CyberWire Daily — "Stabilized but Smaller"

Date: January 22, 2026

Host: Dave Bittner (N2K Networks)
Guest Interview: Kaushik Deveretti, AI Data Scientist, Fable Security

Episode Overview

This episode covers the stabilization of the US Cybersecurity and Infrastructure Security Agency (CISA) after a turbulent year, major software vulnerabilities and threat campaigns in the wild, new phishing and social engineering trends, notable arrests for cyber-enabled crimes, and heightened concerns about AI and quantum risk at the World Economic Forum in Davos. The featured interview dives into a new flavor of “click-fix” malware attacks using fake AI browser installers.

Key News and Analysis Segments

1. CISA Organizational Update & Congressional Hearings

[01:20 - 03:55]

CISA’s Acting Director Madhu Gadamukkala told the House Homeland Security Committee the agency has stabilized after 2025’s staff cuts, funding disruptions, and internal restructuring.
- CISA staff shrank to 2,400, down 1,000 from the start of the Trump administration.
- Quote: “[CISA] does not expect further organizational changes in fiscal year 2026 ... [and] now has the workforce it needs.” — Gadamukkala [02:30]
- Republicans praised a more focused operational scope, while Democrats warned further budget cuts threaten civilian cyber defense.
- Looming DHS funding showdown anticipated.

2. Major Vulnerabilities & Exploits in the Wild

[03:56 - 07:10]

Google Chrome / Chromium Browsers:
- Emergency update fixes a critical V8 JavaScript engine “race condition” allowing sandbox escapes and code execution (patch released Jan 20, 2026).
- Advice: Users urged to update immediately.
Cisco Enterprise Communications:
- Emergency patches for unauthenticated code injection in web-based management interfaces. No workarounds available; patching is mandatory.
- Products affected: Unified Communications Manager, Unity Connection, WebEx Calling Dedicated Instance.
Fortinet FortiGate Firewalls:
- Ongoing automated attacks exploit a possible unknown vulnerability in FortiGate’s SSO feature, creating rogue accounts and exporting firewall configs.
- Quote: “Arctic Wolf says it remains unclear whether current attacks are fully addressed by existing patches ... Fortinet is expected to release additional updates.” [06:04]
- Exposure: Nearly 11,000 devices online at risk per Shadowserver.
- Advice: Disable FortiCloud SSO as interim mitigation.

3. Social Engineering Campaigns and Attacker Trends

[07:11 - 09:22]

Zendesk Relay Spam:
- Attackers exploit unsecured Zendesk support settings to turn ticketing systems into spam engines, flooding inboxes with hundreds of strange/fake emails.
- Bypasses spam filters by leveraging trusted brands (Discord, Dropbox, Riot Games affected).
- Zendesk is rolling out fixes and recommends restricting ticketing to verified users.
LastPass Phishing Wave:
- Ongoing campaign sending fake LastPass notifications demanding urgent password vault backups, directing to credential-stealing sites.
- Advice: LastPass never asks for the master password; users must avoid urgency-fueled prompts.
- Quote: “A compromised master password could expose many additional accounts.” [09:00]

4. Arrest in Greek Cell Tower Scam

[09:23 - 10:39]

Greek police arrested two foreign nationals suspected of running an “SMS blaster” that impersonated mobile telecom towers using a mobile computer and concealed antenna.
- Tactics: Forced phones from 4G to insecure 2G, collected identities, used data for smishing (fraudulent SMS phishing).

5. Davos Developments: AI and Quantum Risk

[10:40 - 12:30]

AI Security Concerns:
- EY’s Raj Sharma: Criticizes immaturity of AI agent security frameworks—agents can access critical data with poor identity controls.
- KPMG’s Tim Walsh: AI-related cyber risk is a top CEO concern and is slowing some AI adoption; flags quantum computing as a looming encryption threat.
  - Quote: “Quantum computing ... could break current encryption and force widespread reengineering.” —Tim Walsh [11:34]

6. Pwn2Own Automotive 2026: Hacking Cars for Cash

[12:31 - 13:57]

Day 2 saw $439,000+ in prizes for successful car and charger hacks—total for two days over $955,000.
Targets: EV chargers, car infotainment systems, automotive-grade Linux.
Teams: Fuzzware IO led with $213,000; Tesla tech featured.
Vendors now have 90 days to patch bugs found at the event.

