A (0:00)

From the CISO series, it's Cybersecurity Headlines.

B (0:07)

These are the cybersecurity headlines for Friday, January 16, 2026. I'm Steve Prentiss. Jen Easterly to helm RSAC. The RSA Conference, host of the world's largest and most influential cybersecurity conference, also known as rsac, announced yesterday that Easterly has been appointed as Chief Executive Officer. Easterly is a leading cybersecurity expert, a highly decorated US army veteran and the former director of CISA. As CEO, she will guide RSAC's global portfolio, including its annual flagship conference in San Francisco, expanded international programming, the renowned Innovation Sandbox Contest and Startup ecosystem, its emerging professional membership platform, education initiatives and programs focused on AI security, secure software development and global collaboration. End quote Palo Alto fixes flaw that can crash firewalls without login this fix involves security updates for a flaw with a CVSS score of 7.7 that impacts global Protect, Gateway and portal. According to the company, a proof of concept exploit exists for this flaw. It is described as a denial of Service condition impacting GlobalProtect PanOS software arising as a result of an improper check for exceptional conditions. Specifically, it impacts Panos, NGFW or Prisma access configurations with an enabled GlobalProtect Gateway or Portal. There is no evidence that the vulnerability has yet been exploited in the wild Windows January update causes login problems the January 2026 security update, which was released on Tuesday, January 13, is leading to connection and authentication failures in Azure Virtual desktop and Windows 365 related to the Windows app. The update, Microsoft says, can result in credential prompt failures during remote desktop connections using the Windows app on Windows client devices impacting Azure Virtual DeskT Desktop and Windows 365. This appears to affect every supported version of Windows from Windows 10 Enterprise up to Windows 1125H2 as well as Windows servers 2019 to 2025. The company is actively working on a resolution and plans to release an out of band update in the coming days. UK Police blame Copilot for intelligence mistake the Chief Constable of West Midlands Police, one of Britain's largest police forces, has admitted that Microsoft's co pilot AI assistant made a mistake in creating an intelligence report that included a hallucination of a non existent soccer match between London team Aston Villa and a visiting team Maccabi Tel Aviv. Initially, the force denied that AI had been used in preparing the report, blaming social media scraping and a Google search result for the error. Microsoft has not yet confirmed that Copilot was involved in this particular mistake but said in a statement to the Verge that the British police force should be reviewing the sources of information that Copilot provides, end quote. It added Copilot combines information from multiple web sources into a single response with linked citations. It informs users they are interacting with an AI system and encourages them to review the sources, end quote. Huge thanks to our sponsor ThreatLocker. Want real zero trust training? Zero Trust World 2026 delivers hands on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4 through 6 in Orlando, plus a live CISO series episode on March 6. You can get $200 off with the code ZTWCISO26@ZTW.com Western cyber agencies issue industrial operation technology warning and guidance Britain's National Cybersecurity Centre joined its five Eyes partners along with CISA and the FBI to discover how organizations should securely connect equipment such as industrial control systems, sensors and other critical which are at the heart of critical infrastructure from energy generation plants through to water treatment facilities, manufacturing lines and transportation networks. The warnings point out that while historically air gapped from the Internet, many of these systems are now remotely monitored and managed, increasing efficiency but also the potential attack surface for malicious actors. The warnings were used to introduce a new NCSC guidance document which offers a clear practical framework for designing and maintaining maintaining secure connectivity, reducing attack surface and boosting resilience. South Korean conglomerate Kaiwon confirms ransomware attack the group says the incident occurred on Saturday, January 10, and that customer information may have been exposed in the incident. Kiowon, spelt K Y O W O N, specializes in education and publishing, digital learning tools, hospitality and various consumer services. It has about 5.5 million members, but there is no indication as of yet how many of these may have been affected by the incident. No major group has claimed responsibility for this attack and no suspects have been suggested. Reprompt attack siphons Microsoft Copilot data Researchers at Varonis have discovered and revealed a new attack technique that could allow a threat actor to exfiltrate user data from Microsoft Copilot using a single malicious link named reprompt. The attack bypasses the LLM's data leak protections and allows for persistent session exfiltration even after Copilot is closed. The Varonis researchers added the attack leverages a parameter 2 prompt that is a P2P injection, a double request technique and a chain request technique to enable continuous undetectable data exfiltration. End quote. They discovered that the protections only applied to an initial URL request, which could be bypassed by supplying each request multiple times. A link to a more detailed explanation of this technique is available in the show Notes to this episode Central Maine Healthcare Data Breach Update following up on a story we covered in June of last year, Central Maine Healthcare is Now notifying over 145,000 patients that their personal treatment and health insurance information was compromised in a multi month data intrusion and breach which itself was discovered on June 1, 2025. The compromised information, Central Maine Healthcare says, includes names, dates of birth, Social Security numbers, treatment details, provider names, dates of service and health insurance information. Be sure to subscribe to the CISO Series YouTube channel. We host live streams like the Department of Know, original interviews and demos and clips from all our podcasts. And if you have some thoughts on the news from today or about this show in general, please be sure to reach out to us@feedbacksoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO series.