Daily Cyber Threat Brief – Episode 1048 Summary

Podcast: Daily Cyber Threat Brief
Host: Dr. Gerald "Jerry" Auger, Ph.D. (a.k.a. Jerry Ozier)
Date: January 16, 2026
Co-Host/Guest Panelist: James McQuiggin (a.k.a. James McQuiggin at 35,000 ft)
Theme: Top Cybersecurity News, Community Insights, and Career Guidance

Episode Overview

This episode of the Daily Cyber Threat Brief continues its mission of delivering and analyzing the most impactful cybersecurity news of the day for professionals, analysts, and business leaders. Dr. Gerald Auger hosts an engaging session punctuated by real-time chat interaction, community shoutouts, light-hearted jokes, and an in-depth, unscripted analysis of eight top cyber stories. The tone is energetic, informal, and highly educational.

Key News & Analysis

1. Jen Easterly Appointed CEO of RSA Conference

[12:34 – 18:49]

Story: Jen Easterly, decorated U.S. Army veteran and former director of CISA, has been named CEO of RSA Conference (RSAC), the cybersecurity industry’s flagship event.
Jerry’s Take (>13:35):
- Easterly's track record includes positive contributions to the sector: Known Exploited Vulnerability Catalog, prioritizing election security, CISA’s Shields Up campaign, and private-sector threat intel sharing.
- Notes on the conference: “It's very San Francisco... a lot of money going around… button-down shirts with Patagonia vests running around. It's a lot of money.” (13:51)
- Observes implications of the U.S. federal government possibly pulling out of RSAC due to Easterly’s previous political connections.
- Quote: “RSA is big, and having Jen Easterly on the marquee certainly is going to bring people in.” (15:57)

2. Palo Alto Firewall Crash Vulnerability

[18:49 – 28:31]

Story: Palo Alto Networks issues fix for a DoS flaw (CVSS 7.7) that allows attackers to crash firewalls without authentication, affecting GlobalProtect PanOS.
Insights:
- Enterprises often choose continuity over downtime: “Given the choice between being down and unable to access the Internet altogether, or being up and having no firewall at all in line, we will choose as a business having no firewall in line.” (21:23)
- Warns about attack chaining: an attacker could crash the firewall, trigger failover, then launch further attacks internally.
- Remediation: “What you need to do is patch it. Oh, you gotta patch it. Upgrade your Panos…Upgrade all the things.” (24:04)
- Scanning for vulnerabilities is common and persistent; not necessarily an indicator of targeted threats.

3. Microsoft Windows Update Causes Login Failures

[28:31 – 34:10]

Story: January’s Windows update prompts connection issues for Azure Virtual Desktop and Windows 365 users connecting via the Windows app.
Analysis:
- Virtual desktops offer security and administrative advantages, but single-point-of-failure risks upon outages.
- Advice: Use this incident for a lessons-learned tabletop: “If your business was down because of this, you need to review and come up with an alternative. So if this happens again…think through it, work through it.” (33:10)

4. UK Police Blame AI for Intelligence Report Error

[34:10 – 40:02]

Story: West Midlands Police admit Microsoft Copilot AI “hallucinated” a fake soccer match in an official intelligence report; initially blamed social media or Google, but now acknowledge potential AI error.
Jerry’s Critique:
- Sharp rebuke: “If you literally just said do my job yolo enter and then go, you know, whatever...That is not okay. That is lazy. You have to validate and look through the work.” (36:00)
- Highlights that AI is a tool to augment, not replace, human analysis; affirms persistent hallucination risks even from enterprise-tier AI like Microsoft Copilot.