Featured Interview: Kaushik Deveretti on Fake ChatGPT Browser Installer

[14:44 - 21:43]

Background

Kaushik Deveretti, AI Data Scientist at Fable Security, describes exploring a new “AI browser” tool (ChatGPT Atlas) and running into a cleverly disguised malware campaign via Google Ads.

Key Discussion Points

Discovery of the Attack
- On searching for “ChatGPT Atlas,” Deveretti noticed the top (sponsored) Google ad was a fake but visually identical website, hosted on Google Sites.
- Quote: “There was really no way to tell that this was a malicious website other than the domain itself not being chatgpts.” — Deveretti [15:54]
Attack Mechanics: “ClickFix” Twist
- Clicking “download” led not to a file, but instructions to run a terminal command on the user’s machine; command was encoded in base64 and fetched a remote script (malware).
- Novelty: Traditional “clickfix” attacks mimic troubleshooting/fixes, but this one presented as a legitimate installer workflow.
- Quote: “The deception strategy and the entry point was very different from a traditional clickfix attack.” — Deveretti [16:54]
Execution and Analysis
- The download process required the user’s system password to proceed—suggesting elevated privileges were needed for malware persistence.
- Upload to VirusTotal found no matches; EDR solution failed to flag it as malicious.
- Quote: “The EDR did not pick up that it was a malicious file.” — Deveretti [19:23]
Defense and Takeaways
- Awareness: Don’t run commands from untrusted sources, especially via copy-paste in terminal.
- Technical Controls: Restrict terminal/root access for non-developer users where possible.
- Layered Approach: Technical safeguards are important, but awareness and education are vital for users with legitimate need for elevated access (e.g., developers).
- Quote: “I think at a very basic level we should be educating people that they should not be running arbitrary commands on their computer.” — Deveretti [20:27]

Notable Q&A

Host (Dave Bittner):
- “As a Mac user…for someone to ask you to invoke the terminal and enter a command—that rarely happens. So that was a red flag for you.” [19:35]
- Deveretti: “Correct. ...You should never run an arbitrary shell command on your computer...unless you're absolutely sure you know what it's doing.” [19:53]

Additional Security Insights

Common Passwords Remain Unchanged

[24:30 - 25:45]

Analysis of 6 billion leaked credentials: most common passwords are still “123456,” “password,” and “admin” (both personal and enterprise systems).
- Numeric strings and trivial passwords remain prevalent, creating easy targets for attackers.
- “Attackers innovate, users reuse, and security teams clean up the mess.” [25:44]

Memorable Quotes & Moments

On CISA’s approach:
- “We now have the workforce we need and plan targeted initiatives in 2026 to address the most critical cyber risk gaps.” — Madhu Gadamukkala [02:34]
On the click-fix malware evolution:
- “While clickfix attacks are well known, the deception strategy and the entry point was very different from a traditional clickfix attack.” — Kaushik Deveretti [16:54]
On end-user best practice:
- “Never run an arbitrary shell command on your computer unless…you’re absolutely sure you know what it’s doing.” — Kaushik Deveretti [19:53]
On persistent password problems:
- “Attackers innovate, users reuse, and security teams clean up the mess.” [25:44]

Timestamps for Key Segments

CISA Stabilization & Congressional Testimony: 01:20 – 03:55
Major Vulnerability and Patch Alerts: 03:56 – 07:10
Social Engineering / Spam & Phishing Campaigns: 07:11 – 09:22
Greek Cell Tower Scam Arrests: 09:23 – 10:39
AI and Quantum Risk at Davos: 10:40 – 12:30
Pwn2Own Automotive Bug Bounties: 12:31 – 13:57
Featured Interview – Malware in Fake AI Installers: 14:44 – 21:43
Password Trends Analysis: 24:30 – 25:45

Closing Takeaways

Enterprise and personal cyber hygiene continue to be challenged by attacker innovation and end-user habits.
Fake installers and lookalike websites are rapidly evolving and now leverage search ads and AI hype.
Continuous education—not just technical controls—remains critical for risk mitigation, especially as attackers pivot to new lures and vectors.
AI’s intersection with cyber risk is now a front-and-center boardroom priority, with quantum computing on the horizon as a potential encryption game-changer.

For links to all referenced stories, visit TheCyberWire.com.

