Cybersecurity Headlines: Episode Summary

Podcast: Cybersecurity Headlines
Host: Steve Prentiss (CISO Series)
Episode: Microsoft Patch Problems, Sandworm Hits Poland, Dresden Museum Cyberattack
Date: January 26, 2026

Episode Overview

This episode covers several urgent and impactful stories from the cybersecurity landscape as of January 26, 2026. Key topics include emergency patches from Microsoft, major cyberattacks on Poland’s power infrastructure and a prominent German museum, ongoing corporate data breaches, additions to CISA’s exploited vulnerabilities list, and the risks posed by advances in AI, as well as commentary on industry trends.

Key Discussion Points and Insights

1. Microsoft Patch and Windows 11 Instability

[00:12] Microsoft Releases Emergency Outlook Update
- Microsoft rushed out-of-band updates for Windows 10, 11, and Server to fix a Patch Tuesday bug that prevented Microsoft Outlook Classic from opening when PST files were stored in cloud storage.
- The issue primarily affected enterprise installations using Classic Outlook. Notably, home users were unaffected.
  
  "This problem had existed since the release of the January 2026 Patch Tuesday updates ... primarily involved Classic Outlook used in enterprise licensing and not with home installations of Windows."
  — Steve Prentiss [00:23]
[00:54] Windows 11 Boot Failures After January Update
- Separate reports indicated that January security updates caused some Windows 11 (v25H2, v24H2) systems to become unbootable, displaying an "unmountable boot volume" error with black screens.
- Users required manual recovery; the issue remained unresolved at broadcast time.
  
  "Users are reporting encountering a black screen of death and systems are unable to boot into Windows and require manual recovery..."
  — Steve Prentiss [01:14]

2. Major Cyber Incidents

[01:26] Sandworm Attack Hits Poland Power Grid
- Polish cyber researchers (ESET) attributed a massive late-December attack on the national power grid to the notorious Russia-aligned APT group Sandworm.
- The attack used a wiping malware named Dynowiper and coincided with the 10th anniversary of Sandworm's landmark Ukrainian blackout operation.
  
  "ESET researchers have also highlighted the fact that the coordinated attack occurred on the 10th anniversary of the Sandworm orchestrated attack against the Ukrainian power grid, which resulted in the first ever malware facilitated blackout."
  — Steve Prentiss [01:50]
[02:07] Dresden State Art Collections Hit by Cyberattack
- One of Europe’s oldest museum groups lost digital and phone services in a targeted cyberattack, halting online ticket sales and some onsite transactions.
- No groups have been named, and ransom involvement is unclear. Security for collections remained unaffected, and museums remained open.
  
  "Officials have not attributed the attack to any group and it is not clear whether the incident involved a ransom."
  — Steve Prentiss [02:25]

3. Ongoing Corporate Data Breaches

[03:11] Nike Investigates Possible Security Incident
- Nike appeared on the World Leaks gang’s leak website, who threatened to publish stolen data (type of data undisclosed).
- World Leaks, possibly evolved from Hunters International, currently claims ~120 victims, including tech giant Dell.
  
  "World Leaks is a new gang apparently built on the remains of Hunters International ... the World Leaks website names nearly 120 alleged victims."
  — Steve Prentiss [03:32]

4. CISA Adds Actively Exploited Vulnerabilities

[03:52] Four New KEV Catalog Vulnerabilities
- Newly highlighted vulnerabilities include:
  - PHP remote file inclusion in Sinocore Zimbra Collaboration Suite
  - Authentication bypass in Versa Concerto SD-WAN
  - Improper access control in Vit.js frontend tool
  - Embedded malicious code in ESLINT Config Prettier
- CVE numbers, scores, and full details are linked in the show notes.

5. Shiny Hunters’ Voice Phishing Campaigns

[04:34] OKTA-Centric Breaches Affect Multiple Companies
- The group Shiny Hunters claimed responsibility for breaches at CrunchBase, SoundCloud, and Betterment via voice phishing, harvesting SSO codes.
- Breach scale included:
  - SoundCloud: ~28 million users
  - Betterment: 20+ million
  - CrunchBase: 2+ million
  "The voice phishing campaign gave the group access to single sign on codes. SoundCloud says the breach affected about 28 million of its users..."
  — Steve Prentiss [04:47]

