Daily Cyber Threat Brief – Jan 15’s Top Cyber News NOW! (Ep 1047)
Date: January 15, 2026
Host: Dr. Gerald Auger (Simply Cyber Media Group)
Guest (Jawjacking Segment): Zach Hill (IT Career Questions, Antisyphon Training)
Episode Overview
This episode of the Daily Cyber Threat Brief delivers the top cybersecurity news stories and expert insights, targeting industry professionals, newbies, and anyone seeking to stay abreast of developments in the field. Gerald Auger, with his trademark humor and relaxed style, unpacks the day’s eight most relevant cybersecurity headlines, offering context, analysis, and career-minded discussion. The episode also features a lively “Jawjacking” segment hosted by Zach Hill, addressing community questions about infosec careers and industry challenges.
Key Discussion Points & Story Insights
1. US Weighs Expanding Cyber Warfare to Private Companies
[12:25]
- Context: The US government is considering letting private companies play a direct role in offensive cyber operations—a potential shift from "tool development" to actual hands-on digital disruption.
- Dr. Auger’s Analysis:
- “This is wild… We could do an entire Simply Cyber Firesides on this topic alone.” [12:25]
- Cites Russian and Chinese analogs—state-favored ‘private’ threat actors (e.g., Sandworm).
- Raises concerns around escalation, legal ambiguity, accountability, and the risk of uncontrolled actions by overly zealous individuals.
- Observes a major financial incentive for defense contractors: “This is straight cash, homie. Straight cash, homie.” [17:59]
- Neutral stance: “I cannot agree with it, nor disagree with it, because this is something that I want a lot of information on and understanding on what this practically will look like.” [18:55]
Memorable Quote:
“When you start having private sector companies attack other countries, well now it gets a little dicey.” — Gerald Auger [14:58]
2. China Bans US and Israeli Cybersecurity Products
[19:34]
- Context: China orders its companies to cease use of several major Western cybersecurity brands (VMware, Palo Alto, Fortinet, Check Point) citing national security concerns.
- Analysis:
- Draws parallels to US bans on Kaspersky, TikTok, TP-Link.
- Highlights China’s massive buying power; any exodus from tech products has global business impact.
- Speculates China possesses homegrown security alternatives; this move likely not leaving them “hacked naked.”
- Quick look at market impact—notes little reaction for larger firms (e.g., Palo Alto), but persistent decline for smaller ones like Rapid7.
Memorable Quote:
“There is no way in any reality, like tap into the multiverse, get Doctor Strange online, there’s no version of reality where China is gonna just open the gates and let anyone attack them.” — Gerald Auger [23:21]
3. Deadlock Ransomware Uses Blockchain Smart Contracts for C2
[26:01]
- Context: Researchers report Deadlock ransomware is leveraging Polygon smart contracts for rotating command-and-control addresses, complicating takedown and detection efforts.
- Analysis:
- Recognizes the technique as novel but the concept as an iteration of traditional C2 strategies: “All they’re using is blockchain and smart contracts and they’re sticking their C2 in there.” [30:17]
- Emphasizes defenders still need basic cyber hygiene; focus should be on preventing the initial infection, not the specifics of C2.
- Notes potential for threat-hunting by tracking the ransomware’s unique TTPs.
Memorable Quote:
“This is clever and novel. But the actual paradigm of what Deadlock ransomware is doing here is nothing new.” — Gerald Auger [32:50]
4. Microsoft and Law Enforcement Takedown RedVDS Cybercrime Market
[34:57]
- Context: Microsoft, with international partners, dismantled RedVDS—a service renting out WIndows RDP servers for use in phishing and payment diversion fraud, linked to over $40 million in US losses.
- Analysis:
- Observes the “as-a-service” trend in cybercrime parallels SaaS business models, making crime scalable.
- Notes the likely involvement of Microsoft due to its telemetry and presence in Exchange Online.
- Stresses the real-world impact of business email compromise (BEC), describing it as the second most dangerous business threat (after ransomware), with substantial but “tolerated” losses in many companies.
Memorable Quote:
“Everybody nowadays has a SaaS product, and threat actors do too.” — Gerald Auger [35:47]
5. Predator Spyware Develops Advanced Anti-Analysis Features
[45:30]
- Context: Jamf Threat Labs reveals “Predator” spyware can detect security tools and evade analysis, outperforming most other commercial spyware.
- Analysis:
- Compares Predator to Scottie Pippen and Pegasus to Michael Jordan: “Pegasus is the Michael Jordan of spyware. Predator, Scottie Pippen.” [46:10]
- Points out sustained development and profitability of Predator: “Straight cash, homie.”
- Highlights inclusion of features like detection of Frida and Netstat, suppression of crash logs, and auto-abort functions.
- Praises the mention of RITA (a BHIS tool for detecting beaconing/C2 traffic), giving context on network defense tools.
Memorable Quote:
“You continue to make it better, you refine it, you listen to your customers. It’s no different. The fact that it’s used for crime doesn’t matter.” — Gerald Auger [46:45]
6. France Fines Free Mobile €42 Million After Major Data Breach
[49:52]
- Context: France’s CNIL penalizes Free Mobile for GDPR violations after an October 2024 breach affecting 23 million users. Issues included weak VPN configurations, lack of detection, and keeping old data too long.