Transcript

A (0:02)

You're listening to the Cyberwire Network, powered by N2K.

B (0:14)

Most security conferences talk about Zero Trust Zero Trust World puts you inside this is a hands on cybersecurity event designed for practitioners who want real skills, not just theory. You'll take part in live hacking labs where you'll attack real environments, see how modern threats actually work and learn how to stop them before they turn into incidents. But Zero Trust World is more than labs. You'll also experience expert led sessions, practical case studies and technical deep dives focused on real world implementation. Whether you're blue team, red team, or responsible for securing an entire organization, the content is built to be immediately useful. You'll earn CPE credits, connect with peers across the industry and leave with strategies you can put into action right away. Join us March 4th through the 6th in Orlando, Florida. Register now@ZTW.com and take your Zero Trust strategy from theory to execution. CISA's acting director assures Congress the agency has stabilized. Google and Cisco patch critical vulnerabilities. Fortinet firewalls are being hit by automated attacks. A global spam campaign leverages unsecured ZenDesk support systems. LastPass warns of attempted account takeovers. Greek authorities make arrests in a sophisticated fake cell tower scam. Executives at Davos express concerns over AI honed to own automotive proves profitable. Our guest is Kashyyyk Devaretti, AI data scientist at Fable Security with insights on chat, GPT installer and new password. Same as the old password. It's Thursday, january 22, 2026. I'm dave bittner and this is your cyberwire intel brief. Thanks for joining us here today. It's great to have you with us. The US Cybersecurity and Infrastructure Security Agency is working to refocus on its core mission after a turbulent year marked by staffing losses, funding disruptions and internal restructuring. Acting Director Madhu Gadamukkala told the House Homeland Security Committee that the agency has stabilized and does not expect further organizational changes in fiscal year 2026. CISA now employs more than 2,400 staff, roughly a thousand fewer than at the start of the Trump administration. Gautamukkala said the reductions were part of a broader White House effort to shrink the federal workforce and and right size the agency, he argued. CISA now has the workforce it needs and plans targeted initiatives in 2026 to address the most critical cyber risk gaps. Republicans praised a narrower operational focus, while Democrats warned proposed budget cuts could weaken civilian cyber defenses as foreign threats persist. Funding debates for the Department of Homeland Security, including cisa, are expected to intensify ahead of a looming shutdown. Dead line Google has released an urgent update for Chrome and other Chromium based browsers to fix a high severity flaw in the V8 JavaScript engine. The vulnerability is a race condition that allows memory corruption and could enable attackers to escape the browser sandbox and run code on a user's system by luring them to a malicious site. The update, released January 20, applies to Windows, Mac OS and Linux. Users should update Chrome and Chromium based browsers immediately, according to Google. Elsewhere, Cisco has issued emergency patches for a critical vulnerability affecting its enterprise communications platforms, warning of active exploitation attempts. The flaw is an unauthenticated code injection issue in web based management interfaces that can allow attackers to execute commands and potentially gain full system control. Impacted products include Unified Communications Manager, unity connection and WebEx calling dedicated instance. Cisco says there are no workarounds and urges immediate patching. Researchers warn that Fortinet Fortigate firewalls are being hit by automated attacks that create rogue accounts and rapidly export firewall configurations. According to Arctic Wolf, the campaign began January 15th and appears to exploit an unknown weakness in Fortigate's single sign on feature, closely resembling attacks seen in December of last year. Arctic Wolf says it remains unclear whether current attacks are fully addressed by existing patches, and customer reports suggest a possible patch bypass. Fortinet is expected to release additional Fortaos updates to resolve the issue. Until then, defenders are advised to disable Forticloud sso. CISA has already flagged the earlier vulnerability as actively exploited, while Shadow server reports nearly 11,000 exposed devices online. A global spam campaign has flooded inboxes with hundreds of confusing emails generated through unsecured Zendesk support systems. The wave began Jan. 18 and abuses Zendesk's default settings. That allows unverified users to submit support tickets, which