5. Five Eyes, CISA, FBI Warn on Industrial (OT/ICS) Cybersecurity

[46:52 – 50:51]

Story: International agencies release new guidance for securing operational technology (OT) in critical infrastructure, emphasizing increased attack surface due to internet connectivity.
Context Provided:
- Jerry references recent attacks (Poland’s grid, Volt Typhoon in U.S.) as real-world examples of OT/ICS exploitation.
- Resources Recommended:
  - Don Weber (Cutaway Security, SANS)
  - Joe Marshall (Cisco)
  - Dragos Security (reports/newsletters)
Summary: “This is not news. This is just reiterating the threat that we need to be mindful of.” (48:32)

6. South Korean Conglomerate (KyoWon) Ransomware Incident

[50:51 – 53:39]

Story: KyoWon, an education and publishing conglomerate (5.5 million members), reports a ransomware breach.
Jerry’s Visual Metaphor:
- Mergers create sprawling, messy IT infrastructures, like “combining two kitchen junk drawers” (52:10).
Advice: Be wary of security gaps post-merger/acquisition due to overlapping systems and lack of integration.

7. “Reprompt” Attack Exfiltrates Data from Microsoft Copilot

[53:45 – 56:42]

Story: Varonis researchers demonstrate a new prompt injection technique (Reprompt) that exfiltrates data from Copilot sessions, bypassing LLM data protections, via chained/multiple parameter requests.
Implications:
- Issue cannot be user-patched; requires vendor action.
- Jerry suggests this: “If you’re looking for a personal project, a research project, wanting to make some content for social media as part of your personal branding initiative and AI is super hot right now—this is a cool one to dig into.” (55:15)

8. Central Maine Healthcare Data Breach Update

[56:42 – 59:53]

Story: Over 145,000 patients notified that their PII and PHI were exfiltrated during a months-long intrusion spanning late 2024 to mid-2025.
Analysis:
- Low and slow exfiltration (likely not ransomware), indicating poor detection and lack of strong MDR (Managed Detection and Response).
- Breaches can have severe social impacts—stigma, privacy, reluctance to seek care.
- “If you do work in healthcare, just know you’re one of the top two industries getting punched in the mouth...And if you have worked in healthcare as a cyber pro, let me hear you sound off in chat because you know I’m telling the dang truth.” (59:53 ff.)

Community, Career, and Edutainment Highlights

CPE Credits & Professional Development

Jerry highlights that watching the daily show counts for 0.5 CPEs. Advises on tracking attendance and underscores the relief this brings to cyber pros needing to renew certs.
Quote: “I'm telling you right now it can be really burdensome to have to get CPEs at the last minute—you’re like taking webinars you don't even care about. It sucks.” (7:50)

Friday Fun & Engagement

First-timers: Encouraged to say “hi” and welcomed with emotes and inside jokes.
Running Gags:
- “Drink!” whenever Jerry references 1985-1997 pop culture.
- Dad Jokes supplied by James McQuiggin at the “mid-roll” (see top memorable moments).

Notable Mid-Roll/Lighter Moments

[40:38 – 46:52]

James’ Friday Dad Jokes, including:
- “Why did Jerry lose his job as a psychic? He didn’t see it coming.” (42:12)
- “Why is being a historian so bad? There’s absolutely no future in it.” (44:23)
Cruise and travel banter, especially between Jerry and James.

Community Questions & Career Guidance

[65:00 – 123:26]
(Jawjacking Segment)

Active Q&A on topics like lab projects (“Metasploitable, Kali, Portswigger Academy”), setting up GitHub for infosec, and application advice for GRC positions.
Career question: Should I post my projects on LinkedIn?
- “Yes, but use your own website/blog as the main destination... LinkedIn posts to drive attention.”
Practical networking advice; emphasis on building relationships before layoffs or “RIFs” occur.
James McQuiggin shares candidly about losing his job and the ongoing job search, doubling down on “network, network, network.”
- “When you get laid off is not when you want to start networking. You need to do it now. Be the CEO of you now.” (120:21)

Noteworthy Quotes & Timestamps

On RSA and Jen Easterly’s appointment:
- “If you like the Known Exploited Vulnerability catalog... if you like election security being a priority... then you like Jen Easterly.” – Jerry (13:56)
On AI reliance in policing:
- “Copilot is being hand jammed into your face... This is a massive Fortune 5 company's version of AI and it hallucinates. So stop, please.” – Jerry (39:25)
On the importance of patching:
- “You gotta patch it. Ah, you gotta patch it!” – Jerry, recurring
On networking:
- “No one is going to help you out more than yourself because you are the most invested and have the greatest value to realize from your own investments in yourself.” – Jerry (119:34)
On working in healthcare cybersecurity:
- “If you do work in healthcare, just know you’re one of the top two industries getting punched in the mouth. Manufacturing is the other one.” – Jerry (59:53)

