Cybersecurity Headlines – January 19, 2026

Host: Steve Prentice, CISO Series
Episode Main Theme:
A roundup of the latest and most urgent developments in cybersecurity, spotlighting third-party risks, malicious browser extensions, ransomware investigations, and recent data breaches affecting organizations worldwide.

Key Discussion Points & Insights

1. NSA “Dual Hat” Leadership Role Questioned

• [00:07] Army Lieutenant General Joshua Rudd, nominee for NSA Director and Chief of U.S. Cyber Command, announced intent to review the “dual hat” arrangement that combines leadership of both agencies.
  • This dual role’s efficiency will be assessed if Rudd is confirmed.
  • He would succeed General Timothy Hogg, terminated last April, with Lt. Gen. William Hartman currently serving as acting head of both organizations.
• Tone/Takeaway: Raises longstanding debate about management efficiency and oversight between two high-stakes cyber defense roles.

Quote:
“He would evaluate the efficiency of the dual hat leadership role between U.S. Cyber Command and the National Security Agency if he is confirmed to the job.”
– Steve Prentice [00:13]

2. Third-Party Applications Overreach

• [01:05] Reflectiz researchers analyzed 4,700 top websites over 12 months:
  • 64% of third-party applications accessed sensitive data without business justification — up from 51% in 2024.
  • Government and education sites most impacted.
  • Offenders named: Google Tag Manager, Shopify, Facebook Pixel
  • Trend: Governance gap growing around “unjustified access” — third-party tools accessing data without a demonstrable need.

Quote:
“64% of third party applications access sensitive data without business justification, up from 51% in 2024.”
– Steve Prentice [01:19]

3. GhostPoster Extension Campaign Escalates

• [02:08] Update: 17 more malicious browser extensions uncovered (Chrome, Firefox, Edge), tied to the GhostPoster campaign, totaling 840,000 installs.
  • Discovered by Koi Security.
  • Technique: Malicious JavaScript hidden in logo images, implants a backdoor, hijacks affiliate links, and injects invisible iframes for ad fraud/click fraud.
  • Most extensions now delisted from respective app stores.

4. Law Enforcement Targets Black Basta Ransomware

• [03:10] Ukraine & Germany identified two Ukrainian suspects working for Black Basta, a Russia-linked ransomware gang.
  • Suspects acted as “hash crackers”, using specialized tools to recover stolen passwords.
  • Oleg Nefedov, Russian national, named group’s ringleader and placed on Interpol wanted list; potential ties to “Conti” gang.

5. Anchorage Police Dept. – Vendor Cyberattack

• [04:09] January 7th: Anchorage PD affected by a cyberattack traced to third-party White Box Technologies (Utah-based), during a software update.
  • Department believes no systems compromised, no sensitive data stolen.
  • White Box supports multiple public agencies across the U.S.

6. Canadian Investment Regulator CIRO – Data Breach

• [04:44] CIRO confirms ~750,000 investors impacted by a 2025 breach following a sophisticated phishing attack in August.
  • CIRO regulates all investment/mutual fund dealers and market trading in Canada, but is not a government entity.
  • Data at risk: PII and financial info (but not login details).

7. Grubhub Data Breach & Extortion

• [05:20] Grubhub confirms a breach; hackers accessed systems and are sending extortion demands.
  • Nature, scope, and timing of breach not yet clear.
  • Uncertainty remains if breach is connected to scam emails from a Grubhub subdomain promoting crypto schemes.

8. Carlsberg Brewery Visitor Data Leak

• [05:53] Visitors’ wristband-linked photos and names at Carlsberg’s Copenhagen exhibition are vulnerable.
  • Security researcher Alan Mone (Pen Test Partners) found brute-forcing of wristband IDs could reveal hundreds of visitors’ personal images and names.
  • Carlsberg alerted in August 2025 but has not yet resolved the issue.

Quote:
“Through a brute forcing technique, anyone could access the names and images belonging to the many hundreds of beer enthusiasts who visit the brewery each month.”
– Steve Prentice [06:21]

Notable Quotes & Memorable Moments

• “64% of third-party applications access sensitive data without business justification, up from 51% in 2024.” — Steve Prentice [01:19]
• “These newly identified extensions are no longer present in the add-on stores belonging to Mozilla and Microsoft.” — Steve Prentice on GhostPoster [02:47]
• “Oleg Nefedov, a 36-year-old Russian national identified as the group's ringleader who may also have ties to the Conti gang.” — Steve Prentice [03:40]
• “Through a brute forcing technique, anyone could access the names and images belonging to the many hundreds of beer enthusiasts who visit the brewery each month.” — Steve Prentice [06:21]

Useful Timeline ([Timestamps])

• [00:07] NSA dual-hat role under review
• [01:05] Third-party app unjustified access report
• [02:08] GhostPoster campaign update (extensions & installs)
• [03:10] Black Basta ransomware investigation
• [04:09] Anchorage Police Dept. cyberattack
• [04:44] CIRO breach (Canada)
• [05:20] Grubhub data breach & extortion
• [05:53] Carlsberg brewery visitor data exposure

Podcast Tone & Language

• Style: Concise, direct, fact-based
• Tone: Authoritative, urgency-tinged, and always focused on actionable news for information security professionals.

Conclusion

This episode delivers a fast-moving overview of pressing cyber threats and vulnerabilities, highlighting the growing risks from lax third-party governance, the evolving tactics of cybercriminals, and continuing struggles with sensitive data protection across industries. Each headline provides security leaders actionable awareness to inform their defense priorities for the coming week.