then trigger automated confirmation emails to whatever address is entered. Attackers iterated through large email lists, effectively turning legitimate customer support platforms into mass spam engines. The emails feature bizarre or alarming subject lines, including fake legal notices and promotional offers, often written with decorative Unicode text. While the messages do not contain malicious links, they bypass spam filters because they originate from trusted companies, making them particularly disruptive. Affected organizations include Discord, Dropbox, Riot games and government agencies. Zendesk says it's rolled out new safeguards to detect and limit this relay spam and advises customers to restrict ticket submissions to verified users. LastPass is warning users about an active phishing campaign designed to steal master passwords and take over accounts, according to the company's Threat Intelligence Mitigation and Escalation team. The campaign began Jan. 19 and is circulating widely. The phishing emails impersonate LastPass and claim users must urgently back up their Password vaults within 24 hours ahead of supposed maintenance. Links in the messages lead to a fake LastPass login page that captures credentials if entered. Because LastPass stores passwords for other services, a compromised master password could expose many additional accounts. LastPass says it will never ask for a master password or demand immediate action and is working with partners to take down the malicious domains. The company urges users to remain cautious, noting that false urgency is a common phishing tactic. Greek authorities have arrested two foreign nationals accused of running a sophisticated fake cell tower scam in the Athens area. According to Hellenic police officers discovered a mobile computing system hidden in a car trunk that acted as a rogue cellular base station, often called an SMS blaster. The setup, linked to a concealed roof antenna, impersonated legitimate telecom infrastructure and intercepted nearby mobile connections. Police say the suspects exploited known weaknesses in mobile network protocols, forcing phones to downgrade from 4G to less secure 2G connections. This allowed them to collect device identifiers and phone numbers, which were then used in smishing campaigns posing as banks or courier services. Authorities have tied the operation to several confirmed fraud cases in and around Athens, with investigations ongoing. Executives from EY and KPMG warned at the World Economic Forum in Davos that AI security is emerging as a major enterprise risk. EY's Raj Sharma told Business Insider that organizations are not adequately addressing the security and lifecycle management of AI agents, which can access sensitive data but lack clear identity and controls. He argued that industrial grade security frameworks for AI agents are still immature. KPMG US CEO Tim Walsh echoed those concerns, saying AI related cyber risk is now a top issue for CEOs and is slowing some AI deployments as firms reassess data protection. Walsh also flagged quantum computing as a future security threat, warning that it could break current encryption and force widespread re engineering of security systems. Day two of PWN to Own Automotive 2026 proved that hacking cars and chargers can be very profitable. Security researchers walked away with over $439,000 in prize money after popping 29 fresh zero day bugs at the event in Tokyo held during the Automotive world show. After two days total winnings hit over $955,000 across 660 days, Fuzzware IO led the pack with $213,000 thanks to successful hacks against multiple EV chargers. Other teams rooted infotainment systems, car operating systems like automotive grade, Linux, and more charging hardware. Even Tesla Tech made an appearance earlier in the contest. The fun continues on day three with more chargers and systems lined up for Attack. Vendors now have 90 days to patch before details go public, so the clock is ticking. Coming up after the break, my conversation with Kaushik Deveretti from Fable Security. We're discussing insights on a fake chat, GPT installer and new password. Same as the old password. Stick around. Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling, or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless, transform complexity into simplicity, and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire. What's your 2am Security worry? Is it do I have the right controls in place? Maybe? Are my vendors secure or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. And it fits right into your workflows. Using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently, and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber. Kaushik Devaretti is AI data scientist at Fable Security. We recently got together to discuss insights on a fake ChatGPT installer.

