uncovered an extensive network of domains associated with a long-term, ongoing web-skimmer campaign, known under the umbrella name: “Magecart.”

Technologies, Techniques, and Standards

NIST Calls for Public to Help Better Secure AI Agents (GovInfoSecurity) The National Institute of Standards and Technology is seeking public input from security experts and stakeholders to weigh in on security threats from agentic AI

Litigation, Investigation, and Law Enforcement

Sweden detains ex-military IT consultant suspected of spying for Russia (The Record) A 33-year-old former IT consultant for Sweden’s Armed Forces has been detained on suspicions of spying for Russian intelligence, Swedish prosecutors said.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

SpaceCom | Space Congress: The Global Conference & Expo for the Commercial Space Industry (Orlando, Florida, USA, Jan 28 - 30, 2026) SpaceCom | Space Congress is where the business of space gets done. As the flagship event of Commercial Space Week—co-located with the Space Mobility Conference and the GSA Spaceport Summit—this event unites aerospace, defense, and commercial leaders for three days of deal-making, partnership building, and technology discovery on the expo floor, in the conference program, and through curated networking that drives real results.

HIP Europe 26 (Frankfurt, Germany, Feb 10, 2026) Get ready to elevate your identity security skills at HIP Europe — your gateway to becoming a Hybrid Identity Protection (HIP) Hero. With the departure of original Active Directory experts and the rise of identity as the primary attack surface, the need for identity threat detection and response (ITDR) talent has never been greater. This event is the perfect opportunity to enhance your (or your team's) ITDR strategy and strengthen your organization's operational resilience.

Wild West Hackin’ Fest @ Mile High 2026 (Denver, Colorado, USA, Feb 11 - 13, 2026) More than just a conference, Wild West Hackin’ Fest (WWHF) is committed to offering high quality information security education to beginners and seasoned professionals alike. With reasonably priced training, conferences, hands-on labs, and workshops, WWHF lowers the barrier to entry for those seeking to enter into the world of information security. WWHF also offers a venue for those already established in the industry to share ideas, give back, and continue learning.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 01.13.26

An insider’s look at tech media.

New episodes of SpyCast now available.

Top stories.

Target employees say leaked source code is real.

CISA warns of actively exploited Gogs zero-day.

Researchers identify large-scale Magecart operation.

Notes.

Attacks, Threats, and Vulnerabilities

Technologies, Techniques, and Standards

Litigation, Investigation, and Law Enforcement

Events