Daily Cyber Threat Brief – Ep 1052

Date: January 22, 2026
Host: Dr. Gerald Auger (Simply Cyber Media Group)
Special Segment: Zach Hill (IT Career Questions) on Jawjacking

Episode Overview

This episode of the Daily Cyber Threat Brief Podcast brings cybersecurity professionals and enthusiasts up to speed with the top stories of January 22, 2026. Host Gerald Auger delivers expert analysis of eight critical stories—ranging from bug bounties and ransomware campaigns to AI vulnerabilities and phishing scams—offering actionable insights for practitioners. The episode’s hallmark blend of expertise and community-driven support is reflected in listener Q&A, shoutouts, and career advice, capped by an extended “Jawjacking” AMA segment with Zach Hill.

Key Discussion Points & Insights

1. Pwn2Own Automotive: 37 Zero-Days & Tesla Hacked

• Summary: At Pwn2Own Automotive 2026, security researchers demonstrated 37 new exploits targeting electric vehicle (EV) chargers and infotainment systems—most notably, gaining root access to Tesla’s infotainment via chained flaws. Over $500k in rewards were issued.
• Analysis: Gerald commends bug bounty initiatives, calling Pwn2Own “the Olympics of security research” and highlighting their dual benefit—only rewarding for valid findings, which improves societal cybersecurity health.
• Key Takeaway: If you’re interested in hardware hacking, Pwn2Own Automotive should be “on your vision board—the top of the ladder you should be striving for.”
• Quote:

  “Bug bounties are the greatest thing ever because, from a business perspective, you’re only paying for legit findings... it’s rewarding when you do find something, you are going to get paid and get that notoriety.” (16:45)

• [14:02–19:17]

2. Massive Under Armour Breach: Everest Ransomware Group

• Summary: The Everest group stole and dumped data from 72.7 million Under Armour customer accounts, including personal and purchase info. Under Armour had not acknowledged the breach at broadcast time.
• Analysis: Gerald criticizes Under Armour’s lack of transparency, likening it to "a child playing hide and seek" and stresses the importance of acknowledging breaches post-incident for consumer trust.
• Insider Recruitment Angle: Everest’s recruitment of company insiders elevates risk—especially given how easily threat actors can identify insiders via LinkedIn and similar platforms.
• Key Takeaway (for blue teams): Strengthen insider threat protections and enforce least-privilege access. Revise offboarding policies to disable accounts immediately.
• Quote:

  “Ransomware actors are actively recruiting internal people. It’s very easy to find who works at a company. That $500,000 offer to hand over your credentials? That’s very appealing.” (22:00)

• [19:17–26:04]

3. North Korea’s “Purple Bravo” – Fake Job Interviews as Attack Vector

• Summary: North Korean threat group “Purple Bravo” conducted over 3,100 attacks using fake developer job interviews—candidates are coaxed into running malicious code during technical "tests", risking organizational compromise.
• Analysis: Gerald spotlights the intersection of deepfake technology and social engineering, mentioning a live LinkedIn example from Jason Rebh (exposed deepfake interviewer).
• Key Takeaway: Remind users: No recruiter should ever ask you to install software or perform tasks that could introduce malware during job interviews.
• Quote:

  “This is a news story about how North Korea and other Southeast Asian groups are using fake job interviews to get North Koreans fake IT jobs… or to trick people into installing malware on their computer.” (29:10)

• [26:04–30:42]

4. TikTok Canada Ban Overturned

• Summary: Canada’s federal court overturns the government order to shut down TikTok’s Canadian operations—business can continue pending further review.
• Discussion: Briefly acknowledged, minimal analysis.
• [30:42–31:20]

5. Fortinet/FortiGate Firewalls: Ongoing Exploits Despite Patches

• Summary: Attackers continue to bypass fixes for old vulnerabilities (CVE-2020-559718), with over 11,000 devices still exposed. Patches haven’t fully addressed the flaw; CISA mandates urgent action.
• Analysis: A real-world risk management challenge. Explains mitigation strategies—disable vulnerable features, increase monitoring, or accept risk.
• Analogy:

