Episode Overview

Date: January 16, 2026
Host: Steve Prentiss
Podcast: Cybersecurity Headlines (CISO Series)
Episode: "Easterly helms RSAC, Windows update problems, Police Copilot gaffe"

This episode delivers a rapid-fire rundown of key security news from around the globe, focusing on notable leadership changes, urgent software vulnerabilities, mishaps with AI in policing, industrial tech security warnings, ransomware incidents, and developing breach disclosures.

Key Discussion Points & Insights

1. Jen Easterly Appointed CEO of RSA Conference (RSAC)

[00:09–01:09]
Announcement: Jen Easterly, former CISA director and renowned cybersecurity leader, is now CEO of RSAC.
Responsibilities: She will direct RSAC’s international events, flagship San Francisco conference, Innovation Sandbox, educational programs, AI security, secure software initiatives, and global collaboration efforts.
Quote:
“Easterly is a leading cybersecurity expert, a highly decorated US Army veteran and the former director of CISA. As CEO, she will guide RSAC's global portfolio, including its annual flagship conference in San Francisco, expanded international programming… and programs focused on AI security, secure software development and global collaboration.”
— Steve Prentiss | [00:13–01:00]

2. High-Risk Palo Alto Firewall Flaw Fixed

[01:10–01:36]
Issue: Palo Alto patched a critical vulnerability (CVSS 7.7) impacting GlobalProtect Gateways/Portals in PanOS.
Details:
- Exploit is “denial of service,” can crash firewalls without login.
- Proof-of-concept exploit exists, but no evidence of in-the-wild abuse.
- Affects PanOS NGFW and Prisma Access with GlobalProtect enabled.

3. Windows January Update Causes Login Problems

[01:37–02:07]
Problem:
- The January 2026 security update breaks remote desktop authentication and connection for Azure Virtual Desktop & Windows 365 via Windows App.
- Affects all supported Windows versions, from Windows 10 Enterprise to Windows 11 25H2, and Windows Server 2019–2025.
Microsoft’s Response:
- “The company is actively working on a resolution and plans to release an out of band update in the coming days.”
  — Steve Prentiss | [02:00–02:07]

4. UK Police Blame Copilot AI For Intelligence "Hallucination"

[02:08–03:09]
Incident:
- West Midlands Police admitted that Microsoft Copilot generated a fake soccer match in an intelligence report—a "hallucination."
- Initial blame was on social media and Google; only later was AI implicated.
Microsoft's Statement:
- “Copilot combines information from multiple web sources into a single response with linked citations. It informs users they are interacting with an AI system and encourages them to review the sources.”
  — Steve Prentiss quoting Microsoft | [02:57–03:04]
Memorable Moment:
- The juxtaposition of police initially denying AI usage, then confirming an AI error.

5. Western Agencies Issue Industrial OT Cybersecurity Guidance

[03:23–04:19]
Announcement:
- Britain’s NCSC, Five Eyes partners, CISA, and FBI publish security guidance for industrial control and critical infrastructure systems.
Context:
- Historically air-gapped systems are now internet-connected for efficiency, increasing attack surfaces.
Purpose:
- A new guidance document offers frameworks for “designing and maintaining secure connectivity, reducing attack surface and boosting resilience.”

6. South Korean Conglomerate Kaiwon (Kyowon) Confirms Ransomware Attack

[04:19–04:53]
Details:
- Attack occurred January 10; may have exposed personal data of over 5.5 million members.
- No group has yet claimed responsibility, and affected user count is still unknown.

7. Reprompt Attack Siphons Copilot Data

[04:54–05:44]
Discovery:
- Researchers at Varonis revealed a new “reprompt” attack technique for Microsoft Copilot.
- A malicious link can bypass LLM data leak protection, enabling persistent data exfiltration—even after Copilot is closed.
Technical Insight:
- Exploits a “parameter 2 prompt” with P2P injection, double request, and chain request techniques.
Quote:
- “[The protections] only applied to an initial URL request, which could be bypassed by supplying each request multiple times.”
  — Steve Prentiss summarizing Varonis research | [05:30–05:42]

8. Central Maine Healthcare Breach Update

[05:45–06:30]
Update:
- Following a 2025 breach, Central Maine Healthcare is notifying 145,000+ patients of compromised data: names, DOBs, SSNs, treatment, provider, and insurance info.
Timeline:
- Breach discovered June 1, 2025; notifications now expanding with more details on the affected.