Additional Memorable Moments

Live Giveaways:
- Jason Haddix (Arcanum Security) donates training courses and swag for attendees. Winners selected live—emphasizes the real-time, community-driven spirit of the show.
CruiseCon Shoutouts:
- James describes his experience at CruiseCon—an industry networking cruise for cybersecurity professionals (103:30).
Personal Branding:
- John Strand, John Hammond, Tyler Ramsby, Don Weber, and Joe Marshall recommended for insights across security domains.

Closing Thoughts

Throughout the episode, the value of staying current, engaging genuinely with the community, and continuously learning is echoed—underscored by practical incidents drawn from cyber news and direct career advice. The episode wraps up with an encouragement to invest in personal development and networking, punctuated by gratitude for the Simply Cyber community and the honest, supportive environment fostered in each live session.

Quick Reference Timestamps

| Segment | Timestamp | |--------------------------------------------------|-------------| | Episode start / Community welcome | 00:00-12:27 | | Jen Easterly / RSA Conference | 12:34-18:49 | | Palo Alto firewall DoS vulnerability | 18:49-28:31 | | Windows update login issues | 28:31-34:10 | | UK Police Copilot mistake | 34:10-40:02 | | Dad Jokes (mid-roll) | 40:38-46:52 | | OT/ICS security warning (Five Eyes, CISA, FBI) | 46:52-50:51 | | KyoWon ransomware | 50:51-53:39 | | Microsoft Copilot “Reprompt” attack | 53:45-56:42 | | Central Maine Healthcare breach | 56:42-59:53 | | Live Q&A (Jawjacking) and giveaways | 65:00-123:26 |

For cybersecurity professionals seeking actionable news, knowledge, and real-world career advice wrapped in an approachable and entertaining format, this episode delivers on all counts.

Daily Cyber Threat Brief – Episode 1048 Summary

Episode Overview

Key News & Analysis

1. Jen Easterly Appointed CEO of RSA Conference

[12:34 – 18:49]

Story: Jen Easterly, decorated U.S. Army veteran and former director of CISA, has been named CEO of RSA Conference (RSAC), the cybersecurity industry’s flagship event.
Jerry’s Take (>13:35):
- Easterly's track record includes positive contributions to the sector: Known Exploited Vulnerability Catalog, prioritizing election security, CISA’s Shields Up campaign, and private-sector threat intel sharing.
- Notes on the conference: “It's very San Francisco... a lot of money going around… button-down shirts with Patagonia vests running around. It's a lot of money.” (13:51)
- Observes implications of the U.S. federal government possibly pulling out of RSAC due to Easterly’s previous political connections.
- Quote: “RSA is big, and having Jen Easterly on the marquee certainly is going to bring people in.” (15:57)

2. Palo Alto Firewall Crash Vulnerability

[18:49 – 28:31]

Story: Palo Alto Networks issues fix for a DoS flaw (CVSS 7.7) that allows attackers to crash firewalls without authentication, affecting GlobalProtect PanOS.
Insights:
- Enterprises often choose continuity over downtime: “Given the choice between being down and unable to access the Internet altogether, or being up and having no firewall at all in line, we will choose as a business having no firewall in line.” (21:23)
- Warns about attack chaining: an attacker could crash the firewall, trigger failover, then launch further attacks internally.
- Remediation: “What you need to do is patch it. Oh, you gotta patch it. Upgrade your Panos…Upgrade all the things.” (24:04)
- Scanning for vulnerabilities is common and persistent; not necessarily an indicator of targeted threats.