CyberWire Daily — "Stabilized but Smaller"

Date: January 22, 2026

Host: Dave Bittner (N2K Networks)
Guest Interview: Kaushik Deveretti, AI Data Scientist, Fable Security

Episode Overview

Key News and Analysis Segments

1. CISA Organizational Update & Congressional Hearings

[01:20 - 03:55]

CISA’s Acting Director Madhu Gadamukkala told the House Homeland Security Committee the agency has stabilized after 2025’s staff cuts, funding disruptions, and internal restructuring.
- CISA staff shrank to 2,400, down 1,000 from the start of the Trump administration.
- Quote: “[CISA] does not expect further organizational changes in fiscal year 2026 ... [and] now has the workforce it needs.” — Gadamukkala [02:30]
- Republicans praised a more focused operational scope, while Democrats warned further budget cuts threaten civilian cyber defense.
- Looming DHS funding showdown anticipated.

2. Major Vulnerabilities & Exploits in the Wild

[03:56 - 07:10]

Google Chrome / Chromium Browsers:
- Emergency update fixes a critical V8 JavaScript engine “race condition” allowing sandbox escapes and code execution (patch released Jan 20, 2026).
- Advice: Users urged to update immediately.
Cisco Enterprise Communications:
- Emergency patches for unauthenticated code injection in web-based management interfaces. No workarounds available; patching is mandatory.
- Products affected: Unified Communications Manager, Unity Connection, WebEx Calling Dedicated Instance.
Fortinet FortiGate Firewalls:
- Ongoing automated attacks exploit a possible unknown vulnerability in FortiGate’s SSO feature, creating rogue accounts and exporting firewall configs.
- Quote: “Arctic Wolf says it remains unclear whether current attacks are fully addressed by existing patches ... Fortinet is expected to release additional updates.” [06:04]
- Exposure: Nearly 11,000 devices online at risk per Shadowserver.
- Advice: Disable FortiCloud SSO as interim mitigation.

3. Social Engineering Campaigns and Attacker Trends

[07:11 - 09:22]

Zendesk Relay Spam:
- Attackers exploit unsecured Zendesk support settings to turn ticketing systems into spam engines, flooding inboxes with hundreds of strange/fake emails.
- Bypasses spam filters by leveraging trusted brands (Discord, Dropbox, Riot Games affected).
- Zendesk is rolling out fixes and recommends restricting ticketing to verified users.
LastPass Phishing Wave:
- Ongoing campaign sending fake LastPass notifications demanding urgent password vault backups, directing to credential-stealing sites.
- Advice: LastPass never asks for the master password; users must avoid urgency-fueled prompts.
- Quote: “A compromised master password could expose many additional accounts.” [09:00]

4. Arrest in Greek Cell Tower Scam

[09:23 - 10:39]

Greek police arrested two foreign nationals suspected of running an “SMS blaster” that impersonated mobile telecom towers using a mobile computer and concealed antenna.
- Tactics: Forced phones from 4G to insecure 2G, collected identities, used data for smishing (fraudulent SMS phishing).

5. Davos Developments: AI and Quantum Risk

[10:40 - 12:30]

AI Security Concerns:
- EY’s Raj Sharma: Criticizes immaturity of AI agent security frameworks—agents can access critical data with poor identity controls.
- KPMG’s Tim Walsh: AI-related cyber risk is a top CEO concern and is slowing some AI adoption; flags quantum computing as a looming encryption threat.
  - Quote: “Quantum computing ... could break current encryption and force widespread reengineering.” —Tim Walsh [11:34]

6. Pwn2Own Automotive 2026: Hacking Cars for Cash

[12:31 - 13:57]

Day 2 saw $439,000+ in prizes for successful car and charger hacks—total for two days over $955,000.
Targets: EV chargers, car infotainment systems, automotive-grade Linux.
Teams: Fuzzware IO led with $213,000; Tesla tech featured.
Vendors now have 90 days to patch bugs found at the event.

Featured Interview: Kaushik Deveretti on Fake ChatGPT Browser Installer

[14:44 - 21:43]

Background

Kaushik Deveretti, AI Data Scientist at Fable Security, describes exploring a new “AI browser” tool (ChatGPT Atlas) and running into a cleverly disguised malware campaign via Google Ads.

Key Discussion Points

Discovery of the Attack
- On searching for “ChatGPT Atlas,” Deveretti noticed the top (sponsored) Google ad was a fake but visually identical website, hosted on Google Sites.
- Quote: “There was really no way to tell that this was a malicious website other than the domain itself not being chatgpts.” — Deveretti [15:54]
Attack Mechanics: “ClickFix” Twist
- Clicking “download” led not to a file, but instructions to run a terminal command on the user’s machine; command was encoded in base64 and fetched a remote script (malware).
- Novelty: Traditional “clickfix” attacks mimic troubleshooting/fixes, but this one presented as a legitimate installer workflow.
- Quote: “The deception strategy and the entry point was very different from a traditional clickfix attack.” — Deveretti [16:54]
Execution and Analysis
- The download process required the user’s system password to proceed—suggesting elevated privileges were needed for malware persistence.
- Upload to VirusTotal found no matches; EDR solution failed to flag it as malicious.
- Quote: “The EDR did not pick up that it was a malicious file.” — Deveretti [19:23]
Defense and Takeaways
- Awareness: Don’t run commands from untrusted sources, especially via copy-paste in terminal.
- Technical Controls: Restrict terminal/root access for non-developer users where possible.
- Layered Approach: Technical safeguards are important, but awareness and education are vital for users with legitimate need for elevated access (e.g., developers).
- Quote: “I think at a very basic level we should be educating people that they should not be running arbitrary commands on their computer.” — Deveretti [20:27]