Notable Quotes & Memorable Moments

On AI Hallucinations in Law Enforcement:
“The Chief Constable … admitted that Microsoft’s copilot AI assistant made a mistake in creating an intelligence report that included a hallucination of a non-existent soccer match…”
— Steve Prentiss | [02:13]
On Windows Update Impact:
“The update… can result in credential prompt failures during remote desktop connections using the Windows app on Windows client devices impacting Azure Virtual DeskT Desktop and Windows 365.”
— Steve Prentiss | [01:44–01:53]

Important Timestamps

[00:09] – RSAC CEO appointment (Jen Easterly)
[01:10] – Palo Alto NGFW/GlobalProtect flaw fixed
[01:37] – Windows update causing login issues
[02:08] – West Midlands Police AI report hallucination
[03:23] – Industrial OT cybersecurity guidance launched
[04:19] – Kyowon ransomware attack confirmed
[04:54] – Varonis “reprompt” Copilot exploitation explained
[05:45] – Central Maine Healthcare breach update

Episode Takeaways

AI integration in sensitive tasks (like police work) can introduce new error vectors—human oversight remains critical.
Enterprise and infrastructure security remains challenged by newly discovered vulnerabilities and the shift toward remote, connected management.
The security community is responding with guidance, patches, and research on emerging threats, but ongoing vigilance is necessary.

This episode is essential listening for IT pros, CISOs, and cybersecurity enthusiasts seeking quick, actionable updates on the current threat landscape.

Episode Overview

Date: January 16, 2026
Host: Steve Prentiss
Podcast: Cybersecurity Headlines (CISO Series)
Episode: "Easterly helms RSAC, Windows update problems, Police Copilot gaffe"

Key Discussion Points & Insights

1. Jen Easterly Appointed CEO of RSA Conference (RSAC)

[00:09–01:09]
Announcement: Jen Easterly, former CISA director and renowned cybersecurity leader, is now CEO of RSAC.
Responsibilities: She will direct RSAC’s international events, flagship San Francisco conference, Innovation Sandbox, educational programs, AI security, secure software initiatives, and global collaboration efforts.
Quote:
“Easterly is a leading cybersecurity expert, a highly decorated US Army veteran and the former director of CISA. As CEO, she will guide RSAC's global portfolio, including its annual flagship conference in San Francisco, expanded international programming… and programs focused on AI security, secure software development and global collaboration.”
— Steve Prentiss | [00:13–01:00]

2. High-Risk Palo Alto Firewall Flaw Fixed

[01:10–01:36]
Issue: Palo Alto patched a critical vulnerability (CVSS 7.7) impacting GlobalProtect Gateways/Portals in PanOS.
Details:
- Exploit is “denial of service,” can crash firewalls without login.
- Proof-of-concept exploit exists, but no evidence of in-the-wild abuse.
- Affects PanOS NGFW and Prisma Access with GlobalProtect enabled.

3. Windows January Update Causes Login Problems

[01:37–02:07]
Problem:
- The January 2026 security update breaks remote desktop authentication and connection for Azure Virtual Desktop & Windows 365 via Windows App.
- Affects all supported Windows versions, from Windows 10 Enterprise to Windows 11 25H2, and Windows Server 2019–2025.
Microsoft’s Response:
- “The company is actively working on a resolution and plans to release an out of band update in the coming days.”
  — Steve Prentiss | [02:00–02:07]

4. UK Police Blame Copilot AI For Intelligence "Hallucination"

[02:08–03:09]
Incident:
- West Midlands Police admitted that Microsoft Copilot generated a fake soccer match in an intelligence report—a "hallucination."
- Initial blame was on social media and Google; only later was AI implicated.
Microsoft's Statement:
- “Copilot combines information from multiple web sources into a single response with linked citations. It informs users they are interacting with an AI system and encourages them to review the sources.”
  — Steve Prentiss quoting Microsoft | [02:57–03:04]
Memorable Moment:
- The juxtaposition of police initially denying AI usage, then confirming an AI error.

5. Western Agencies Issue Industrial OT Cybersecurity Guidance

[03:23–04:19]
Announcement:
- Britain’s NCSC, Five Eyes partners, CISA, and FBI publish security guidance for industrial control and critical infrastructure systems.
Context:
- Historically air-gapped systems are now internet-connected for efficiency, increasing attack surfaces.
Purpose:
- A new guidance document offers frameworks for “designing and maintaining secure connectivity, reducing attack surface and boosting resilience.”

