Daily Cyber Threat Brief (Ep. 1050) – January 20, 2026

Host: Dr. Gerald Auger, Simply Cyber Media Group
Co-host (Jawjacking/Q&A): Eric Taylor, Barricade Cyber
Episode Theme:
A fast-paced rundown of the day's top eight cyber security news stories, including critical vulnerabilities, threat actor activity, policy intrigue among US federal cyber leadership, and practical perspectives for practitioners at all stages of their careers. This episode mixes expert GRC insights, tool explainers, and career Q&A in a friendly, energetic community setting.

Main Episode Structure

• [00:01–12:00]: Community intro, framework for the show, and CPE info
• [12:00–54:27]: Top Cyber News Stories & Professional Analysis
• [54:27–58:56]: Closing remarks, special segments, and upcoming event teasers
• [58:56–End]: “Jawjacking" – Open Q&A with Eric Taylor

Key Discussion Points & Insights

Community Vibe & Show Setup (00:01–12:00)

• Host Gerald encourages both newcomers and veterans to participate, drop “#firsttimer” in chat, and collect CPE credits for attendance.
• Quote: “Every single episode…is worth half a CPE. Say what’s up in chat, grab a screenshot … That’s how many CPEs you get.”—Gerald, (06:00)
• Emphasizes the show’s no-prep, real-world approach: responding to stories live for authentic analysis.

1. Google Gemini AI Prompt Injection Exposes Calendar Info (12:00–18:04)

• Story: Researchers found that prompt injection in Google Gemini (AI assistant) let attackers embed hidden instructions in calendar invites, exposing event info to attackers.
• Analysis: Gerald explores “so what?”—risks are relatively low if no secrets in calendar, but attacks could escalate if AI is abused to cross-reference with emails.
• Quote: “Don’t let it read it is not the answer … Let it read within the conditional access of who is asking. That’s a much more complicated problem.”—Gerald, (15:00)
• Practical takeaway: AI assistants' permissions must be tightly scoped; risk grows if other data types can be cross-leaked.

2. Hacker Admits to Supreme Court E-Filing System Breach (18:04–22:40)

• Story: 24-year-old Nicholas Moore plead guilty to hacking SCOTUS’s e-filing system with stolen credentials, posting breaches on Instagram.
• Analysis: Basic credential stuffing, not advanced; lack of MFA is appalling for the Supreme Court.
• Quote: “Not having MFA for the Supreme Court in 2026 is ridiculous … absolutely egregious.”—Gerald, (20:00)
• Tip: MFA is non-negotiable, especially in high-value targets; public bragging = swift arrest.

3. “PDF Cider” Backdoor Malware - DLL Sideloading Stings (22:40–31:24)

• Story: REsecurity reports a new backdoor, “PDF Cider,” using DLL sideloading in spearphishing attacks, focusing on stealth and persistence.
• Analysis: Gerald delivers a primer on DLL functionality, why DLL sideloading works, and how attackers slip malicious code into trusted workflows.
• Quote: “If you get an email with a ZIP attached, just delete it.”—Gerald, (27:30)
• Detection Tips: Watch for abnormal cmd.exe child processes from supposed PDF tools; monitor anomalous DNS traffic for C2.

4. CISA Officer Showdown – Power Struggle at the Top (31:24–36:05)

• Story: Acting CISA director Madhu Godamakala tried to force out CIO Robert Costello, only for efforts to be blocked by DHS higher-ups; layers of political drama involving failed polygraphs and staff suspensions.
• Analysis: Internal power struggles have little impact on the audience’s daily cyber risk management but highlight the sometimes chaotic world of public-sector security leadership.
• Quote: “If you like soapy drama … get your popcorn!”—Gerald, (32:30)
• Takeaway: Focus on local risk, not leadership drama, but monitor if it causes policy or resource impacts.

5. International Malware Broker Busted (40:33–46:09)

• Story: Jordanian national “R1Z” pleaded guilty to selling initial access/malware to undercover FBI, exposing himself via poor operational security.
• Analysis: Strong operational lessons: Live demos reveal IPs; OPSEC mistakes lead to quick attribution and arrest—even internationally.
• Quote: “If you’re going to take risks like this … I don’t know, man.”—Gerald, (44:30)
• Law Enforcement: Global reach and technical sophistication growing.

6. Ingram Micro Ransomware Breach Update – SafePay Rising (46:09–49:24)

• Story: Ingram Micro reveals 42,000+ affected in July 2025’s ransomware attack; emerging group “SafePay” steps into the vacuum left by blackbasta/lockbit.
• Analysis: When one crime crew falls, another rises to fill the gap; keep “SafePay” on your watchlist.
• Quote: “For any threat actor group, I like to go directly to MITRE ATT&CK and just see if they’re in here…”—Gerald, (48:00)
• Tip: Monitor upstarts after high-profile takedowns.

7. TP-Link “Vigi” Camera Auth Bypass (49:24–53:44)

• Story: Critical auth bypass lets LAN attackers reset admin passwords on 32+ TP-Link camera models; patching is urgent.
• Analysis: Gerald contextualizes: real risk for exposed or poorly segmented networks, a big headache for remote/unattended deployments.
• Quote: “You gotta patch it … but this is not ‘kick in the CIO’s door’ emergency material.”—Gerald, (51:00)
• Tip: Practice IoT/device network segmentation; enable auto-updates wherever possible.