Notable Q&A

Host (Dave Bittner):
- “As a Mac user…for someone to ask you to invoke the terminal and enter a command—that rarely happens. So that was a red flag for you.” [19:35]
- Deveretti: “Correct. ...You should never run an arbitrary shell command on your computer...unless you're absolutely sure you know what it's doing.” [19:53]

Additional Security Insights

Common Passwords Remain Unchanged

[24:30 - 25:45]

Analysis of 6 billion leaked credentials: most common passwords are still “123456,” “password,” and “admin” (both personal and enterprise systems).
- Numeric strings and trivial passwords remain prevalent, creating easy targets for attackers.
- “Attackers innovate, users reuse, and security teams clean up the mess.” [25:44]

Memorable Quotes & Moments

On CISA’s approach:
- “We now have the workforce we need and plan targeted initiatives in 2026 to address the most critical cyber risk gaps.” — Madhu Gadamukkala [02:34]
On the click-fix malware evolution:
- “While clickfix attacks are well known, the deception strategy and the entry point was very different from a traditional clickfix attack.” — Kaushik Deveretti [16:54]
On end-user best practice:
- “Never run an arbitrary shell command on your computer unless…you’re absolutely sure you know what it’s doing.” — Kaushik Deveretti [19:53]
On persistent password problems:
- “Attackers innovate, users reuse, and security teams clean up the mess.” [25:44]

Timestamps for Key Segments

CISA Stabilization & Congressional Testimony: 01:20 – 03:55
Major Vulnerability and Patch Alerts: 03:56 – 07:10
Social Engineering / Spam & Phishing Campaigns: 07:11 – 09:22
Greek Cell Tower Scam Arrests: 09:23 – 10:39
AI and Quantum Risk at Davos: 10:40 – 12:30
Pwn2Own Automotive Bug Bounties: 12:31 – 13:57
Featured Interview – Malware in Fake AI Installers: 14:44 – 21:43
Password Trends Analysis: 24:30 – 25:45

Closing Takeaways

Enterprise and personal cyber hygiene continue to be challenged by attacker innovation and end-user habits.
Fake installers and lookalike websites are rapidly evolving and now leverage search ads and AI hype.
Continuous education—not just technical controls—remains critical for risk mitigation, especially as attackers pivot to new lures and vectors.
AI’s intersection with cyber risk is now a front-and-center boardroom priority, with quantum computing on the horizon as a potential encryption game-changer.

For links to all referenced stories, visit TheCyberWire.com.

Stabilized but smaller.

Summary

CyberWire Daily — "Stabilized but Smaller"

Date: January 22, 2026

Episode Overview

Key News and Analysis Segments

1. CISA Organizational Update & Congressional Hearings

2. Major Vulnerabilities & Exploits in the Wild

3. Social Engineering Campaigns and Attacker Trends

4. Arrest in Greek Cell Tower Scam

5. Davos Developments: AI and Quantum Risk

6. Pwn2Own Automotive 2026: Hacking Cars for Cash

Featured Interview: Kaushik Deveretti on Fake ChatGPT Browser Installer

Background

Key Discussion Points

Notable Q&A

Additional Security Insights

Common Passwords Remain Unchanged

Memorable Quotes & Moments

Timestamps for Key Segments

Closing Takeaways

Transcript

Summary

CyberWire Daily — "Stabilized but Smaller"

Date: January 22, 2026

Episode Overview

Key News and Analysis Segments

1. CISA Organizational Update & Congressional Hearings

2. Major Vulnerabilities & Exploits in the Wild

3. Social Engineering Campaigns and Attacker Trends

4. Arrest in Greek Cell Tower Scam

5. Davos Developments: AI and Quantum Risk

6. Pwn2Own Automotive 2026: Hacking Cars for Cash

Featured Interview: Kaushik Deveretti on Fake ChatGPT Browser Installer

Background

Key Discussion Points

Notable Q&A

Additional Security Insights

Common Passwords Remain Unchanged

Memorable Quotes & Moments

Timestamps for Key Segments

Closing Takeaways