Category: Uncategorized

Venezuelan President Nicolás Maduro and his wife Cilia Flores have been placed in custody at a New York detention centre after he was captured during US strikes on Caracas.

Footage shows a handcuffed Maduro emerging from a plane after it landed at Stewart Air National Guard Base in New York state on Saturday evening.

He was then taken to the offices of the US Drug Enforcement Administration (DEA). The White House shared a video of him at the office on social media, with the caption: “Perp walked.”

He was later taken into a helicopter at a New York heliport, which is believed to have transported him and Flores to the Metropolitan Detention Center, a federal facility in Brooklyn where they are being held.

Dec 19, 2025Ravie LakshmananCybersecurity / Cloud Security

A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims’ Microsoft 365 credentials and conduct account takeover attacks.

The activity, ongoing since September 2025, is being tracked by Proofpoint under the moniker UNK_AcademicFlare.

The attacks involve using compromised email addresses belonging to government and military organizations to strike entities within government, think tanks, higher education, and transportation sectors in the U.S. and Europe.

“Typically, these compromised email addresses are used to conduct benign outreach and rapport building related to the targets’ area of expertise to ultimately arrange a fictitious meeting or interview,” the enterprise security company said.

As part of these efforts, the adversary claims to share a link to a document that includes questions or topics for the email recipient to review before the meeting. The URL points to a Cloudflare Worker URL that mimics the compromised sender’s Microsoft OneDrive account and instructs the victim to copy the provided code and click “Next” to access the supposed document.

However, doing so redirects the user to the legitimate Microsoft device code login URL, where, once the previously provided code is entered, it causes the service to generate an access token that can then be recovered by the three actors to take control of the victim account.

Device code phishing was documented in detail by both Microsoft and Volexity in February 2025, attributing the use of the attack method to Russia-aligned clusters such as Storm-2372, APT29, UTA0304, and UTA0307. Over the past couple of months, Amazon Threat Intelligence and Volexity have warned of continued attacks mounted by Russian threat actors that abuse the device code authentication flow.

Proofpoint said UNK_AcademicFlare is likely a Russia-aligned threat actor given its targeting of Russia-focused specialists at multiple think tanks and Ukrainian government and energy sector organizations.

Data from the company shows that multiple threat actors, both state-aligned and financially-motivated, have latched onto the phishing tactic to deceive users into giving them access to Microsoft 365 accounts. This includes an e-crime group named TA2723 that has used salary-related lures in phishing emails to direct users to fake landing pages and trigger device code authorization.

The October 2025 campaign is assessed to have been fueled by the ready availability of crimeware offerings like the Graphish phishing kit and red-team tools such as SquarePhish.

“Similar to SquarePhish, the [Graphish] tool is designed to be user-friendly and does not require advanced technical expertise, lowering the barrier for entry and enabling even low-skilled threat actors to conduct sophisticated phishing campaigns,” Proofpoint said. “The ultimate objective is unauthorized access to sensitive personal or organizational data, which can be exploited for credential theft, account takeover, and further compromise.”

To counter the risk posed by device code phishing, the best option is to create a Conditional Access policy using the Authentication Flows condition to block device code flow for all users. If that’s not feasible, it’s advised to use a policy that uses an allow-list approach to allow device code authentication for approved users, operating systems, or IP ranges.

The composer of the musical Wicked has said he will not appear at the Kennedy Center after its board voted to include US President Donald Trump’s name in the name of the venue.

Stephen Schwartz said in a statement that appearing at the centre “has now become an ideological statement”, adding: “As long as that remains the case, I will not appear there.”

But Richard Grenell, the center’s president, wrote on X that the reports of him pulling out of a gala in May were “totally bogus” and that he had never been signed to attend.

The Oscar and Grammy-award winning composer is the latest artist to say they will no longer appear at the national cultural institution over the recent changes.

Schwartz told the BBC that at the end of 2024 he was asked by the artistic director of the Washington National Opera to participate in the May event with them.

He said that he had agreed, but that he had received little communication since last February and assumed it was no longer taking place.

The composer explained that, on Thursday, he was contacted by a reporter saying that the gala was announced on the Kennedy Center schedule and asking if he would be participating.

He had been listed on the centre’s website as appearing in the gala, but this was removed from the website on Friday afternoon, according to CNN.

“The Kennedy Center was founded to be an apolitical home for free artistic expression for artists of all nationalities and ideologies,” Schwartz, 77, said.

“It is no longer apolitical, and appearing there has now become an ideological statement. As long as that remains the case, I will not appear there.”

But Mr Grennell hit back: “The Stephen Schwartz reports are totally bogus. Shame on the woke high school reporters repeating it.

“He was never signed and I’ve never had a single conversation on him since arriving.

“He himself said last February he hadn’t heard anything on it.”

Two musical acts cancelled their appearances at the centre earlier this week.

The Cookers, a veteran jazz band, said they cancelled two New Year’s Eve shows. The group did not mention Trump or the Kennedy Center in a statement, but said the decision had “come together very quickly”.

Another group, Doug Varone and Dancers, said they would not perform two shows in April because of the name change, adding: “We can no longer permit ourselves nor ask our audiences to step inside this once great institution.”

Mr Grenell called the cancellations “a form of derangement syndrome”.

Prior to them, jazz percussionist Chuck Redd called off a Christmas Eve gig he had hosted annually since 2006 at the centre over the name change.

Mr Grenell called it a “political stunt” and threatened to seek $1m (£740,000) in damages.

The Kennedy Center’s board, which Trump filled with allies, voted to rename the institution the Donald J Trump and the John F Kennedy Memorial Center for the Performing Arts in December. New signage appeared on the building’s exterior the following day.

Some US lawmakers and legal scholars have argued that, because the centre was named in a 1964 law, Congress must have a say on any name change.

Some members of President John F Kennedy’s family have denounced the move. The centre was named in Kennedy’s memory shortly after his assassination.

Joe Kennedy III, a former US House of Representatives member and grandnephew of the late president, said the venue was “a living memorial to a fallen president and named for President Kennedy by federal law”.

“It can no sooner be renamed than can someone rename the Lincoln Memorial, no matter what anyone says,” he added.