- Analysis:
- Emphasizes the real “teeth” of GDPR, noting its effectiveness as an enforcement mechanism across the EU.
- Identifies recurring security failures that lead to heavy penalties, especially regarding data retention.
Memorable Quote:
“GDPR looks like a great white shark… This isn’t like an elderly person with dentures.” — Gerald Auger [50:34]
7. Poland Thwarts Cyberattack on Power Grid
[51:57]
- Context: Poland claims to have stopped a December attack against its energy grid, believed to be serious and attributed to Russian actors; no technical details released.
- Analysis:
- Links the incident to Russia’s previous successful attacks on Ukrainian infrastructure.
- Notes Poland’s public disclosure may be intended as a show of resilience, rather than forensic education.
Memorable Quote:
“If anything, I’m not calling this propaganda, but this is basically a very public way for Poland to… issue a double middle finger to Russia.” — Gerald Auger [53:26]
8. VoidLink Linux Cloud Malware: Sophisticated New Threat
[54:56]
- Context: Check Point researchers find “VoidLink”—a new, cloud-focused Linux malware, reportedly developed in China. It boasts 30+ plugins for credential theft, lateral movement, anti-forensics, and more.
- Analysis:
- Asserts “this thing’s got all the hallmarks” of advanced state-backed malware.
- Advises listeners: do not assume Linux is immune—ensure EDR is deployed and watch for IOCs.
- Expresses curiosity at the Zig programming language used for development.
Memorable Quote:
“This sounds like it was made by—not AI—but like AI. Somebody asked AI to come up with the most OP version of malware…” — Gerald Auger [56:19]
Notable Quotes & Moments
- On CPEs:
“Now, normally you wouldn’t get out of bed for half a CPE, but when you do it 120 times a year, they stack up, right?” — Gerald Auger [03:23] - On sheer business incentives:
“Booz Allen, Deloitte, Accenture, KPMG, Lockheed Martin… they’re salivating at the opportunity. This is money.” — Gerald Auger [17:59] - On smart contracts for ransomware C2:
“Go look at Google’s history around when they got rid of their slogan… You youngs in chat will never know this, but Google’s slogan when it first got started was ‘do no evil.’ And they realized… they had a choice: ‘do no evil’ or make tons of money. And guess what? Their slogan is not ‘do no evil’ anymore.” — Gerald Auger [27:34] - On career and content creation: “The whole point of it is to get people to kind of see… who it is that you are, what it is you’re doing, and have basically an idea of the person you are.” — Zach Hill [77:29]
Jawjacking with Zach Hill (IT Career Questions)
[60:01–end]
Highlights:
- On physical security and cybercrime convergence:
Recommends blending online training, personal precautions, and on-premise security for companies facing cyber/physical threats [61:00]. - On budget infosec staffing and training gaps:
Recognizes prevalence and challenges of “solo runner” security staff, inability to get training, and reliance on security through obscurity [66:49]. - On starting a YouTube channel for career branding:
Strong support for putting oneself out there with content to showcase skills and dedication, stressing the changed job market in 2026 [77:29]. - On threat intelligence predictions:
Hesitant to predict far ahead, but acknowledges that “change happens every day” — especially since AI’s rise [78:40]. - On SOC team lead training:
Suggests seeking foundational security ops training and community-driven advice, especially around both technical and managerial skills [81:13].
Memorable Quotes:
“I don’t ever want to encourage people to be a YouTuber… The purpose is personal branding… to put yourself out there.” — Zach Hill [77:56]
“There are organizations out there that believe in training. For as many that do, there’s probably twice as many that don’t.” — Zach Hill [67:13]
Timestamps of Key Segments
| Segment | Description | Timestamp | |---|---|---| | Opening & Setup | Community intros, show structure | 00:01–11:31 | | US Cyber Warfare Privatization | Deep dive & opinions | 12:25–19:34 | | China Bans US/Israeli Security | Context, analysis | 19:34–26:01 | | Smart Contract Ransomware | Insights on Deadlock | 26:01–34:57 | | RedVDS Takedown | BEC fraud context | 34:57–41:00 | | Predator Spyware Update | Anti-analysis features | 45:30–49:52 | | Free Mobile GDPR Fine | France enforcement | 49:52–51:57 | | Polish Power Grid Attack | Attribution, speculation | 51:57–54:56 | | VoidLink Linux Malware | Details, defense | 54:56–end main segment | | Jawjacking with Zach Hill | Career advice, community Q&A | 60:01–end |
Recurring Themes & Takeaways
- Geopolitical Tensions Shape Technology Policy: Discussion of US, China, Russia, Poland, and the pervasive impact on software decisions and security priorities.
- Cybercrime Innovation: Criminal actors continue to emulate business trends (SaaS, infosec tools) and integrate cutting-edge tech (blockchain, anti-forensics, smart contracts).
- Defender Advice Remains Grounded: Host continually stresses fundamentals—MFA, password hygiene, detection, and layered defense.
- Career Progression Through Community Engagement: Both Gerald and Zach underscore the power of mutual support, continuous education, and the value of personal branding.
Summary produced for those who missed the episode, capturing major news, unique perspectives, and the original lively spirit. Stay secure!