Cybersecurity Headlines – January 12, 2026

Host: Steve Prentiss
Featured stories: BreachForums leak, Instagram breach, UK government cyber law exemption, Microsoft Copilot policy change, NSA leadership update, CISA directive sunset, North Korea and Russian APT activity

Episode Overview

In this episode, Steve Prentiss reports on several major cybersecurity stories making waves at the start of 2026. The episode’s central focus is on emerging data breaches—including a notable leak of the BreachForums database and a panic-inducing Instagram data exposure—alongside legislative and administrative developments like the UK government’s exemption from its own flagship cyber law. Further coverage includes Microsoft’s policy experimentation, changes in NSA leadership, updates to CISA’s directive approach, and the latest APT campaign warnings from North Korean and Russian actors. The episode is rapid-fire, emphasizing practical implications and expert recommendations for each featured story.

Key Discussion Points and Insights

1. BreachForums Hacking Forum Database Leak

[00:06–01:48]

Over 300,000 user accounts from the notorious BreachForums hacking forum were exposed, revealing display names, registration dates, and many IP addresses.
- “Roughly 70,000 records include public IPs, posing security risks for its users and of potential value to law enforcement or researchers.” (Steve Prentiss, 00:23)
The leak also included a PGP private key for forum admins (still passphrase protected).
Forum admin claims the leak is from an old backup, not a fresh breach.
The release is indirectly tied to the “Shiny Hunters” name, but their rep denies involvement.

2. Instagram Data Breach and Password Reset Frenzy

[01:49–03:04]

Malwarebytes Labs reports a breach affecting 17.5 million Instagram users—usernames, physical/phone/email addresses exposed.
Data was sold on a cybercrime forum; not all data was native to Instagram (some came from external marketing lists).
Panic ensued as users received a wave of password reset emails.
Serious concern: “Online identities [could be] linked to physical addresses, thus magnifying the personal danger.” (Steve Prentiss, 02:19)
Strong advice for users: update passwords and enable 2FA—but only through direct logins, not email links.
Meta (Instagram’s parent company) has not released a statement as of the recording.

3. UK Government Exempts Itself from Its Own Cyber Law

[03:05–04:00]

The UK’s new Cyber Security and Resilience Bill aims to modernize protections for critical infrastructure—but intentionally excludes central and local government bodies from compliance.
This has prompted “criticism even as public sector cyber attacks rise.” (Steve Prentiss, 03:19)
Government asserts they’ll meet equivalent standards through an existing Cyber Action Plan, but critics remain skeptical about the lack of legal accountability.
Debate continues over potential future legislation to fill the gap.

4. Microsoft Copilot – Potential for IT Admin Control

[04:01–04:36]

Microsoft is testing a policy that allows IT admins to uninstall Copilot on managed devices, a feature long requested by enterprise users.
The removal policy will apply where both Microsoft 365 Copilot and Microsoft Copilot are installed, and the app was not installed by the user.

5. NSA Cyber Directorate’s New Leadership

[04:45–05:39]

David Imbordino is now acting head of NSA’s Cybersecurity Directorate, with Holly Barudi as deputy chief.
Tim Kosiba appointed Deputy Director of the NSA; William J. Hartman remains the acting director.

6. CISA Retires Ten Emergency Directives

[05:40–06:21]

CISA sunsets 10 directives from 2019–2024, citing redundancy due to the Known Exploited Vulnerabilities Catalog.
Six of these directives related to Microsoft, others to VMware, F5, and Cisco.
This move is credited to CISA’s operational collaboration successes.

7. APT Campaign Warnings

A. North Korea’s KimSuky Group: Quishing Escalates
[06:22–06:56]

FBI warns of “quishing”—spear phishing emails containing malicious QR codes.
Targets: governments, think tanks, academic institutions.
QR codes help attackers evade URL inspection, MFA, and sandboxing.

B. Russian APT28 (GRU) Expands Credential Theft
[06:57–07:33]

New campaign targets Turkish energy and nuclear researchers, European think tank staff, and organizations in North Macedonia and Uzbekistan.
Tactic: redirect users to legitimate sites post-credential theft, helping avoid detection.

