A long day without bars.

Verizon hit by a major wireless outage. Poland blocks an attack on its power grid. A massive database of French citizens exposed. Microsoft shuts down a cybercrime-as-a-service operation. The UK backs away from digital ID plans. California probes Grok deepfakes. The FTC settles with GM over location data. Palo Alto Networks patches a serious firewall flaw. Plus, John Serafini of HawkEye on modern signals intelligence, and federal agents seize devices from a Washington Post reporter.

Today is Thursday January 15th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Verizon suffers a widespread wireless outage. 

Verizon Communications Inc. said it restored full service late Wednesday after a widespread wireless outage across the United States that lasted most of the day. The company apologized and said it would issue account credits, but did not disclose the cause, adding earlier that there was no indication of a cyberattack. According to Downdetector, customers began reporting problems shortly before noon in New York, with complaints peaking at more than 177,000. The most affected cities included New York, Houston, Atlanta, Dallas, and Miami. Smaller numbers of issues were reported by AT&T and T-Mobile users, partly due to call-routing effects. The Federal Communications Commission said it was monitoring the outage, and FCC member Anna Gomez called for an investigation. Experts noted such disruptions are often linked to external factors, including third-party vendors or software deployment issues.

Poland thwarts an attack on its power grid. 

Poland said it stopped what officials described as the most serious cyberattack on its energy infrastructure in years, narrowly avoiding a nationwide power outage. The late December attack targeted communications between renewable energy sites, including wind and solar installations, and electricity distributors. Officials said the incident nearly caused a blackout and showed signs of coordinated sabotage, which they blamed on Russia. Ministers warned the tactic was new, could recur, and reflects rising threats to Polish infrastructure since Russia’s invasion of Ukraine.

Researchers uncover a massive database of French citizens. 

Security researchers at Cybernews uncovered a massive exposed database containing tens of millions of records on French citizens, likely compiled from at least five separate data breaches. The archive, found on an unsecured cloud server in France, included voter and demographic data, healthcare registry records, contact details, financial information with IBANs, and vehicle data. Researchers believe a cybercriminal or data broker merged the datasets to increase resale value. The database was taken down after notification, but posed significant privacy and fraud risks.

Microsoft takes down a lucrative cybercrime-as-a-service platform. 

Microsoft said it has disrupted RedVDS, a cybercrime-as-a-service platform linked to fraud campaigns that caused more than $40 million in losses in the US alone. In coordinated legal action with partners in the US and, for the first time, the UK, Microsoft seized RedVDS infrastructure on January 14. The service sold low-cost access to disposable virtual servers used for phishing and business email compromise scams, impacting nearly 190,000 organizations worldwide, mainly in the US, Canada, and the UK. Microsoft said attackers used generative AI, deepfake video, and voice cloning to create realistic scams. International law enforcement, including Europol, supported the takedown, and Microsoft urged victims to report incidents to help disrupt future cybercrime.

The UK drops plans to require digital IDs. 

The UK government has dropped plans to require workers to sign up for a new digital ID system to prove their right to work, following political backlash and falling public support. Instead, Labour ministers say existing right-to-work checks, using documents such as biometric passports, will be fully digitised by 2029. The reversal is the latest in a series of recent policy U-turns, drawing criticism from opposition parties and frustration within Labour’s own ranks. Ministers insist mandatory digital checks will still apply, arguing they reduce fraud and illegal working compared to paper systems. The government now says digital ID should be framed more broadly as a tool to access public services, though details of how the system will operate remain unclear.

California announces an investigation into Grok’s deepfakes. 

California Attorney General Rob Bonta announced an investigation into xAI over the alleged proliferation of nonconsensual sexually explicit images generated by its AI model, Grok. According to Bonta, Grok has been used at scale to create deepfake images that sexualize women and children without consent, often using publicly available photos and distributing the results online, including on X. Reports cite Grok’s explicit “spicy mode” as a contributing factor. Bonta said the material has been used for harassment and may include child sexual abuse content, raising serious legal concerns. The investigation will examine whether xAI violated state laws. Bonta emphasized California’s zero-tolerance stance and reiterated his broader efforts to hold AI companies accountable for protecting children and preventing AI-enabled abuse.

The FTC settles with GM over allegations of improper location data sharing. 

The U.S. Federal Trade Commission finalized a settlement with General Motors and its OnStar unit over allegations that they collected and sold drivers’ location and behavior data without consent. The FTC said millions of vehicles transmitted precise geolocation and driving data every few seconds via OnStar’s “Smart Driver” feature, which was marketed as a self-assessment tool. The data was sold to third parties, including insurers. The order bans certain data sharing for five years and requires explicit consent, greater transparency, and consumer controls for 20 years.

Palo Alto Networks patches a high-severity firewall vulnerability. 

Palo Alto Networks has patched a high-severity vulnerability, tracked as CVE-2026-0227, that could allow unauthenticated attackers to trigger denial-of-service attacks and force firewalls into maintenance mode. The flaw affects next-generation firewalls running PAN-OS 10.1 or later, as well as Prisma Access deployments with GlobalProtect enabled. The company said most cloud-based Prisma Access customers have already been upgraded, with remaining upgrades scheduled. While nearly 6,000 Palo Alto firewalls are visible online, there is no confirmation of active exploitation. Palo Alto Networks has released fixes for all affected versions and urges administrators to update promptly. The disclosure comes amid continued attention on Palo Alto firewalls, which have been repeatedly targeted in recent years by both zero-day and denial-of-service attacks.

Federal agents confiscate personal and work devices of a Washington Post reporter. 

Federal agents searched the home of Washington Post reporter Hannah Natanson this week, seizing her personal and work devices in a leak investigation that has alarmed press freedom advocates and security professionals alike. The FBI says Natanson is not a target, but the search was tied to a government contractor accused of improperly retaining classified materials and allegedly messaging the reporter. Such raids on journalists are exceptionally rare, and critics say they send a chilling message to reporters and sources. Beyond the constitutional concerns, the incident underscores a practical lesson for journalists and professionals everywhere: encrypt both personal and work devices, and assume sensitive data may one day face government scrutiny. With policy changes weakening long-standing protections for reporters’ records, digital security is no longer just best practice. It is a frontline defense for press independence. Advocacy groups warned the move risks deterring vital reporting and eroding trust between journalists and their sources.

 

When emails fail, try the CEOs password. 

For a year now, researchers have warned that hackers and old fashioned organized crime are teaming up to turn cyber flaws into stolen cargo, with the occasional truckload of vapes or missing lobsters as proof of concept. Enter Bluspark Global, a little known New York shipping tech firm whose software quietly helps move a sizable chunk of the world’s goods. Unfortunately, it also left the digital equivalent of the warehouse doors wide open.

Security researcher Eaton Zveare discovered that Bluspark’s platform exposed plaintext passwords, admin access, and decades of shipment data through an unauthenticated API. Reporting the flaws proved harder than finding them. After weeks of unanswered messages, attention finally followed when TechCrunch demonstrated the risk by emailing part of the CEO’s password.

Bluspark says the bugs are fixed and new security policies are coming. There is no evidence of misuse, according to the company, though the episode neatly illustrates how cybercrime sometimes thrives less on brilliance and more on silence.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.