Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines.
B (0:07)
These are the cybersecurity headlines for Monday, January 26, 2026. I'm Steve Prentiss. Microsoft Releases Emergency Update for Frozen Outlook the out of band release occurred Saturday for Windows 10, Windows 11 and Windows Server. This was to fix an issue that stopped Microsoft Outlook Classic from opening when using PSTs stored in cloud storage. A Microsoft Outlook PST file is a data file used by the application to store a user's email and other data locally on their computer instead of on the email server, and is commonly used to access mail when offline and backing up important messages. This problem had existed since the release of the January 2026 Patch Tuesday updates. This issue primarily involved Classic Outlook used in enterprise licensing and not with home installations of Windows. Microsoft investigates Windows 11 boot failures after January updates this second Patch Tuesday headache for Microsoft involves reports that some Windows 11 devices are failing to boot with unmountable boot volume errors after installing the January 2026 Patch Tuesday security updates. This problem issue affects Windows 11 version 25H2 and all editions of Windows 11 version 24H2. Users are reporting encountering a black screen of death and systems are unable to boot into Windows and require manual recovery efforts to boot again. This is an ongoing issue Sandworm likely behind cyber attack on Poland's power grid, says iset. Researchers from that company state that the cyber attack, described as the largest the country has seen in years, was the work of the notorious Russia aligned APT group. Sandworm is best known at least in 2025 for attacks on infrastructure in Ukraine. The attack on Poland's power grid, which occurred in the last week of December, involved data wiping malware that ESET has named Dynowiper. ESET researchers have also highlighted the fact that the coordinated attack occurred on the 10th anniversary of the Sandworm ORC orchestrated attack against the Ukrainian power grid, which resulted in the first ever malware facilitated blackout. Dresden Museum network suffers cyber attack On Wednesday, one of Europe's oldest museum groups, Germany's Dresden State Art Collections, suffered a targeted cyber attack that left it with limited digital and phone services and no ability to process online ticket sales, visitor services or transactions at the museum's shops. The museums remain open to visitors, and the Culture Ministry said security systems protecting the collections were not affected and that both physical and technical security remain fully intact. Officials have not attributed the attack to any group and it is not clear whether the incident involved a ransom. Huge thanks to our sponsor Conveyor. Ever wish your customers could magically get answers to their own security questionnaires before they ever hit your desk. Conveyor has heard this wish from hundreds of teams so they have just launched a new Trust Center AI agent. The agent lives on your Conveyor hosted Trust center and answers customer questions, surfaces, documents and even completes full questionnaires instantly so customers can finish their review without your intervention. Join top tech companies using Conveyor today like Atlassian, Zapier and more. Check it all out@conveyor.com that is c o n v e y o r.com Nike investigating possible security incident the maker of athletic footwear and apparel has been listed as a victim on a tour based leak website operated by the World Leaks gang, along with a threat to make stolen data public. Although the type of data has not been identified, World Leaks is a new gang apparently built on the remains of Hunters International. According to Security Week, the World Leaks website names nearly 120 alleged victims, one being Dell, who in July 2025 said the hackers had only stolen synthetic or publicly available information. End quote. CISA adds four actively exploited vulnerabilities to its KEV catalog. In short, the vulnerabilities are a PHP remote file inclusion vulnerability in Sinecore Zimbra collaboration suite, an authentication bypass in the Versa Concerto SD WAN orchestration platform, an improper access control vulnerability in Vit js, a front end build tool for web projects, and an embedded malicious code vulnerability in ESLINT Config Prettier. A link to an article with additional details including CVE numbers, CVSS scores and the threats these vulnerabilities pose is available in the show Notes to this episode. Shiny Hunters claims OKTA customer breaches the group is taking credit for a voice phishing campaign which allowed it access to market intel broker CrunchBase, streaming platform SoundCloud and financial tech firm Betterment. The voice phishing campaign gave the group access to single sign on codes. SoundCloud says the breach affected about 28 million of its users, while the Betterment and Crunchbase data dumps contain more than 20 million and 2 million records respectively. End quote all relating to PII and this according to representatives from Shinyhunters itself. ZDNet releases its list of 10 ways AI might ruin your life in 2026. Although this is the time of year where everyone makes predictions, and although this list focuses on AI, the list presented by David Berlin and published on ZDNet makes for compelling reading for cybersecurity experts. Berlin offers 10 separate ways that AI can and likely will unleash havoc on organizations and their security teams, notably by being weaponized by threat actors. These include AI enabled malware, agentic AI prompt injection, finding and exploiting weak APIs, and yes, of course, six more. A link to this article is available in the show Notes to this episode do you love getting the security news every day, but want an easy way to figure out what matters for your security team? Then you need to join us for the Department of no live today at 4pm Eastern time each week, we bring on two security leaders to break up the fear, uncertainty and doubt. That's right, fud. In the news, we talk about how stories apply to security teams and how you can use these stories to better connect security to the overall business. Make sure you are subscribed to our YouTube channel to join us each and every Monday at 4pm Eastern Time. And if you have some thoughts on the news from today or about this show in general, please be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO series.