A city goes dark as cyber questions multiply.

Venezuela blames physical attacks for blackout as cyber questions swirl. Trump reverses a chip technology sale over national security issues, and removes sanctions linked to Predator spyware. Greek officials say an air traffic shutdown was not a cyberattack. The U.S. Army launches a new officer specialization in AI and machine learning. The Kimwolf botnet infects more than two million devices worldwide. ZoomStealer uses browser extensions to grab sensitive online meeting data. The European Space Agency confirms a cybersecurity incident. Former lawmakers and cyber policy leaders warn that U.S. cyber defenses are slipping. On today’s Afternoon Cyber Tea host Ann Johnson welcomes Troy Hunt, founder of Have I Been Pwned. A researcher swipes left on white supremacy.

Today is Monday January 5th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Venezuela blames physical attacks for blackout as cyber questions swirl.

The United States launched a coordinated military operation in Caracas that led to the capture of Venezuelan president Nicolás Maduro, accompanied by widespread power and internet outages. President Donald Trump suggested the blackout reflected U.S. “expertise,” while Joint Chiefs Chair John Daniel Caine said U.S. Cyber Command and Space Command helped “layer different effects” to enable the operation. Officials did not confirm whether cyberattacks were used.

Internet monitoring group NetBlocks recorded connectivity losses during the outage, noting any cyber role would likely have been targeted. Venezuela’s government claims the blackout resulted from physical attacks on substations, not hacking.

The incident has renewed attention on cyber-enabled warfare, especially given recent allegations by state oil firm PDVSA that the U.S. previously targeted its infrastructure. If confirmed, the Caracas outage would represent one of the most visible uses of U.S. cyber power in a military operation.

Trump reverses a chip technology sale over national security issues, and removes sanctions linked to Predator spyware. 

President Donald Trump ordered the reversal of a $2.9 million chip technology sale, citing U.S. security risks tied to foreign ownership. The deal, approved in 2024 under Joe Biden, transferred computer chip and wafer fabrication assets from Emcore Corp. to HieFo Corp. Trump said “credible evidence” shows HieFo’s owner is a citizen of the People’s Republic of China, and ordered divestment within 180 days. 

Elsewhere, the Treasury Department removed sanctions on three individuals linked to the Intellexa Consortium, reversing Biden-era designations tied to the Predator spyware operation. Those delisted include Merom Harpaz, Andrea Gambazzi, and Sara Hamou, all sanctioned in 2024 for roles supporting Intellexa’s opaque corporate structure. Treasury said the decision followed a reconsideration petition and concluded the individuals had sufficiently distanced themselves from the consortium.

The move marks a sharp shift from the Biden administration’s aggressive crackdown on spyware vendors. Digital rights groups warned the delisting risks undermining accountability, noting Predator was used to target dozens of U.S. officials and remains active globally despite signs of reduced use.

Greek officials say an air traffic shutdown was not a cyberattack. 

Greece temporarily shut its airspace after a major radio communications failure disrupted air traffic control systems nationwide. Transport Minister Christos Dimas said the incident, caused by noise across multiple communication channels, was unlikely to be a cyberattack, though investigations continue. Flights were grounded, delayed, or diverted for hours, stranding thousands of passengers. The Greek Civil Aviation Authority said backup systems were also affected. Authorities launched judicial and internal probes, while controllers renewed calls to modernize aging equipment.

The U.S. Army launches a new officer specialization in AI and machine learning. 

The U.S. Army is creating a new officer specialization in artificial intelligence and machine learning, designated 49B, set to begin in January. The move aims to build a data-centric force by improving decision-making, intelligence, logistics, and robotic system integration. Officers with relevant backgrounds are encouraged to apply and will receive advanced, master’s-level training through 2026. The initiative follows the Pentagon’s launch of GenAI.mil, an AI system based on Google’s Gemini model, amid broader government efforts to accelerate AI adoption in defense.

The Kimwolf botnet infects more than two million devices worldwide. 

Krebs on Security highlights a rapidly growing botnet called Kimwolf that has infected more than two million devices worldwide, exposing a major blind spot in home network security. According to researchers at Synthient, Kimwolf spreads by abusing residential proxy services to tunnel through firewalls and compromise devices assumed to be protected behind home routers. The botnet primarily infects unofficial Android TV boxes and digital photo frames, many of which ship with malware preinstalled or with insecure features like Android Debug Bridge enabled by default.

Synthient traced much of Kimwolf’s growth to vulnerabilities in the residential proxy network IPIDEA, which attackers used to access internal local networks and deploy malware at scale. While IPIDEA says it has since patched the flaws, researchers warn the campaign highlights how proxy networks and insecure consumer devices can enable large-scale abuse, including DDoS attacks, fraud, and deep intrusion into private home networks.

ZoomStealer uses browser extensions to grab sensitive online meeting data. 

Researchers have uncovered a large-scale browser extension campaign dubbed Zoom Stealer that has affected roughly 2.2 million users across Chrome, Firefox, and Microsoft Edge. According to Koi Security, 18 malicious but fully functional extensions collected sensitive online meeting data, including URLs, IDs, embedded passwords, participant details, and corporate metadata from platforms like Zoom, Microsoft Teams, and Google Meet.

Zoom Stealer is one of three related campaigns reaching more than 7.8 million users over seven years, attributed to a single threat actor tracked as DarkSpectre, believed to be China-linked. Researchers say the stolen data enables corporate espionage, sales intelligence, and highly convincing social engineering. Despite being reported, several extensions remain available, highlighting ongoing risks from overly permissive browser add-ons.

Former lawmakers and cyber policy leaders warn that U.S. cyber defenses are slipping. 

In an OpEd for CyberScoop, former lawmakers and cyber policy leaders warn that U.S. cyber defenses are slipping as adversaries accelerate offensive operations. Former congressman Jim Langevin and Mark Montgomery, retired rear admiral and former executive director of the congressionally mandated Cyberspace Solarium Commission, argue that China is persistently infiltrating U.S. government and critical infrastructure networks, while Russia, Iran, and North Korea continue disruptive and preparatory cyber activity. Meanwhile, America’s defensive posture is eroding.

The authors draw on their experience with the congressionally mandated Cyberspace Solarium Commission, which produced 116 recommendations in 2020 that temporarily strengthened U.S. cyber strategy. They say those gains are now fading due to leadership gaps, workforce shortages, weakened public-private collaboration, and lagging international coordination.

They call for urgent action, including Senate-confirmed leadership and stable funding for the Cybersecurity and Infrastructure Security Agency, expanded cyber workforce programs, restored information-sharing mechanisms, and renewed cyber diplomacy. Their message is blunt: waiting for a cyber catastrophe is not an option.

A researcher swipes left on white supremacy. 

The lights dimmed at the Chaos Communication Congress, and onto the stage walked one Martha Root, dressed as a pink Power Ranger, carrying a story about ideology, automation, and deeply neglected WordPress security. Over the next hour, Root calmly narrated how she infiltrated WhiteDate, a white supremacist dating site, and two related platforms, quietly harvesting more than 8,000 user profiles while the site’s operators remained blissfully unaware.

She described unleashing a custom AI chatbot to flirt, chat, and socially engineer at scale, efficiently collecting photos, bios, messages, and metadata, some complete with GPS coordinates. Then came the punchline. Live on stage, Root deleted the site’s infrastructure, turning extremist matchmaking into a 404 error.

A satirical preview of the leak now lives on okstupid.lol, with the full archive preserved by Distributed Denial of Secrets. The lesson landed gently but firmly. Even self-proclaimed “master races” still need better patch management.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

And that’s the CyberWire Daily, brought to you by N2K CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.