Daily Cyber Threat Brief Podcast – Ep. 1046 – January 14, 2026
Episode Overview
Host: Dr. Gerald Auger (Simply Cyber Media Group)
Main Theme:
A rapid-fire, insightful breakdown of the top cybersecurity news stories for January 14, 2026, tailored for practitioners, analysts, and business leaders. Dr. Auger leverages his deep experience in GRC and community-building to give context, actionable takeaways, and candid reactions to the latest threats, vulnerabilities, and industry developments.
Key Topics & Insights
1. Go Brute Forcer Targeting Crypto & Blockchain Projects
[17:27]
- Details:
- Check Point reports the resurgence of "Go Brute Forcer," a botnet targeting crypto/blockchain services hosted on exposed Linux platforms (FTP, MySQL, phpMyAdmin, PostgreSQL, etc.).
- Attackers exploit weak/default credentials and AI-generated server builds lacking proper configuration.
- Once in, attackers deploy web shells, IRC bots, and steal tokens from crypto wallets (notably Tron and BSC).
- Host Take:
- Not sophisticated; mirrors the Mirai botnet approach from 2015.
- AI is used to speed up scanning, not innovate new techniques.
- Not exclusive to crypto—can pivot to target anyone with exposed, poorly secured services.
- Memorable Quote:
"This is like bolting on AI to make attack sequence efficient, not AI innovating a new attack sequence... If you’re scanning your attack surface and don’t have default creds exposed, this shouldn’t get you hot and bothered." [21:00] - Actionable Advice:
- Regularly scan for exposed services (e.g., via Shodan).
- Remove default/weak credentials.
- Implement strong attack surface monitoring.
2. Android Accessibility Feature Bug
[23:03]
- Details:
- Bug with Android's 'select to speak' feature causes volume buttons to adjust accessibility volume instead of media, disrupts camera shortcuts.
- Google’s stopgap: advise users to disable the feature pending fix.
- Host Take:
- Not a significant infosec issue—primarily a user annoyance and extremely low security risk.
- "I have about 300,000 other things more important than this."
- Advice: Nearly negligible impact for security practitioners; deprioritize.
3. FCC Lets Verizon Tighten Phone Unlocking
[27:10]
- Details:
- Verizon can now lock prepaid phones for a year, and postpaid devices until contracts are paid, replacing automatic 60-day unlocking.
- Framed as a fraud deterrent, but consumer groups object.
- Host Reaction:
- Sees the move as a cash grab, not true fraud prevention.
- Memorable Quote:
“This is straight Randy Moss all day. Verizon doesn’t want you to leave... This is a money maker.” [27:51] - No real security impact; corporate/consumer friction story.
4. US Military Cyber Leadership Turmoil
[30:06]
- Details:
- Lt. Col. Jason Gargan (US Air Force) removed from Russia-focused National Mission Forces after a dispute with two-star Major General Lorna Moloch (Marine Corps), who is tipped for a top Cyber Command role.
- Ongoing senior turnover; Command lacks confirmed leader for 9+ months.
- Host Analysis:
- Highlights how senior military politics and disagreements lead to career derailment.
- Good trivia on high-ranking female generals.
- Stresses military command/duty structure.
- Not directly threat-related, more industry insider context.
5. GOGS Git Server Vulnerability—Actively Exploited
[39:53]
- Details:
- GOGS (self-hosted Git service) zero-day exploited; vulnerability allows attackers to overwrite files and execute code (tracked by CISA; patch not yet available).
- Over 700 instances known compromised.
- Symptoms: due to symlink handling in API; 100% known active exploitation.
- Host Guidance:
- Only crucial for orgs using self-hosted GOGS.
- Advice:
- If Internet-facing, shut down or firewall immediately.
- Disable open registration; review for suspicious repos (e.g., 8-char names).
- Monitor for updates and detection rules.
- Memorable Quote:
“If you are running GOGS and it’s Internet-facing, I would shut it down... You’re riding dirty.” [45:56]
6. Advanced Web Skimming Operation (Credit Card Theft)
[46:32]
- Details:
- Silent Push reports a sophisticated, long-running Magecart-style campaign, targeting checkout pages on WordPress and other e-commerce tech.
- Obfuscated JavaScript skims credit card info, self-destructs if detected, creates fake Stripe forms, and deduplicates victims.
