CyberWire Daily – "CVEs don’t sleep."
Date: January 14, 2026
Host: Dave Bittner (N2K Networks)
Featured Segment: David Moulton interviews Ian Swanson (Palo Alto Networks) on the AI supply chain
Episode Overview
The January 14, 2026 episode centers on urgent cybersecurity news, including a packed Patch Tuesday, targeted bans on Western cybersecurity software in China, major vulnerabilities in industrial systems, disruptions caused by ransomware, and high-profile breaches. The episode also features a deep dive into AI supply chain risks with industry expert Ian Swanson. The program maintains its usual rapid-fire delivery of breaking news, complemented by expert commentary and memorable news moments.
Key News Highlights & Analysis
1. Microsoft Patch Tuesday: Critical Updates
[01:33–03:26]
- Microsoft released fixes for at least 113 vulnerabilities, with 8 critical and 1 zero-day already under attack.
- The zero-day impacts the Windows Desktop Window Manager; it could bypass core protections and be chained with other flaws.
- Other updates included Office preview pane vulnerabilities and the removal of legacy modem drivers.
- Additional products updated: Mozilla (browser), Adobe (25 vulnerabilities, including serious XML injection in Tika modules), and Fortinet (6 vulnerabilities, 2 critical).
"Researchers warn it can undermine core protections like address space layout randomization and be chained with other flaws, making rapid patching essential." – Dave Bittner [01:54]
2. Fortinet and Moxa: Industrial Control System Threats
[03:27–05:04]
- Fortinet: Patched an unauthenticated OS command injection in FortiSIM and a flaw in FortiPhone that could expose device configurations.
- Moxa: Disclosed a critical vulnerability in their industrial ethernet switches (over insecure openSSH library handling). Patch available; immediate network isolation and upgrades advised.
- No active exploitation reported yet—emphasizing proactive defense for industrial and OT systems.
3. Geopolitics: China Moves to Sideline Western Security Tools
[05:05–06:01]
- Chinese authorities ordered domestic companies to stop using cybersecurity tools from major US and Israeli vendors (VMware, Palo Alto Networks, Fortinet, Check Point); citing national security and data exfiltration concerns.
- Reflects worsening US-China relations and China's accelerated push toward domestic tech alternatives.
"The move comes as both sides prepare for renewed high level diplomacy and reflects long standing Chinese concerns that foreign cybersecurity tools could enable espionage or sabotage." – Dave Bittner [05:44]
4. Significant Cyberattacks and Data Breaches
[06:02–09:19]
Belgium Hospital Ransomware
- Az Monica Hospital operations severely disrupted: surgeries canceled, emergency services reduced, patient transfers.
- Servers proactively taken offline; no confirmed data compromise.
Betterment Crypto Scam
- Attackers accessed a third-party marketing platform, using legitimate Betterment email to promote a crypto scam.
- Customer data exposed: names, contact info, addresses, DOB; no direct accountholder access.
Eurail Data Breach
- Exposed customer data includes names, contacts, DoB, passport info, and possibly bank/health data for Discover EU participants.
- Systems now secured; no misuse detected so far.
5. U.S. Cyber Offense and Policy Calls
[09:20–10:54]
- Security analysts pressed Congress to update offensive cyber authorities and move beyond restrictive, reactive measures.
- Testimony highlighted attacks like Volt Typhoon and U.S. water system breaches, arguing for "defend forward" operations and more rapid infrastructure takedowns.
- Crowdstrike advocated for clearer information-sharing roles and faster coordination.
6. CISA Leadership Update
[10:55–11:50]
- President Trump re-nominated Shawn Planky to direct CISA after earlier Senate holds.
- White House prioritizes Planky’s confirmation, emphasizing the need for stable civilian cyber agency leadership.
"The administration says confirming Planki remains a priority, citing the need for stable leadership at the nation's lead civilian cyber defense agency." – Dave Bittner [11:34]
Threat Vector Special Segment: Securing the AI Supply Chain
[11:51–17:14]
Host: David Moulton
Guest: Ian Swanson (AI Security Lead, Palo Alto Networks)
Defining the AI Supply Chain
[12:51–13:50]
- The supply chain includes not only data but also machine learning models and repositories like Hugging Face.
- Many organizations dramatically undercount how many ML models they have in production (perceived 100–150, reality thousands or more).
"If data is the fuel, the machine learning model is the engine to an AI application." – Ian Swanson [13:33]
Hidden Model Risks
[13:51–15:26]
- Risks include malicious code, unsafe operators, and "neural backdoors" within imported or openly sourced models.
- Attackers are already leveraging model repositories for supply chain attacks similar to what happened in traditional software.
"We need to scan machine learning models for risk... within that engine can be a lot of malicious code, unsafe operators, neural backdoors." – Ian Swanson [14:13]
Emerging Attack Examples
[15:27–17:14]
- Discovery of a name-squatting supply chain attack: a model impersonating a reputable healthcare company, downloaded tens of thousands of times, aimed to steal AWS credentials upon deployment.
- These attacks mimic classic software supply chain compromises but exploit the unique nature of ML model consumption.
"We found a model pretending to be from a well known healthcare life sciences company... one of its core goals was to steal and exfiltrate your credentials on your cloud." – Ian Swanson [16:13]
Key Takeaways
- Visibility is the first step: Companies dramatically underestimate their ML asset footprint.
- Continuously scan and red team AI models and applications—especially open source.
- Test before deploy: Benchmarking and testing at "the point of inference" is essential.
- Modern supply chain attacks are now targeting models and data, not just code.
Memorable Closing Story: AI’s Imaginative Error Causes Soccer Security Snafu
[17:56–end]
- A UK soccer match was classified high-risk due to "unrest" cited in a report about a game that never actually occurred: Maccabee Tel Aviv vs. West Ham.
- The error traced to reliance on Microsoft Copilot’s AI output, not verified by police.
- Highlights the "promise—not guarantee—of accuracy" in AI-generated facts.
"At any rate, the AI promised assistance, not accuracy, and delivered exactly that." – Dave Bittner [18:42]
Timestamps for Key Segments
| Timestamp | Segment | |-----------|----------------------------------------------| | 01:33 | Microsoft Patch Tuesday & Zero-Day | | 03:27 | Adobe, Fortinet, Moxa vulnerabilities | | 05:05 | China excludes Western cyber vendors | | 06:02 | Belgium hospital ransomware | | 07:37 | Betterment crypto breach | | 08:33 | Eurail data breach | | 09:20 | U.S. cyber policy debate | | 10:55 | CISA/Planky nomination update | | 11:51 | Threat Vector: David Moulton/Ian Swanson | | 17:56 | AI error in UK soccer security decision |
Notable Quotes
- "If data is the fuel, the machine learning model is the engine to an AI application." – Ian Swanson [13:33]
- "We need to scan machine learning models for risk... within that engine can be a lot of malicious code, unsafe operators, neural backdoors." – Ian Swanson [14:13]
- "At any rate, the AI promised assistance, not accuracy, and delivered exactly that." – Dave Bittner [18:42]
Episode Flow & Tone
The episode maintains a fast, urgent tone in line with the rapidly changing cybersecurity landscape. Breaking news is interspersed with deep-dive industry insights, with particular focus on actionable takeaways. The AI segment in particular combines technical grounding with practical business advice, while the closing story injects a note of caution (and slight levity) about over-trusting AI.
For Further Listening
- Full Threat Vector interview with Ian Swanson: “Securing the AI Supply Chain with Ian Swanson” in your Threat Vector Podcast feed.
- Upcoming: 100th Threat Vector episode with Nikesh Arora, CEO of Palo Alto Networks.