6. South Korean Conglomerate Kaiwon (Kyowon) Confirms Ransomware Attack

[04:19–04:53]
Details:
- Attack occurred January 10; may have exposed personal data of over 5.5 million members.
- No group has yet claimed responsibility, and affected user count is still unknown.

7. Reprompt Attack Siphons Copilot Data

[04:54–05:44]
Discovery:
- Researchers at Varonis revealed a new “reprompt” attack technique for Microsoft Copilot.
- A malicious link can bypass LLM data leak protection, enabling persistent data exfiltration—even after Copilot is closed.
Technical Insight:
- Exploits a “parameter 2 prompt” with P2P injection, double request, and chain request techniques.
Quote:
- “[The protections] only applied to an initial URL request, which could be bypassed by supplying each request multiple times.”
  — Steve Prentiss summarizing Varonis research | [05:30–05:42]

8. Central Maine Healthcare Breach Update

[05:45–06:30]
Update:
- Following a 2025 breach, Central Maine Healthcare is notifying 145,000+ patients of compromised data: names, DOBs, SSNs, treatment, provider, and insurance info.
Timeline:
- Breach discovered June 1, 2025; notifications now expanding with more details on the affected.

Notable Quotes & Memorable Moments

On AI Hallucinations in Law Enforcement:
“The Chief Constable … admitted that Microsoft’s copilot AI assistant made a mistake in creating an intelligence report that included a hallucination of a non-existent soccer match…”
— Steve Prentiss | [02:13]
On Windows Update Impact:
“The update… can result in credential prompt failures during remote desktop connections using the Windows app on Windows client devices impacting Azure Virtual DeskT Desktop and Windows 365.”
— Steve Prentiss | [01:44–01:53]

Important Timestamps

[00:09] – RSAC CEO appointment (Jen Easterly)
[01:10] – Palo Alto NGFW/GlobalProtect flaw fixed
[01:37] – Windows update causing login issues
[02:08] – West Midlands Police AI report hallucination
[03:23] – Industrial OT cybersecurity guidance launched
[04:19] – Kyowon ransomware attack confirmed
[04:54] – Varonis “reprompt” Copilot exploitation explained
[05:45] – Central Maine Healthcare breach update

Episode Takeaways

AI integration in sensitive tasks (like police work) can introduce new error vectors—human oversight remains critical.
Enterprise and infrastructure security remains challenged by newly discovered vulnerabilities and the shift toward remote, connected management.
The security community is responding with guidance, patches, and research on emerging threats, but ongoing vigilance is necessary.

This episode is essential listening for IT pros, CISOs, and cybersecurity enthusiasts seeking quick, actionable updates on the current threat landscape.

wavePod

Easterly helms RSAC, Windows update problems, Police Copilot gaffe

Powered by Wave AI

Summary

Episode Overview

Key Discussion Points & Insights

1. Jen Easterly Appointed CEO of RSA Conference (RSAC)

2. High-Risk Palo Alto Firewall Flaw Fixed

3. Windows January Update Causes Login Problems

4. UK Police Blame Copilot AI For Intelligence "Hallucination"

5. Western Agencies Issue Industrial OT Cybersecurity Guidance

6. South Korean Conglomerate Kaiwon (Kyowon) Confirms Ransomware Attack

7. Reprompt Attack Siphons Copilot Data

8. Central Maine Healthcare Breach Update

Notable Quotes & Memorable Moments

Important Timestamps

Episode Takeaways

Summary

Episode Overview

Key Discussion Points & Insights

1. Jen Easterly Appointed CEO of RSA Conference (RSAC)

2. High-Risk Palo Alto Firewall Flaw Fixed

3. Windows January Update Causes Login Problems

4. UK Police Blame Copilot AI For Intelligence "Hallucination"

5. Western Agencies Issue Industrial OT Cybersecurity Guidance

6. South Korean Conglomerate Kaiwon (Kyowon) Confirms Ransomware Attack

7. Reprompt Attack Siphons Copilot Data

8. Central Maine Healthcare Breach Update

Notable Quotes & Memorable Moments

Important Timestamps

Episode Takeaways