3. Microsoft Windows Update Causes Login Failures

[28:31 – 34:10]

Story: January’s Windows update prompts connection issues for Azure Virtual Desktop and Windows 365 users connecting via the Windows app.
Analysis:
- Virtual desktops offer security and administrative advantages, but single-point-of-failure risks upon outages.
- Advice: Use this incident for a lessons-learned tabletop: “If your business was down because of this, you need to review and come up with an alternative. So if this happens again…think through it, work through it.” (33:10)

4. UK Police Blame AI for Intelligence Report Error

[34:10 – 40:02]

Story: West Midlands Police admit Microsoft Copilot AI “hallucinated” a fake soccer match in an official intelligence report; initially blamed social media or Google, but now acknowledge potential AI error.
Jerry’s Critique:
- Sharp rebuke: “If you literally just said do my job yolo enter and then go, you know, whatever...That is not okay. That is lazy. You have to validate and look through the work.” (36:00)
- Highlights that AI is a tool to augment, not replace, human analysis; affirms persistent hallucination risks even from enterprise-tier AI like Microsoft Copilot.

5. Five Eyes, CISA, FBI Warn on Industrial (OT/ICS) Cybersecurity

[46:52 – 50:51]

Story: International agencies release new guidance for securing operational technology (OT) in critical infrastructure, emphasizing increased attack surface due to internet connectivity.
Context Provided:
- Jerry references recent attacks (Poland’s grid, Volt Typhoon in U.S.) as real-world examples of OT/ICS exploitation.
- Resources Recommended:
  - Don Weber (Cutaway Security, SANS)
  - Joe Marshall (Cisco)
  - Dragos Security (reports/newsletters)
Summary: “This is not news. This is just reiterating the threat that we need to be mindful of.” (48:32)

6. South Korean Conglomerate (KyoWon) Ransomware Incident

[50:51 – 53:39]

Story: KyoWon, an education and publishing conglomerate (5.5 million members), reports a ransomware breach.
Jerry’s Visual Metaphor:
- Mergers create sprawling, messy IT infrastructures, like “combining two kitchen junk drawers” (52:10).
Advice: Be wary of security gaps post-merger/acquisition due to overlapping systems and lack of integration.

7. “Reprompt” Attack Exfiltrates Data from Microsoft Copilot

[53:45 – 56:42]

Story: Varonis researchers demonstrate a new prompt injection technique (Reprompt) that exfiltrates data from Copilot sessions, bypassing LLM data protections, via chained/multiple parameter requests.
Implications:
- Issue cannot be user-patched; requires vendor action.
- Jerry suggests this: “If you’re looking for a personal project, a research project, wanting to make some content for social media as part of your personal branding initiative and AI is super hot right now—this is a cool one to dig into.” (55:15)

8. Central Maine Healthcare Data Breach Update

[56:42 – 59:53]

Story: Over 145,000 patients notified that their PII and PHI were exfiltrated during a months-long intrusion spanning late 2024 to mid-2025.
Analysis:
- Low and slow exfiltration (likely not ransomware), indicating poor detection and lack of strong MDR (Managed Detection and Response).
- Breaches can have severe social impacts—stigma, privacy, reluctance to seek care.
- “If you do work in healthcare, just know you’re one of the top two industries getting punched in the mouth...And if you have worked in healthcare as a cyber pro, let me hear you sound off in chat because you know I’m telling the dang truth.” (59:53 ff.)

Community, Career, and Edutainment Highlights

CPE Credits & Professional Development

Jerry highlights that watching the daily show counts for 0.5 CPEs. Advises on tracking attendance and underscores the relief this brings to cyber pros needing to renew certs.
Quote: “I'm telling you right now it can be really burdensome to have to get CPEs at the last minute—you’re like taking webinars you don't even care about. It sucks.” (7:50)

Friday Fun & Engagement

First-timers: Encouraged to say “hi” and welcomed with emotes and inside jokes.
Running Gags:
- “Drink!” whenever Jerry references 1985-1997 pop culture.
- Dad Jokes supplied by James McQuiggin at the “mid-roll” (see top memorable moments).

Notable Mid-Roll/Lighter Moments

[40:38 – 46:52]

James’ Friday Dad Jokes, including:
- “Why did Jerry lose his job as a psychic? He didn’t see it coming.” (42:12)
- “Why is being a historian so bad? There’s absolutely no future in it.” (44:23)
Cruise and travel banter, especially between Jerry and James.