8. Microsoft Windows 11 Shutdown Out-of-Band Patch (53:44–54:27)

• Story: Emergency OOB patch for shutdown/restart/hibernation failures post-January Patch Tuesday; patch ASAP.
• Analysis: Out-of-band (OOB) releases signal real urgency; coordinate with IT to double-check coverage, expect patch stragglers.
• Quote: “If Microsoft sends out an out-of-band patch … this is directly related to urgency.”—Gerald, (54:20)
• Tip: Double-check all endpoints, not all will patch on first try.

Bonus Segments & Career/Community Moments

Sponsor & Community Engagement Shoutouts (Throughout)

• Strong encouragement to support sponsors (ThreatLocker, Anti-Siphon, Area, Flare) not just for funding but for access to their thought leadership and free training events.
• Personal and fun segments: “Tidbits Tuesday” (Patriots fan), first-timer shoutouts, CPE how-to moments.

Jawjacking Q&A Session with Eric Taylor (58:56–End)

EPSScore Lookup Tool v2.5 Announcement

• [01:00:00+] Eric demos a free tool for CVE risk scoping, pulling in KEV, ransomware associations, threat actors, and real EPSScore trending.
• Quote: "This is the likelihood for exploitable vulnerability … I think this tool is pretty much done, but if I'm missing something, let me know."—Eric, (01:01:30)
• Plans for bulk search/paid version (~Valentine’s Day) at low cost for serious Blue Teamers.

Listener Career & Technical Questions:

• How to approach skill/certification renewal?—Don’t stress over expiration unless mandated by employer/client; show transparency.
• Generalist vs. Specialist in Cybersecurity?—Be a generalist early, then specialize for long-term value and higher demand.
  • “Specialization … I think holds more weight when you have a specialization than a jack of all trades.”—Eric, (01:35:30)
• Lab Hardware/Home Labs:—Cloud sandboxes (Azure/AWS Marketplace) are highly recommended over pricey local hardware.
• Forgetting technical knowledge (e.g., networking):—True for everyone; remember the big stuff, be honest if you forget rarely-used details.
• Entry-level interviews (e.g., CTI):—Know the company’s clients, typical alerting requirements, and ask “What does success look like in this role at 30/60/90 days?”
• Personal Insights:—Eric prefers Ubuntu, prizes stability over bleeding-edge tinker toys ("sometimes you just need the crap to work, especially when you’ve been in the industry for so long”).
• Product mentions:—Quick demos/recommendations for practical tools (e.g., Wolfbox air blower for keyboards).

Notable Quotes & Memorable Moments

• “Not having MFA for the Supreme Court in 2026 is ridiculous…it’s egregious.” (20:00)
• “If you get an email with a ZIP attached to it…just delete it.” (27:30)
• “If you’re going to take risks like this…I don’t know, man.” (44:30)
• “If Microsoft sends out an out-of-band patch…there’s urgency. Get this applied. Period. Full stop.” (54:20)
• On drama at CISA: “If you like soapy drama, get your popcorn!” (32:30)
• On career direction: “Long term, specialization is the absolute way to go.” (01:35:30)
• On practical tool-building: “Sometimes you just need the crap to work, especially when you’ve been in the industry for so long.” (01:30:00)

Timestamps for Major Segments

• 00:01: Show intro, CPE, first-timer mentions
• 12:00: News stories begin (Google Gemini prompt injection)
• 18:04: Supreme Court breach (lack of MFA)
• 22:40: PDF Cider malware breakdown
• 31:24: CISA director/CIO tussle
• 40:33: International malware broker busted
• 46:09: Ingram Micro/SafePay ransomware
• 49:24: TP-Link camera vuln
• 53:44: Microsoft OOB patch
• 58:56: Jawjacking Q&A (Eric Taylor)
• 1:01:00: EPSScore Lookup Tool demo

Practical Takeaways

1. AI/Automation: Carefully scope permissions for non-human identities; AI workflow bugs can be subtle but significant.
2. Credential Security: MFA blocks most basic attacks; not having it is unacceptable for critical infrastructure.
3. Malware Defenses: User training, proper endpoint monitoring for abnormal process behaviors (e.g., unexpected cmd.exe); watch DNS for C2 anomalies.
4. Patch Management: Prioritize vendor-released OOB patches; always expect a small lagging population.
5. Career Growth: Be honest about skill gaps, specialize as you evolve, and let curiosity and community raise you up.

Tone and Final Impressions

The episode crackled with Gerald’s signature energy (“Did we just become best friends? Yep!”), blending real-world GRC insight with actionable technical breakdowns and large doses of encouragement. No-nonsense, jargon-busting explanations for complicated topics like DLL sideloading and AI risk, and a genuine commitment to raising participants’ skills and confidence—plus a healthy amount of camaraderie and laughs.

Perfect for security pros who want to both stay sharp technically and invest in long-term career growth with a welcoming cyber community.

For upcoming events, new tools, and continued community Q&A, check out Simply Cyber’s Discord, LinkedIn, and daily livestreams.