Cybersecurity Headlines – Episode Summary

Podcast: Cybersecurity Headlines
Host: Steve Prentiss (CISO Series)
Date: January 23, 2026
Episode: Multi-stage SharePoint attack, SmarterMail bypass flaw, AI worries Davos

Overview

This episode presents a rapid-fire analysis of the day’s most pressing cybersecurity stories, ranging from sophisticated phishing and ransomware attacks to the potential challenges posed by AI agents. The discussion addresses vulnerabilities, recent major incidents, industry response, and significant comments from global leaders at Davos on the security risks introduced by artificial intelligence.

Key Stories & Discussion Points

1. Multi-Stage SharePoint Phishing & Business Email Compromise

[00:17]

• Summary:
  Microsoft Defender researchers uncovered a multi-stage adversary-in-the-middle campaign targeting multiple energy sector organizations via SharePoint file sharing services. The attackers deliver phishing payloads and create inbox rules for maintaining persistence while evading user detection.
• Key Technical Details:
  • Attack relies on SharePoint as delivery vector.
  • Malicious inbox rules are created to evade detection and ensure persistence.
  • Merely resetting passwords is insufficient—active session cookies must also be revoked, and attacker-created inbox rules must be deleted.
• Notable Quote (Steve Prentiss):

  “Password resets alone are insufficient to mitigate this issue. Impacted organizations… must additionally revoke active session cookies and remove attacker created inbox rules.” [00:36]

2. SmarterMail Authentication Bypass Flaw Exploited

[01:10]

• Summary:
  Attackers are exploiting a recently patched authentication bypass vulnerability in SmarterTools’ SmarterMail platform, allowing unauthorized admin password resets.
• Key Details:
  • Flaw resides in the “Force Reset Password” API endpoint, which lacked authentication.
  • Patch released on January 15, but exploitation occurred within two days, indicating threat actors rapidly reverse engineered the fix.
  • Watchtower reported the issue and observed immediate abuse.
• Notable Quote:

  “Hackers reverse engineered the patch and found a way to leverage the flaw.” [01:36]

3. Spanish Judge Closes Pegasus Spyware Probe

[02:02]

• Summary:
  The Spanish probe into NSO Group's Pegasus spyware, prompted by allegations of top officials being targeted, has closed due to Israel’s lack of cooperation.
• Key Details:
  • The investigation centered on zero-click Pegasus compromises of prime minister and defense minister devices.
  • Judge cited a repeated failure by Israel to respond to five formal cooperation requests.
  • This was described as “breaking the balance inherent in international cooperation and violating the principle of good faith.”
• Notable Quote (Judge Statement via Steve Prentiss):

  “Breaking the balance inherent in international cooperation and violating the principle of good faith that should govern relations between states.” [02:42]

4. Fake Cell Tower Scam Dismantled in Greece

[03:01]

• Summary:
  Greek authorities have disrupted scammers running mobile fake cell towers for localized phishing attacks.
• Key Details:
  • Scammers placed mobile cell towers in cars, forcing nearby phones to downgrade from 4G to less secure 2G.
  • Enabled interception of phone numbers and mass phishing via SMS (posing as banks/couriers).
  • At least three fraud cases identified; the operation's full scope remains unclear.

5. NIST Staff Cuts and Cybersecurity Resource Constraints

[05:12]

• Summary:
  NIST is managing mandates on AI and cybersecurity despite major staff and budget reductions.
• Key Details:
  • NIST has lost over 700 staff members in the last year.
  • Lab program’s budget cut by $13 million, causing tight prioritization on new initiatives, including crypto and AI.
• Notable Quote (Kevin Stein, NIST):

  “Forcing a very focused discussion on prioritization of our activities.” [05:45]

6. Global CVE Allocation System (GCVE) Announced

[06:00]

• Summary:
  Luxembourg’s Computer Incident Response Center to administer GCVE, an alternative to the Common Vulnerabilities and Exposures (CVE) system, introducing distributed identifier allocation and avoiding single funding source dependency.
• Key Details:
  • Maintains backward compatibility with current CVE infrastructure.
  • Response to the near-shutdown of the original CVE system due to funding and contract issues.

7. Osiris Ransomware via Vulnerable Drivers

[06:47]

• Summary:
  Security teams at Symantec and Carbon Black warn of a novel ransomware family, Osiris, weaponizing a malicious driver (“PoorTry”) in a major attack on a Southeast Asian food franchisee.
• Key Details:
  • Utilizes the Bring Your Own Vulnerable Driver (BYOVD) technique to disable security tools.
  • Independent strain from the 2016 Osiris; possibly linked to prior Ink ransomware actors.
  • Features hybrid encryption and unique per-file keys.

8. AI Security Risks at Davos

[07:34]

• Summary:
  At the World Economic Forum in Davos, AI agents and their security implicated as top concern—especially the risk of AI becoming the “ultimate insider threat.”
• Highlights from Industry Leaders:
  • Dave Treat, Pearson:

    “We have enough difficulty getting the humans trained to be effective at preventing cyber attacks. Now I’ve got to do it for humans and agents in combination.” [07:52]

  • Michel Zatlin, Cloudflare:

    “With agents, you need to think about them as an extension of your team and an extension of your employee base.” [08:08]

  • Hatem Dawidar, Etisalat:

    “Many years ago we started saying all calls are recorded for quality purposes. We need to create that also for AI agents.” [08:12]

  • Michael Maybach, Mastercard:

    “Organizations should… collect as many signals as possible from relevant data streams… to determine if activity is safe or malicious.” [08:29]

• Tone:
  Widespread industry uncertainty on how to properly secure AI agents; emphasis on proactive, data-rich monitoring and controls.

Memorable Quotes & Moments

• Steve Prentiss, on SharePoint attacks:

  “Password resets alone are insufficient…” [00:36]

• Microsoft Defender & Watchtower researchers, on patch exploitation:

  “Hackers reverse engineered the patch and found a way to leverage the flaw.” [01:36]

• Kevin Stein, NIST, on resourcing:

  “Forcing a very focused discussion on prioritization…” [05:45]

• Dave Treat, on AI agents:

  “Now I’ve got to do it for humans and agents in combination.” [07:52]

• Michel Zatlin, on AI as team extension:

  “You need to think about them as an extension of your team…” [08:08]

• Hatem Dawidar, on AI monitoring:

  “We need to create that [monitoring] also for AI agents.” [08:12]

• Michael Maybach, on security data:

  “Collect as many signals as possible from relevant data streams…” [08:29]

Timestamps for Key Segments

• Multi-stage SharePoint Campaign: 00:17–01:09
• SmarterMail Authentication Bypass: 01:10–01:57
• Spanish NSO Pegasus Probe Closure: 02:02–03:00
• Greek Cell Tower Phishing Scam: 03:01–04:16
• NIST Staff and Budget Cuts: 05:12–05:59
• GCVE System Announcement: 06:00–06:46
• Osiris Ransomware Incident: 06:47–07:33
• AI Security Challenges at Davos: 07:34–08:34

Conclusion

This episode delivers concise analysis on several emerging threats and systemic cybersecurity challenges, from multi-phased phishing in critical sectors to fundamental debates about AI’s insider risks at the highest levels. The commentary captures the urgency and complexity of protecting evolving infrastructure, even as budget and staffing pressures mount and new technologies introduce novel attack vectors.