6. ZDNet: 10 Ways AI Might Ruin Your Life in 2026

[05:16] AI as a Security Risk
- David Berlin’s ZDNet article highlights how AI is being weaponized by attackers.
- Examples include:
  - AI-enabled malware
  - Prompt injection attacks
  - Exploitation of API weaknesses
  "Berlin offers 10 separate ways that AI can and likely will unleash havoc on organizations and their security teams, notably by being weaponized by threat actors."
  — Steve Prentiss [05:30]

Notable Quotes & Moments

On Microsoft Patch Woes:

"This is the second Patch Tuesday headache for Microsoft..."
— Steve Prentiss [00:48]
On the Impact of Sandworm Attacks:

"The attack on Poland's power grid ... involved data-wiping malware that ESET has named Dynowiper."
— Steve Prentiss [01:39]
On the Dresden Museum Attack:

"The museums remain open to visitors, and the Culture Ministry said security systems protecting the collections were not affected."
— Steve Prentiss [02:17]
On Nike’s Incident:

"Although the type of data has not been identified, World Leaks is a new gang apparently built on the remains of Hunters International."
— Steve Prentiss [03:23]
On AI Risks:

"Although this list focuses on AI, the list presented by David Berlin and published on ZDNet makes for compelling reading for cybersecurity experts."
— Steve Prentiss [05:23]

Timestamps for Important Segments

[00:12] Microsoft Outlook emergency update
[00:54] Windows 11 boot failure issues
[01:26] Sandworm-Poland cyberattack analysis
[02:07] Dresden museum group cyberattack
[03:11] Nike investigated for data breach
[03:52] CISA's KEV catalog updates
[04:34] Shiny Hunters’ campaign and breach details
[05:16] ZDNet on destructive AI trends

Conclusion

This episode blends real-time breach response and patch issues with commentary on the new breed of threats, from state-sponsored attacks to the AI-enabled future of cyberattacks. The concise headlines format paired with clear technical explanations make it a crucial listen for security practitioners monitoring daily developments. For more detail or the full articles referenced, visit the episode’s show notes at CISOSeries.com.

Cybersecurity Headlines: Episode Summary

Podcast: Cybersecurity Headlines
Host: Steve Prentiss (CISO Series)
Episode: Microsoft Patch Problems, Sandworm Hits Poland, Dresden Museum Cyberattack
Date: January 26, 2026

Episode Overview

Key Discussion Points and Insights

1. Microsoft Patch and Windows 11 Instability

[00:12] Microsoft Releases Emergency Outlook Update
- Microsoft rushed out-of-band updates for Windows 10, 11, and Server to fix a Patch Tuesday bug that prevented Microsoft Outlook Classic from opening when PST files were stored in cloud storage.
- The issue primarily affected enterprise installations using Classic Outlook. Notably, home users were unaffected.
  
  "This problem had existed since the release of the January 2026 Patch Tuesday updates ... primarily involved Classic Outlook used in enterprise licensing and not with home installations of Windows."
  — Steve Prentiss [00:23]
[00:54] Windows 11 Boot Failures After January Update
- Separate reports indicated that January security updates caused some Windows 11 (v25H2, v24H2) systems to become unbootable, displaying an "unmountable boot volume" error with black screens.
- Users required manual recovery; the issue remained unresolved at broadcast time.
  
  "Users are reporting encountering a black screen of death and systems are unable to boot into Windows and require manual recovery..."
  — Steve Prentiss [01:14]

2. Major Cyber Incidents

[01:26] Sandworm Attack Hits Poland Power Grid
- Polish cyber researchers (ESET) attributed a massive late-December attack on the national power grid to the notorious Russia-aligned APT group Sandworm.
- The attack used a wiping malware named Dynowiper and coincided with the 10th anniversary of Sandworm's landmark Ukrainian blackout operation.
  
  "ESET researchers have also highlighted the fact that the coordinated attack occurred on the 10th anniversary of the Sandworm orchestrated attack against the Ukrainian power grid, which resulted in the first ever malware facilitated blackout."
  — Steve Prentiss [01:50]
[02:07] Dresden State Art Collections Hit by Cyberattack
- One of Europe’s oldest museum groups lost digital and phone services in a targeted cyberattack, halting online ticket sales and some onsite transactions.
- No groups have been named, and ransom involvement is unclear. Security for collections remained unaffected, and museums remained open.
  
