Podcast Summary: Daily Cyber Threat Brief — Jan 13’s Top Cyber News NOW! (Ep 1045)
Date: January 13, 2026
Host: Gerald (Jerry) Auger, Ph.D.
Guest Contributor: Eric Taylor (Barricade Cyber)
Producer: Simply Cyber Media Group
Main Theme: Rapid-fire analysis of the day’s most relevant cybersecurity stories, expert breakdowns, and actionable insights for practitioners.
Episode Overview
This episode features Jerry Auger and community contributors breaking down the top eight cybersecurity news stories for January 13, 2026. With his hallmark humor and accessible explanations, Jerry walks through major incidents from API abuses to supply chain attacks, weaving in practical advice, deep dives, and community participation. Eric Taylor joins for a robust Q&A session (Jawjacking) to discuss emerging trends and career advice, making this episode valuable for both newcomers and seasoned security professionals.
Key Stories & Insights
1. Instagram Data Incident: "Not a Breach, Just API Abuse"
[11:08–19:10]
- Incident: Instagram users reported mass password reset emails after claims of a data leak targeting over 17 million accounts.
- Meta/Instagram Response: Called it a "bug, not a breach"—no password exposure, but scraped public profile data.
- Analysis (Jerry):
- APIs are powerful but can be abused for scraping unless proper rate-limiting/throttling is enforced.
- Only "around 1%" of accounts affected; most scraped info was public, but some emails/phone numbers could increase phishing risk.
- Quote:
“So APIs are powerful...and that’s why APIs are so powerful and so useful.” (13:00)
“Your account was not compromised on Instagram. Just threat actors have information to be able to do phishing attacks on you.” (18:00)
- Practical Takeaway: Enable MFA and avoid password reuse to reduce risk from credential stuffing.
2. Swedish IT Consultant Accused of Espionage for Russia
[19:10–23:58]
- Incident: Swedish authorities detained a former IT consultant for the armed forces, suspecting prolonged spying for Russian intelligence.
- Analysis (Jerry):
- Media lacked technical details, but the case highlights the perennial risk of insider threats, especially among privileged IT users.
- Enforces “least privilege” best practices regardless of personal trust.
- Quote:
“This is why insider threat is a real thing... You have to separate familiarity, friendship, camaraderie with just sterile best practices for identity and access." (21:30)
- Advice: Use DLP, logging, anomalous behavior detection for monitoring privileged users.
3. Supply Chain Attack: Malicious npm Packages Target N8N Workflows
[23:58–30:45]
- Incident: Attackers uploaded eight malicious npm packages masquerading as N8N workflow integrations, stealing OAuth tokens and credentials.
- Analysis (Jerry):
- Risks of using open-source/community-contributed nodes: too easy for attackers to seed malicious functionality.
- Guidance to "audit before install" is unrealistic for non-expert users.
- Quote:
"Do you know how many people would know what to look for?…This guidance right here on managing risk isn’t going to happen." (29:24)
- Recommendation: N8N or similar platforms must implement automated code review and repository controls.
4. Block CISO Red Teams Their Own AI Agent
[30:45–34:28]
- Incident: Block’s CISO red-teamed their internal Goose AI agent, successfully causing it to execute an infostealer using prompt injection.
- Analysis (Jerry & Eric):
- This case marks a shift: AI agents are now a viable attack vector and must be evaluated like human users.
- Similar to pentesting for human vulnerabilities, companies must now red team AI for prompt injection, adversarial inputs, etc.
- Quote:
"2025 was the year of human in the loop. And I guess 2026 is human, get out of the way." (31:34) “If I was a threat actor, I would read this story like ‘ooh, AI agent’s gonna do my job.’” (32:33, Eric)
- Takeaway: All internal AI agents require rigorous testing and ongoing monitoring.
5. University of Hawaii Cancer Center Ransomware Attack
[42:26–48:30]
- Incident: August attack led to theft of research files (including 1990s-era participant SSNs); UH paid for a decryptor and "deletion" of stolen data.
- Analysis (Jerry):
- Emphasized best practices: immediately disconnect affected systems to prevent lateral movement.
- Expressed skepticism about threat actors’ promises to "delete" stolen data.
- Reminded listeners about the unpredictability of decryption keys’ efficacy.
- Quote:
“If the decryption key doesn’t work or they don’t delete your data securely, they don’t care. They’re not looking to get five stars on Yelp.” (46:20)
- Advice: Test backups and practice resiliency, not just prevention.
6. LLM (Large Language Model) Recon and Fingerprinting Campaigns
[48:30–55:07]
- Incident: Researchers found two global campaigns probing ~100,000 exposed LLM services, primarily for reconnaissance and mapping.
- Analysis (Jerry):
- Recognized as "step one" of the cyber kill chain—classic large-scale recon for future exploitation.
- Guidance on blocking known OAST domains/IPs is a stopgap, easily circumvented by dedicated actors.