Notable Quotes & Memorable Moments

“Although most of the leaked IPs map to local loopback addresses, roughly 70,000 records include public IPs, posing security risks for its users and of potential value to law enforcement or researchers.” (Steve Prentiss, 00:23)
“The breached archive also included a PGP private key used by Breach Forums administrators, though it remains passphrase protected.” (Steve Prentiss, 00:39)
“This together allowed online identities to be linked to physical addresses, thus magnifying the personal danger.” (Steve Prentiss, 02:19)
“Experts recommend that Instagram users update their passwords and add 2fa to their accounts, but to do so directly, of course, and not by clicking through a warning email, which itself might be spam.” (Steve Prentiss, 02:46)
“Opponents in Parliament argue that excluding government weakens accountability and creates a double standard.” (Steve Prentiss, 03:37)
“Their goal is to trick victims into visiting fake websites or downloading malware.” (Steve Prentiss, 06:48)
“Unsuspecting users are redirected to legitimate sites after the credentials are entered on the bogus landing pages, thereby avoiding any red flags.” (Steve Prentiss, 07:18)

Timestamps for Important Segments

BreachForums Database Leak: 00:06–01:48
Instagram Data Breach: 01:49–03:04
UK Cyber Law Exemption: 03:05–04:00
Microsoft Copilot Admin Policy: 04:01–04:36
NSA Leadership Update: 04:45–05:39
CISA Retires Directives: 05:40–06:21
North Korean Quishing: 06:22–06:56
Russian Credential Theft: 06:57–07:33

Episode Tone

The episode is brisk, news-driven, and authoritative, keeping technical details accessible for an audience of security professionals and informed non-experts. Steve Prentiss’s delivery is clear, calm, and practical, emphasizing key takeaways, concrete advice for affected users, and surfacing underlying policy controversies for industry debate.

For full stories and deeper details, listeners are directed to CISOseries.com.

Cybersecurity Headlines – January 12, 2026

Episode Overview

Key Discussion Points and Insights

1. BreachForums Hacking Forum Database Leak

[00:06–01:48]

Over 300,000 user accounts from the notorious BreachForums hacking forum were exposed, revealing display names, registration dates, and many IP addresses.
- “Roughly 70,000 records include public IPs, posing security risks for its users and of potential value to law enforcement or researchers.” (Steve Prentiss, 00:23)
The leak also included a PGP private key for forum admins (still passphrase protected).
Forum admin claims the leak is from an old backup, not a fresh breach.
The release is indirectly tied to the “Shiny Hunters” name, but their rep denies involvement.

2. Instagram Data Breach and Password Reset Frenzy

[01:49–03:04]

Malwarebytes Labs reports a breach affecting 17.5 million Instagram users—usernames, physical/phone/email addresses exposed.
Data was sold on a cybercrime forum; not all data was native to Instagram (some came from external marketing lists).
Panic ensued as users received a wave of password reset emails.
Serious concern: “Online identities [could be] linked to physical addresses, thus magnifying the personal danger.” (Steve Prentiss, 02:19)
Strong advice for users: update passwords and enable 2FA—but only through direct logins, not email links.
Meta (Instagram’s parent company) has not released a statement as of the recording.

3. UK Government Exempts Itself from Its Own Cyber Law

[03:05–04:00]

The UK’s new Cyber Security and Resilience Bill aims to modernize protections for critical infrastructure—but intentionally excludes central and local government bodies from compliance.
This has prompted “criticism even as public sector cyber attacks rise.” (Steve Prentiss, 03:19)
Government asserts they’ll meet equivalent standards through an existing Cyber Action Plan, but critics remain skeptical about the lack of legal accountability.
Debate continues over potential future legislation to fill the gap.

4. Microsoft Copilot – Potential for IT Admin Control

[04:01–04:36]

Microsoft is testing a policy that allows IT admins to uninstall Copilot on managed devices, a feature long requested by enterprise users.
The removal policy will apply where both Microsoft 365 Copilot and Microsoft Copilot are installed, and the app was not installed by the user.