  "Officials have not attributed the attack to any group and it is not clear whether the incident involved a ransom."
  — Steve Prentiss [02:25]

3. Ongoing Corporate Data Breaches

[03:11] Nike Investigates Possible Security Incident
- Nike appeared on the World Leaks gang’s leak website, who threatened to publish stolen data (type of data undisclosed).
- World Leaks, possibly evolved from Hunters International, currently claims ~120 victims, including tech giant Dell.
  
  "World Leaks is a new gang apparently built on the remains of Hunters International ... the World Leaks website names nearly 120 alleged victims."
  — Steve Prentiss [03:32]

4. CISA Adds Actively Exploited Vulnerabilities

[03:52] Four New KEV Catalog Vulnerabilities
- Newly highlighted vulnerabilities include:
  - PHP remote file inclusion in Sinocore Zimbra Collaboration Suite
  - Authentication bypass in Versa Concerto SD-WAN
  - Improper access control in Vit.js frontend tool
  - Embedded malicious code in ESLINT Config Prettier
- CVE numbers, scores, and full details are linked in the show notes.

5. Shiny Hunters’ Voice Phishing Campaigns

[04:34] OKTA-Centric Breaches Affect Multiple Companies
- The group Shiny Hunters claimed responsibility for breaches at CrunchBase, SoundCloud, and Betterment via voice phishing, harvesting SSO codes.
- Breach scale included:
  - SoundCloud: ~28 million users
  - Betterment: 20+ million
  - CrunchBase: 2+ million
  "The voice phishing campaign gave the group access to single sign on codes. SoundCloud says the breach affected about 28 million of its users..."
  — Steve Prentiss [04:47]

6. ZDNet: 10 Ways AI Might Ruin Your Life in 2026

[05:16] AI as a Security Risk
- David Berlin’s ZDNet article highlights how AI is being weaponized by attackers.
- Examples include:
  - AI-enabled malware
  - Prompt injection attacks
  - Exploitation of API weaknesses
  "Berlin offers 10 separate ways that AI can and likely will unleash havoc on organizations and their security teams, notably by being weaponized by threat actors."
  — Steve Prentiss [05:30]

Notable Quotes & Moments

On Microsoft Patch Woes:

"This is the second Patch Tuesday headache for Microsoft..."
— Steve Prentiss [00:48]
On the Impact of Sandworm Attacks:

"The attack on Poland's power grid ... involved data-wiping malware that ESET has named Dynowiper."
— Steve Prentiss [01:39]
On the Dresden Museum Attack:

"The museums remain open to visitors, and the Culture Ministry said security systems protecting the collections were not affected."
— Steve Prentiss [02:17]
On Nike’s Incident:

"Although the type of data has not been identified, World Leaks is a new gang apparently built on the remains of Hunters International."
— Steve Prentiss [03:23]
On AI Risks:

"Although this list focuses on AI, the list presented by David Berlin and published on ZDNet makes for compelling reading for cybersecurity experts."
— Steve Prentiss [05:23]

Timestamps for Important Segments

[00:12] Microsoft Outlook emergency update
[00:54] Windows 11 boot failure issues
[01:26] Sandworm-Poland cyberattack analysis
[02:07] Dresden museum group cyberattack
[03:11] Nike investigated for data breach
[03:52] CISA's KEV catalog updates
[04:34] Shiny Hunters’ campaign and breach details
[05:16] ZDNet on destructive AI trends

wavePod

Microsoft Patch problems, Sandworm hits Poland, Dresden Museum cyberattack

Powered by Wave AI

Summary

Cybersecurity Headlines: Episode Summary

Episode Overview

Key Discussion Points and Insights

1. Microsoft Patch and Windows 11 Instability

2. Major Cyber Incidents

3. Ongoing Corporate Data Breaches

4. CISA Adds Actively Exploited Vulnerabilities

5. Shiny Hunters’ Voice Phishing Campaigns

6. ZDNet: 10 Ways AI Might Ruin Your Life in 2026

Notable Quotes & Moments

Timestamps for Important Segments

Conclusion

Summary

Cybersecurity Headlines: Episode Summary

Episode Overview

Key Discussion Points and Insights

1. Microsoft Patch and Windows 11 Instability

2. Major Cyber Incidents

3. Ongoing Corporate Data Breaches

4. CISA Adds Actively Exploited Vulnerabilities

5. Shiny Hunters’ Voice Phishing Campaigns

6. ZDNet: 10 Ways AI Might Ruin Your Life in 2026

Notable Quotes & Moments

Timestamps for Important Segments

Conclusion