Daily Cyber Threat Brief — Ep 1044 Summary
Podcast: Daily Cyber Threat Brief
Host: Gerald Auger, Ph.D. (Simply Cyber Media Group)
Date: January 12, 2026
Episode Theme:
A fast-paced, community-driven review and analysis of the day’s top cybersecurity news stories. Dr. Gerald Auger offers context, practical takeaways, and light-hearted commentary, focusing on actionable intelligence for security professionals, managers, and business leaders.
Episode Overview
Gerald brings his signature blend of expertise and humor to break down the most pressing cybersecurity news for January 12, 2026. The episode covers high-profile breaches, phishing/“quishing” trends, government policy controversies, new tech admin controls, and more. Community engagement, practical advice, and key industry updates are front and center, with useful actionable tips and memorable teaching moments.
Key Discussion Points & Insights
1. Breach Forums Hacking Forum Database Leak
Timestamps: [10:17–16:04]
- Incident: The notorious Breach Forums hacking forum suffered a data breach, exposing over 300,000 user accounts including usernames, IPs, registration dates, and a PGP private key (passphrase-protected).
- Details:
- Roughly 70,000 records included public IPs, potentially aiding law enforcement.
- The breach was apparently due to an old backup exposed during a 2025 restoration, not a new compromise.
- A “Shiny Hunters” gang-branded archive appeared but the group denied involvement.
- Takeaways:
- Criminal forums are prone to the same security risks as any IT infrastructure.
“Just because these are illegal underground web marketplaces doesn’t mean it’s not a website... It doesn’t mean it can’t get hacked.” — Gerald [13:37]
- Market demand for criminal forums ensures quick replacements post-takedowns.
- Criminal forums are prone to the same security risks as any IT infrastructure.
- Practical Advice:
- “Criminals need cybersecurity too... Go check out CIS18 implementation guidance, it’ll build you a nice little framework.” — Gerald [15:16]
2. Instagram Phishing and Data Leak Scare
Timestamps: [16:04–23:31]
- Incident: Massive uptick in password reset phishing emails targeting Instagram users. A “breach” revealed 17.5 million usernames with associated info for sale on forums, though not directly from Instagram’s own systems.
- Details:
- Leaked data seems to be aggregated from marketing lists and prior leaks, enabling mapping of online accounts to real identities.
- Surge in phishing emails attempting to trick users into resetting passwords via malicious links.
- Meta (Instagram’s parent company) did not comment publicly as of episode time.
- Security Recommendation:
- NEVER click password reset links from untrusted emails.
- Always enable multi-factor authentication and unique passwords for each account.
- Notable Quote:
“Anybody you know that’s using Instagram, gotta be careful... If you’re reusing passwords, this is why you don’t reuse passwords!” — Gerald [17:45]
3. UK Government Exempts Itself from Flagship Cyber Law
Timestamps: [23:31–29:45]
- Issue: UK’s new cybersecurity bill aims to improve critical infrastructure protections but exempts central and local government bodies from compliance.
- Background:
- Critics argue this “do as I say, not as I do” approach weakens accountability, especially amid increased public sector attacks.
- Ministers claim equivalent standards exist via an internal cyber action plan.
- Hot Take:
“This seems to be very trendy in 2026 — governments doing what they want... If you work in the UK or have UK offices, this legislation may impact you.” — Gerald [24:45]
- Insight:
- Government modernization moves slowly, much like in the US. Critics are skeptical without legally binding requirements.
4. Microsoft Will Allow IT Admins to Uninstall Copilot
Timestamps: [29:45–34:32]
- Update: Microsoft is piloting a group policy to let IT admins uninstall the Copilot AI app from managed enterprise devices.
- Caveats:
- The uninstall will only apply if Copilot hasn’t been manually installed or used within the last 28 days.
- Advice:
- Don't uninstall Copilot just because you can; think about organizational needs, user adoption, and AI tool sprawl.
- Notable Quote:
“Just because you can uninstall Copilot does not mean you should... Do it with intent.” — Gerald [33:05]
5. NSA Cyber Directorate Leadership Changes
Timestamps: [39:59–43:22]
- News:
- David Imbordino appointed Acting Head of the NSA Cybersecurity Directorate.
- Holly Baroody as the new number two; Tim Kosiba as the overall NSA deputy director.
- Commentary:
“These organizations do need guidance and leadership... But to practitioners, this is interesting and forgettable at the same time.” — Gerald [40:44]
- Relevance: For daily practitioners, this change is noted but not expected to impact day-to-day security work.
