Top stories.
- Maduro capture demonstrated US cybercapabilities.
- Poland says it thwarted suspected Russian cyberattack against energy infrastructure.
- APT28 targets the energy research sector.
- CISA warns of actively exploited Gogs zero-day.
- Patch Tuesday notes.
Maduro capture demonstrated US cybercapabilities.
The New York Times reports that the United States used cyberattacks to cut power across Caracas and disrupt Venezuelan radar during a January 3rd operation to capture Venezuelan President Nicolás Maduro, who faces drug trafficking charges in the US. Anonymous US officials who were briefed on the operation told the Times that the operation included the ability to quickly restore electricity and limit collateral damage. Most hospitals in Venezuela also have backup generators due to frequent blackouts, and no fatalities were reported as a result of the power cut.
Details of the operation are sparse, but the Times notes that the incident "was one of the most public displays of offensive U.S. cybercapabilities in recent years" and "showed that at least with a country like Venezuela, whose military does not have sophisticated defenses against cyberattacks, the United States could use cyberweapons with powerful and precise effects."
Poland says it thwarted suspected Russian cyberattack against energy infrastructure.
Poland says it thwarted a serious cyberattack against its energy infrastructure in December 2025, the Record reports. Poland's Digital Affairs Minister Krzysztof Gawkowski told local media, "The scale of this attack, the vector of entry, and who was behind it indicate that it was a deliberate attempt to cut off power to Polish citizens. Everything points to Russian sabotage."
Notably, the attack targeted multiple smaller power sources simultaneously, unlike previous attacks that targeted central power plants or transmission networks. Gawkowski stated, "We have not seen this type of attack before, but we should expect it to happen again."
APT28 targets the energy research sector.
Recorded Future has published a report on several credential-harvesting campaigns by APT28 (also known as "Fancy Bear"), a threat actor attributed to Russia's GRU, SecurityWeek reports. The operations targeted "individuals linked to a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North Macedonia and Uzbekistan." The researchers note that the targets "reflect a continued interest in organizations connected to energy research, defense cooperation, and government communication networks relevant to Russian intelligence priorities."
The phishing pages impersonated several webmail and VPN services, including Outlook, Google, and Sophos VPN portals.
CISA warns of actively exploited Gogs zero-day.
The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal agencies to lock down or stop using the self-hosted Git service Gogs, due to an unpatched high-severity flaw that was disclosed in December, the Register reports. The flaw, tracked as CVE-2025-8110, is a "path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution."
The vulnerability was discovered by researchers at Wiz, who identified more than 700 compromised Gogs instances exposed to the Internet. Attackers have been exploiting the flaw since at least July 2025, and a patch has not been released. CISA has ordered Federal civilian agencies to apply mitigations or discontinue use of Gogs by February 2nd.
Patch Tuesday notes.
Microsoft on Tuesday issued patches for 114 vulnerabilities, including three zero-days, BleepingComputer reports. One of the zero-days is actively exploited, while two are publicly disclosed. The actively exploited vulnerability (CVE-2026-20805) is an information disclosure flaw in the Desktop Windows Manager. One of the publicly disclosed flaws (CVE-2023-31096) is a privilege escalation bug in Agere Soft Modem drivers, while the other (CVE-2026-21265) is a security feature bypass vulnerability related to expiring Secure Boot certificates.
Adobe released fixes for 25 vulnerabilities across multiple products, including a critical Apache Tika flaw in ColdFusion that could be exploited via XFA files inside PDF documents, SecurityWeek reports.
Fortinet patched six vulnerabilities in its products, including two critical flaws in FortiFone and FortiSIEM. Horizon3.ai published a report on the more severe of these bugs, a command injection flaw tracked as CVE-2025-64155.