5. NSA Cyber Directorate’s New Leadership

[04:45–05:39]

David Imbordino is now acting head of NSA’s Cybersecurity Directorate, with Holly Barudi as deputy chief.
Tim Kosiba appointed Deputy Director of the NSA; William J. Hartman remains the acting director.

6. CISA Retires Ten Emergency Directives

[05:40–06:21]

CISA sunsets 10 directives from 2019–2024, citing redundancy due to the Known Exploited Vulnerabilities Catalog.
Six of these directives related to Microsoft, others to VMware, F5, and Cisco.
This move is credited to CISA’s operational collaboration successes.

7. APT Campaign Warnings

A. North Korea’s KimSuky Group: Quishing Escalates
[06:22–06:56]

FBI warns of “quishing”—spear phishing emails containing malicious QR codes.
Targets: governments, think tanks, academic institutions.
QR codes help attackers evade URL inspection, MFA, and sandboxing.

B. Russian APT28 (GRU) Expands Credential Theft
[06:57–07:33]

New campaign targets Turkish energy and nuclear researchers, European think tank staff, and organizations in North Macedonia and Uzbekistan.
Tactic: redirect users to legitimate sites post-credential theft, helping avoid detection.

Notable Quotes & Memorable Moments

“Although most of the leaked IPs map to local loopback addresses, roughly 70,000 records include public IPs, posing security risks for its users and of potential value to law enforcement or researchers.” (Steve Prentiss, 00:23)
“The breached archive also included a PGP private key used by Breach Forums administrators, though it remains passphrase protected.” (Steve Prentiss, 00:39)
“This together allowed online identities to be linked to physical addresses, thus magnifying the personal danger.” (Steve Prentiss, 02:19)
“Experts recommend that Instagram users update their passwords and add 2fa to their accounts, but to do so directly, of course, and not by clicking through a warning email, which itself might be spam.” (Steve Prentiss, 02:46)
“Opponents in Parliament argue that excluding government weakens accountability and creates a double standard.” (Steve Prentiss, 03:37)
“Their goal is to trick victims into visiting fake websites or downloading malware.” (Steve Prentiss, 06:48)
“Unsuspecting users are redirected to legitimate sites after the credentials are entered on the bogus landing pages, thereby avoiding any red flags.” (Steve Prentiss, 07:18)

Timestamps for Important Segments

BreachForums Database Leak: 00:06–01:48
Instagram Data Breach: 01:49–03:04
UK Cyber Law Exemption: 03:05–04:00
Microsoft Copilot Admin Policy: 04:01–04:36
NSA Leadership Update: 04:45–05:39
CISA Retires Directives: 05:40–06:21
North Korean Quishing: 06:22–06:56
Russian Credential Theft: 06:57–07:33

Episode Tone

For full stories and deeper details, listeners are directed to CISOseries.com.

wavePod

BreachForums database leaked, Instagram breach worries, UK government exempts self

Powered by Wave AI

Summary

Cybersecurity Headlines – January 12, 2026

Episode Overview

Key Discussion Points and Insights

1. BreachForums Hacking Forum Database Leak

2. Instagram Data Breach and Password Reset Frenzy

3. UK Government Exempts Itself from Its Own Cyber Law

4. Microsoft Copilot – Potential for IT Admin Control

5. NSA Cyber Directorate’s New Leadership

6. CISA Retires Ten Emergency Directives

7. APT Campaign Warnings

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Episode Tone

Summary

Cybersecurity Headlines – January 12, 2026

Episode Overview

Key Discussion Points and Insights

1. BreachForums Hacking Forum Database Leak

2. Instagram Data Breach and Password Reset Frenzy

3. UK Government Exempts Itself from Its Own Cyber Law

4. Microsoft Copilot – Potential for IT Admin Control

5. NSA Cyber Directorate’s New Leadership

6. CISA Retires Ten Emergency Directives

7. APT Campaign Warnings

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Episode Tone