- Quote:
“When we see the story here...that your defense is to block domain names and IP addresses—I mean, you’re just rearranging deck chairs on the Titanic.” (53:51)
- Takeaway: Secure your APIs and restrict access; don’t rely only on reactive blocklists.
7. Spanish Utility Andesa Hit With Data Breach
[55:07–59:35]
- Incident: Hackers accessed Spain’s largest electric utility’s customer platform, exposing PII (including banking data).
- Analysis (Jerry):
- Praised company’s response (disabling accounts, log analysis, notifications, heightened monitoring).
- Critiqued PR spin around “no evidence of fraud” while massive data is advertised for sale.
- Quote:
“No evidence of fraudulent use? Threat actors...try not to give you evidence because that would be disclosing their operation.” (58:03)
- Practical Advice: Recognize difference between PR/official statements and threat reality.
8. Dutch "Cocaine Smuggling Hacker" Jailed
[60:28–61:14]
- Story: Dutch court sentences a hacker to 7 years for using USB-planted malware in port systems to enable drug shipments.
- Analysis (Jerry):
- Classic cyber-physical crime: insider cooperation, USB drop, false transport orders.
- Remarkably elaborate, underscoring the importance of awareness and USB/media controls in OT environments.
- Quote:
“The guy used a malicious USB, plugged it in so he could smuggle coke...1986 is on line one!” (61:14)
- Takeaway: Even non-glamorous attack vectors (like USB) remain potent; reinforce employee security awareness, especially in critical infrastructure.
Notable Quotes & Memorable Moments
-
On API Abuse:
“Instead of encouraging your users to enable MFA, why don’t you require—oh, I don’t know! That’s a crazy thought.” (12:03, Jerry)
-
On Incident Response:
“Just because you say you have backups, have you tested your backups? This is gonna—welcome to my TED talk.” (approx. 1:45:00, Eric in Jawjacking)
-
On the AI Threat Landscape:
“AI, AI, AI—like, everywhere...2026 is just going to be wall-to-wall AI security.” (approx. 1:38:20, Eric)
-
Fun Community Engagement:
- “It’s Tidbits Tuesday!” (11:03)
- “Looks like two-thirds of us sleep with the fan on. Very cool.” (49:33)
Community Q&A and Career Segment (Jawjacking with Eric Taylor)
[67:51–end]:
- Career Guidance: Advice on breaking into GRC, resume tips (see Simply Cyber’s GRC Analyst Masterclass and Jason Blanchard’s materials).
- EPSS Lookup Tool Demo: Eric walks through their new free vulnerability prioritization tool, including upcoming threat actor intelligence features.
- Ransomware Recovery Best Practices: “Restoring from backups isn’t always possible. Test your backups, and remember time/cost business calculations also affect whether a ransom is paid.” (Approx. 1:43:30)
- Security Trends for 2026:
- AI agent security, recon campaigns, geopolitics influencing cybercrime, need for independent threat intelligence and careful narrative interpretation.
Timestamps for Major Segments
- Show Introduction & Community Banter: 00:01–11:02
- Instagram API Abuse Deep Dive: 11:08–19:10
- Swedish Consultant Espionage Case: 19:10–23:58
- N8N Malicious Packages & Supply Chain Risks: 23:58–30:45
- Block’s AI Red Teaming Story: 30:45–34:28
- Community Engagement ("Tidbits Tuesday"): 35:02–42:26
- University of Hawaii Ransomware: 42:26–48:30
- LLM Reconnaissance Campaigns: 48:30–55:07
- Andesa Utility Data Breach: 55:07–59:35
- Dutch Port Hacking & Drug Smuggling: 60:28–61:14
- Jawjacking Q&A with Eric Taylor: 67:51–end
Episode Tone & Closing
- Tone: Down-to-earth, humorous, inclusive—combines banter (“Space tacos! Yeet crew!”) with real technical insight.
- Community Focus: Regular callouts, polls (“Who sleeps with a fan on?”), and mentions of ways to earn CPE credits.
- Signature Closing:
“Invest in yourself. Come hang out for an hour, pick up some tips and tricks, get your LinkedIn sorted out...Till next time. Stay secure.” (End, Jerry)
- Followed by a cybersecurity-themed sea shanty and reminders to check community resources.
Useful Links Referenced
- Simply Cyber Stream & Resources: simplycyber.io/streams
- GRC Analyst Masterclass: simplycyber.io/courses
- EPSS Lookup Tool: epsslookuptool.com
- Flare Academy Webinar: Inside the Life of a Ransomware Operator (Jan 29, 11 AM–1 PM ET)
Key Takeaways
- API abuses and supply chain attacks continue to be prevalent and often misunderstood vectors.
- AI agent security and LLM reconnaissance signals new, rapidly evolving attack surfaces.
- Practical, real-world advice on controls, career growth, and community engagement featured throughout.
- Humor, community, and “real talk” make the episode accessible and actionable for all cybersecurity professionals.
For full context or to participate in future live shows, join the Simply Cyber community weekday mornings at 8 AM Eastern.