Community Questions & Career Guidance

[65:00 – 123:26]
(Jawjacking Segment)

Active Q&A on topics like lab projects (“Metasploitable, Kali, Portswigger Academy”), setting up GitHub for infosec, and application advice for GRC positions.
Career question: Should I post my projects on LinkedIn?
- “Yes, but use your own website/blog as the main destination... LinkedIn posts to drive attention.”
Practical networking advice; emphasis on building relationships before layoffs or “RIFs” occur.
James McQuiggin shares candidly about losing his job and the ongoing job search, doubling down on “network, network, network.”
- “When you get laid off is not when you want to start networking. You need to do it now. Be the CEO of you now.” (120:21)

Noteworthy Quotes & Timestamps

On RSA and Jen Easterly’s appointment:
- “If you like the Known Exploited Vulnerability catalog... if you like election security being a priority... then you like Jen Easterly.” – Jerry (13:56)
On AI reliance in policing:
- “Copilot is being hand jammed into your face... This is a massive Fortune 5 company's version of AI and it hallucinates. So stop, please.” – Jerry (39:25)
On the importance of patching:
- “You gotta patch it. Ah, you gotta patch it!” – Jerry, recurring
On networking:
- “No one is going to help you out more than yourself because you are the most invested and have the greatest value to realize from your own investments in yourself.” – Jerry (119:34)
On working in healthcare cybersecurity:
- “If you do work in healthcare, just know you’re one of the top two industries getting punched in the mouth. Manufacturing is the other one.” – Jerry (59:53)

Additional Memorable Moments

Live Giveaways:
- Jason Haddix (Arcanum Security) donates training courses and swag for attendees. Winners selected live—emphasizes the real-time, community-driven spirit of the show.
CruiseCon Shoutouts:
- James describes his experience at CruiseCon—an industry networking cruise for cybersecurity professionals (103:30).
Personal Branding:
- John Strand, John Hammond, Tyler Ramsby, Don Weber, and Joe Marshall recommended for insights across security domains.

Closing Thoughts

Quick Reference Timestamps

For cybersecurity professionals seeking actionable news, knowledge, and real-world career advice wrapped in an approachable and entertaining format, this episode delivers on all counts.

🔴 Jan 16’s Top Cyber News NOW! - Ep 1048

Powered by Wave AI

Summary

Daily Cyber Threat Brief – Episode 1048 Summary

Episode Overview

Key News & Analysis

1. Jen Easterly Appointed CEO of RSA Conference

2. Palo Alto Firewall Crash Vulnerability

3. Microsoft Windows Update Causes Login Failures

4. UK Police Blame AI for Intelligence Report Error

5. Five Eyes, CISA, FBI Warn on Industrial (OT/ICS) Cybersecurity

6. South Korean Conglomerate (KyoWon) Ransomware Incident

7. “Reprompt” Attack Exfiltrates Data from Microsoft Copilot

8. Central Maine Healthcare Data Breach Update

Community, Career, and Edutainment Highlights

CPE Credits & Professional Development

Friday Fun & Engagement

Notable Mid-Roll/Lighter Moments

Community Questions & Career Guidance

Noteworthy Quotes & Timestamps

Additional Memorable Moments

Closing Thoughts

Quick Reference Timestamps

Summary

Daily Cyber Threat Brief – Episode 1048 Summary

Episode Overview

Key News & Analysis

1. Jen Easterly Appointed CEO of RSA Conference

2. Palo Alto Firewall Crash Vulnerability

3. Microsoft Windows Update Causes Login Failures

4. UK Police Blame AI for Intelligence Report Error

5. Five Eyes, CISA, FBI Warn on Industrial (OT/ICS) Cybersecurity

6. South Korean Conglomerate (KyoWon) Ransomware Incident

7. “Reprompt” Attack Exfiltrates Data from Microsoft Copilot

8. Central Maine Healthcare Data Breach Update

Community, Career, and Edutainment Highlights

CPE Credits & Professional Development

Friday Fun & Engagement

Notable Mid-Roll/Lighter Moments

Community Questions & Career Guidance

Noteworthy Quotes & Timestamps

Additional Memorable Moments

Closing Thoughts

Quick Reference Timestamps