  “If you don’t go to the bar, you have zero chance of driving home under the influence... If you can’t disable [the feature] because it’s mission-critical, you have to man the wall.” (39:10)

• [36:47–41:53]

6. Olympic Games Phishing Risks

• Summary: Phishing and spoofed websites are spiking as the 2026 Milano Cortina Winter Games approach—drawing on lessons from prior sporting events (Paris 2024, Tokyo 2021).
• Analysis: Threat actors always exploit whatever’s current. User education should focus on the broader concept of “event-driven phishing” to avoid tunnel vision.
• Quote:

  “Whatever the thing is that people are talking about, that’s where the threat actors are going to go. Because it’d be stupid to create phishing emails about haberdasheries... people care about the Olympics.” (42:41)

• [41:53–44:51]

7. LastPass Backup Phishing Scam

• Summary: Campaign spoofs LastPass maintenance notices, urging users to “create a vault backup within 24 hours” in order to harvest master passwords. LastPass reminds users: they never ask for master passwords.
• Analysis: Highlights the criticality of enabling MFA on password vaults (“It is not an option. It is not a nice to have.”).
• Practical Tip: Use provided indicators (IPs, subject lines) to hunt malicious emails in your environment and check for users who might’ve visited the phishing domains.
• Quote:

  “If you have convinced people to get on a password vault... that’s half the battle. The other half is making sure they have MFA on it.” (46:32)

• [44:51–49:31]

8. Chainlit AI Framework – Critical Cloud Vulnerabilities

• Summary: "Chain Leak" bugs allow attackers to read arbitrary files or execute SSRF attacks in cloud AI deployments, risking internal data exposure.
• Analysis: Explains the nuanced risk—requires chained exploits and impacts only what’s on the server, but asserts “you have to patch.” Calls for tighter relationships with developers/engineers to improve visibility on shadow IT and unapproved tech.
• Community Engagement: Recounts organizing open cybersecurity forums to inform and empower internal teams on vulnerability management and risk mitigation.
• Quote:

  “The problem is you may not know you have this in your environment because you’ve got some eager beaver engineer who built something over the weekend... communicating across the org is key.” (50:38)

• [49:31–end of Gerald’s segment]

Notable Quotes & Memorable Moments

• On Pwn2Own:

  “Pwn2Own is like the Olympics of security research. If you’re into hardware hacking, this is where you want to end up.” (16:10)

• On Insider Threats:

  “Insider recruitment isn’t new, but the scale and ease with which ransomware groups do it—just by searching LinkedIn—is eye-opening.” (22:25)

• On Deepfake Job Interview Attacks:

  “It’s not some news story—it’s literally happening right now. Go check out Jason Rebh’s post for a visceral example.” (29:40)

• Gerald’s GRC Jargon:

  “AC6. NIST 853. GRC mafia. Yes, sir!” (23:52)

• Analogy, Fortinet:

  “It’s like working in a dangerous part of town—you can’t avoid it, so you put alarms, clubs on your steering wheel, and just keep your eyes peeled.” (39:45)

• On Communication & Community:

  “Don’t be like the guy who’s just a myth... No, be the face of infosec.” (51:35)

Timestamps for Important Segments

| Segment Description | Start Time | |---------------------------------------------|------------| | Podcast Welcome / Community Shoutouts | 00:01 | | Pwn2Own Automotive / Tesla Hack | 14:02 | | Under Armour/Everest Ransomware | 19:17 | | North Korea Job Interview Attack | 26:04 | | TikTok Canada Court Ruling | 30:42 | | Fortinet FortiGate Ongoing Exploits | 36:47 | | Olympics Phishing Trends | 41:53 | | LastPass Backup Phishing | 44:51 | | Chainlit AI Vulnerability | 49:31 | | Gerald’s Wrap & Handoff to Jawjacking | 57:00 | | Jawjacking (Zach Hill Q&A) Begins | 59:46 |

Jawjacking: Audience Q&A with Zach Hill (IT Career Questions)

[59:46–End]

Key Themes:

• Certifications & Career Progression

  • Certs (Hack The Box, CISSP, etc.) alone don’t qualify you as mid/senior—practical experience is key.
  • Use certifications for personal knowledge validation; they’re not automatic job tickets.