6. CISA Retires Ten Old Emergency Directives
Timestamps: [43:22–48:29]
- News:
- CISA sunsetted ten emergency directives (2019–2024), saying redundancy has been addressed by the Known Exploited Vulnerabilities (KEV) catalog.
- Most directives related to Microsoft, with others covering VMware, F5, and Cisco.
- Reaction:
“No one is doing deep dive reverse engineering of malware on an asset that they found in their environment unless you work for Recorded Future... Retiring 5-year-old directives seems like a waste of energy.” — Gerald [45:07]
- Insight:
- While housekeeping is good, most security teams focus on current and emerging threats.
7. Quishing (QR Phishing) Attacks and North Korea’s Kimsuky
Timestamps: [48:29–54:42]
- Alert: FBI warns of Kimsuky using spear-phishing emails with malicious QR codes (“quishing”) to target government, think tanks, and academics.
- Attack Flow:
- Emails contain a QR code leading to fake, device-tailored phishing sites to steal credentials.
- Advice:
- Warn users not to scan QR codes from unexpected emails, especially in sensitive organizations.
- Community Tip:
“Please don’t use the term ‘quishing’ in user training... Just say: don’t scan QR codes you get in email.” — Gerald [51:26]
8. Russian APT28 (Fancy Bear) Targets Credentials via Fake Sites
Timestamps: [54:42–55:33 and following]
- Incident: Russian GRU-linked APT28 (Fancy Bear) conducting credential-harvesting campaigns against energy, policy, and think tank targets in multiple countries.
- Tactics:
- Targets are directed to convincing fake login pages, often redirected to the real site after credentials are entered (to avoid suspicion).
- Context:
- Standard phishing, notable for the sophistication and targeting, but not a new tactic.
- Takeaway Quote:
“APT28 is all about getting access to things, info stealing, credentials... They just want you to give them up, period, full stop.” — Gerald [55:13]
Notable Quotes & Memorable Moments
-
On the perpetual nature of criminal forums:
"If one goes down, another crops up immediately... They're not loyal to the brand of 'Breach Forums,' they're loyal to getting access to data." — Gerald [11:42]
-
On end-user awareness:
”If you only educate your workforce about work-related things, it's a little tone deaf... One of the best ways you can modify someone’s behavior is to personalize things.” — Gerald [20:26]
-
On aging security policies:
“I am not spending my time, or directing anyone under my management, to go look at these [old] directives and retire them. There’s bigger fish to fry.” — Gerald [47:09]
-
On QR code phishing:
“QR codes have become popular at restaurants... Just tell them: don’t scan a QR code that you get in an email.” — Gerald [51:26]
Episode Features
Community Moments (Non-news Content; Select Highlights)
- Gerald celebrates positive news about his dog (surgery outcome: benign).
- Recognition of DJ Bsec as Simply Cyber Community Member of the Week, with a personal shout-out for covering episodes during Gerald’s absence.
- Multiple tactical, real-life tips for security professionals about user education, communications, taking first steps in a new management role, and awareness strategy.
- Extended Q&A and “jawjacking” segment (post-news) with live audience.
Important Segments & Timestamps
- Breach Forums story: [10:17–16:04]
- Instagram/Phishing Awareness: [16:04–23:31]
- UK Cyber Legislation Discussion: [23:31–29:45]
- Microsoft Copilot Admin Controls: [29:45–34:32]
- NSA Leadership Changes: [39:59–43:22]
- CISA Sunset Directives: [43:22–48:29]
- Kimsuky Quishing Attacks: [48:29–54:42]
- APT28 Credential Phishing: [54:42–end of news]
Tone & Style
- Direct, community-oriented, sometimes irreverent but always instructive.
- Episodic humor (“do it!” Palpatine, Magic: the Gathering references, “drink!” inside jokes).
- Clear about practical cyber hygiene, refreshing acronyms for newcomers, and sharing relatable stories.
Final Takeaways
- Stay vigilant—credential phishing and targeted attacks continue to dominate the threat landscape.
- User awareness and communication matter—personalized, regular reminders make a difference.
- Patch and secure all systems—criminals operate insecure infrastructure, too.
- Frameworks and measurement are key—structure your cyber programs for measurable progress.
- Policy and admin controls are evolving—keep abreast of software changes and compliance issues, but act with intent.
For full context and additional “jawjacking” Q&A, tune in to the episode or join the live Simply Cyber community at 8 AM ET weekday mornings.