- Hosted on a Dutch bulletproof service (surprisingly, given Dutch NATO status).
- Host Insights:
- Technical admiration for threat actor sophistication, but firm condemnation.
- Notes wide reach (all major card brands, even Diners Club).
- Little end-user defense—relies on merchant vigilance and robust credit card fraud detection.
7. JP Morgan/Godman Sachs Investor Data Breach via Law Firm
[53:57]
- Details:
- Data breach at law firm Fried Frank exposes names, contact info, account numbers, SSNs, passport/Gov ID numbers of 659 private equity investors.
- JP Morgan/Goldman: their systems untouched, but affected due to third-party exposure.
- Fried Frank contained incident, called in external experts, law enforcement, and faces lawsuits.
- Host Take & Advice:
- Highlights the criticality of third-party/partner risk.
- Recommends integrating supply chain breach scenarios into tabletop exercises.
- Memorable Quote:
"JP Morgan did nothing at all in this, yet they’re being dragged into the mud because they're a huge name." [54:42] - Action point: Prepare PR and incident response for third-party breaches.
8. Betterment Crypto Scam—Third-Party Marketing Compromise
[59:18]
- Details:
- Hackers compromised a marketing provider Betterment used, sent legitimate-looking phishing emails offering to "triple your deposit" from Betterment’s subdomain.
- Resulted in theft/scams but no core Betterment system compromise.
- PR and client anger hits Betterment, not the marketing firm.
- Host Analysis:
- “Perfect case study” of how third-party risk is nearly impossible to stamp out.
- Ideal for job interviews/tabletop exercises regarding residual risk and third-party compromise.
- Memorable Quote:
“Betterment did nothing wrong, but because of third-party risk, all the phone calls, bad pub, flaming Twitter comments... they're all going to Betterment.” [59:54]
Memorable Quotes & Perspectives
- “This is just AI-enabled brute force scanning... It’s not the Russians putting their top talent on it.” (On Go Brute Forcer) [20:30]
- “If you’re running GOGS and it’s not Internet-facing, keep an eye out, maybe put some detections around it—shields up!” (On GOGS mitigation) [45:56]
- “Credit card theft used to be the hotness in the early 2000s; now it’s coming back like a rash.” (On SilentPush skimming op) [47:18]
- “Anytime you switch vendors for managed services, it is a project. But, yeah, I’d probably transition [away from Kaseya]. It’s pretty gross.” (On legacy RMM risk) [90:00]
- “What’s the best way to get better at riding a bike? Get on the bike and pedal.” (On rebuilding confidence in GRC) [89:00]
Community, Education & Engagement
- Worldwide Wednesday Farewell – Fun chat segment highlighting the global audience (final one due to Daft Punk copyright).
- CPE Opportunity – Each episode counts for half a CPE for certification holders.
- Jawjacking Q&A [Post-show, ~01:03:00+]
- Covered topics: building an IAM career, job interview strategies, vendor/AI risk assessments, balancing career and life, GRC confidence resets, handshake etiquette (!), industry entry-level misnomer.
Timestamps for Key Segments
- Go Brute Forcer botnet – 17:27
- Android bug story – 23:03
- Verizon unlocking policy – 27:10
- US Military cyber command change – 30:06
- GOGS vulnerability warning – 39:53
- Web skimming attack – 46:32
- JP Morgan / Fried Frank breach – 53:57
- Betterment marketing compromise – 59:18
- Jawjacking Q&A begins – ~01:03:00
Notable Moments
- Host’s playful, community-first approach (welcoming newcomers, running sound effects).
- Frequent use of pop-culture and sports metaphors (“Randy Moss” emoji for cash grabs; “Gordon Ramsay measuring flour” for wasted AI use).
- Candid, sometimes irreverent opinions (“Verizon: this is a cash grab, not a security play!”).
- Honest risk triage: spotlighting what’s truly urgent versus what’s FUD or distraction.
Overall Tone & Takeaways
Consistently energetic, humorous, and practical. Dr. Auger blends solid technical acumen with relatable analogies and direct advice, all while fostering an inclusive, career-focused security community.
Main Message:
The technical threats are real, but your best tools remain vigilance, community, and pragmatic risk management—not panic!
For further engagement:
- Join the daily live stream: https://simplycyber.io/streams
- Explore resources, replays, and social channels at https://simplycyber.io