• Resume and Job Search Advice

  • Focus on recent and most relevant experience; keep it to 1–2 pages.
  • Use AI tools (ChatGPT) creatively to map your non-IT experience to tech skills.
  • Gaps in employment aren’t a deal breaker—be honest and don’t be afraid to explain them briefly if asked.

• Transitioning from Non-IT Careers

  • Communication, organization, and soft skills are essential in GRC and IT in general.
  • Teachers moving into cybersecurity should lean heavily on their communication strengths.

• Technical Interview Preparedness

  • To develop professional/technical communication: step outside your comfort zone, practice speaking, record yourself, listen to others’ dialogues.

• Learning Resources

  • Books still work for many, but videos and hands-on labs are critical for others—find your preferred learning method.

• Buying Tech/Lab Gear

  • eBay, local resellers, and “Mac Sales” mentioned as safe bets for used equipment.

• Trends to Watch

  • AI tools as threats: Social engineering, deepfakes, and scalable AI-driven scams are Zach’s top worry—“It absolutely terrifies me.”
  • Advice: Always watch for scams using AI voice/video clones and sophisticated social engineering.

• Hardware Recommendations

  • For grad-students or those on a budget: prioritize RAM, consider reputable brands, and repurpose old hardware as home labs.

Community & Culture

• Shoutouts to first-time listeners, lurkers, sponsors, and meme contributors (e.g., Dan Reardon’s custom meme Thursdays).
• Strong encouragement of engagement: Drop questions in chat, check sponsor links, and participate in events (e.g., ransomware watch party).

Concluding Thoughts

Dr. Gerald Auger and Zach Hill deliver insightful, actionable cybersecurity news and advice with humor and authenticity. Practitioners lean in not just for news, but for career development, community belonging, and practical takeaways every weekday.

Quick Reference Quotes (Speaker & Timestamp)

• Gerald Auger on Pwn2Own:

  “Bug bounties are the best if you are interested in the overall health of all the technology we’re using.” (16:45)

• Gerald Auger on Insider Threats:

  “Ransomware actors are actively recruiting internal people... Find someone who works in IT that’s been there a long time, maybe they’re not being appreciated at that company.” (22:00)

• Zach Hill on Job Gaps:

  “A good employer just will not care at all... if they’re drilling you about gaps, that’s a huge red flag.” (73:40)

• Zach Hill on Certifications:

  “Anybody can go out and take any of these certifications. It doesn’t guarantee you anything.” (61:30)

• Gerald Auger on Security Community:

  “Don’t be the guy who’s a myth... be the face of infosec.” (51:35)

• Zach Hill on AI Threats:

  “Once scammers get a feel for what AI can do for them... That scares me. It absolutely terrifies me.” (82:30)

Recommended Actions

• If you support Fortinet/FortiGate: Audit exposure, temporarily disable vulnerable features if possible, and ramp up monitoring for high-risk assets.
• Train end-users: Phishing, deepfakes, and social engineering are evolving—update security awareness to cover job-interview and AI voice/video scams.
• Inventory AI/chatbot deployments: Ensure anything using frameworks like Chainlit is up-to-date and visible to IT/security.
• If using LastPass or similar password managers, enforce multi-factor authentication organization-wide.
• For career builders: Use every resource (community, forums, peer support, and AI tools) to map your skillset, gain experience, and build confidence.

For more community discussion, professional development, and cybersecurity news, tune in live every weekday at 8am Eastern or visit simplycyber.io.