Daily Cyber Threat Brief — Ep 1053 (Jan 23, 2026)

Simply Cyber Media Group | Host: Dr. Gerald Auger

Overview

In this high-energy, insight-packed episode of the Daily Cyber Threat Brief, Dr. Gerald Auger (aka Jerry) delivers the essential cybersecurity news of January 23, 2026. Tackling eight top stories, he goes far beyond the headlines, diving into defensive strategies, attacker TTPs, industry trends, and pragmatic advice for practitioners, leaders, and learners. With a mix of expert commentary, engaging analogies, community interaction, and a signature sense of humor, this episode is both educational and entertaining.

Key Stories & Insights

1. Multi-Stage Adversary-in-the-Middle (AiTM) Campaign Targeting SharePoint

[11:02–20:21]

• What happened: Microsoft Defender researchers found a sophisticated phishing and BEC (Business Email Compromise) campaign in the energy sector. Attackers used compromised credentials to access SharePoint, set up phishing landing pages and inbox rules, and persisted by stealing session cookies and creating forwarding rules.
• Dr. Auger’s Breakdown:
  • BEC is a "sleeping giant" of cybercrime: "If my moral compass was broken…I would do BEC, not ransomware. Straight cash, homie!" (12:00)
  • Adversary-in-the-Middle is just a rebrand of the classic "man-in-the-middle," now made gender-neutral.
  • Attack chain: Already-compromised creds → SharePoint-hosted phishing → More cred harvesting, esp. finance/procurement staff → Abuse of email forwarding for persistence.
  • Defensive tips:
    • Monitor for unexpected inbox rules and forwarding, especially for finance personnel.
    • Password resets are not enough—you must revoke sessions and remove attacker-created rules.
    • Train accounting staff on BEC risks, but recognize not all risks are preventable through awareness.
  • Quote: "This is like last year’s Christmas gift rewrapped." (16:00)

2. SmarterMail Authentication Bypass: Patch Exploited in the Wild

[20:21–27:48]

• What happened: A critical vuln in the SmarterMail webmail server let unauthenticated attackers reset admin passwords. Even after a patch, attackers quickly reverse-engineered it and began exploitation.
• Dr. Auger’s Take:
  • "The title is ironic. You are so dumb. You are really dumb for real." (21:10)
  • This is a "Captain Phillips" flaw: attackers can become “the captain now.”
  • Key lesson: Security-related APIs (e.g., password resets) require heightened scrutiny.
  • Patches can be reverse-engineered; AI accelerates this.
  • Patch promptly, but remember, unpatched systems remain exposed during patch-to-exploit windows.
  • Quote: "Just because a patch comes out doesn’t mean that flaw can’t be exploited anymore." (25:20)

3. Spanish Pegasus Spyware Investigation Derailed

[27:48–33:54]

• What happened: A Spanish judicial probe into NSO Group’s Pegasus spyware use (against politicians) was closed due to a lack of cooperation from Israel.
• Dr. Auger’s Viewpoint:
  • Pegasus described as "the Bugatti of spyware." (28:31)
  • NSO Group is protected by its host nation, making international accountability difficult.
  • High cost—estimated at $500K–$1M per infection, a major part of why it’s so exclusive.
  • Disturbing that executives could skirt legal scrutiny; "money talks."
  • Quote: "This just further empowers companies to snub international norms and law in order to make money." (32:10)

4. Fake Cell Tower Scam Busted in Greece

[33:54–40:58]

• What happened: Greek police busted a mobile fake cell tower used to blast phishing texts by downgrading devices to 2G and harvesting phone numbers.
• Dr. Auger’s Analysis:
  • Explains "stingray" (fake tower) tech—phones connect to the strongest signal, by design.
  • Attackers can intercept, monitor, or block calls/messages, often used in urban areas for maximum victims.
  • Advice: Don’t engage with suspicious messages; move out of the area and the attack stops.
  • "This would be something in a city. I would see this happening in, like, downtown New York City." (39:50)

Mid-Roll and Community Interaction

[42:01–46:18]

• Rapid-fire sponsor pitches and AI, cloud, pen-testing job-interview training series shout-outs.
• Lighthearted "Dad Jokes of the Day" by James McQuiggin—community favorite and tradition.
  • "What do French fries say when they finally see each other? Nothing, they just ketchup." (42:52)
  • "When potatoes have babies, what are they called? Tater tots." (43:20)
• Active chat with international listeners—"Welcome to the party, pal!" (18:00, recurring community shout-out)

5. NIST Staff and Budget Cuts Threaten Cyber Priorities

[46:18–51:31]

• What happened: NIST lost over 700 staff; faces a $13M lab funding cut, impacting AI, cybersecurity, and quantum encryption projects.
• Dr. Auger’s Perspective:
  • NIST is "vital to society’s information security posture."
  • Staff cuts force agencies and companies to radically prioritize.
  • Career advice: "It took me 15 years to figure out why it’s so important to understand how the business makes money…because if the money goes down, you have to prioritize and sometimes projects disappear." (48:30)
  • Ties into broader trend of tech layoffs and shifting corporate priorities.

6. Alternative Vulnerability ID System: GCVE

[51:31–55:59]

• What happened: After a funding scare with the NIST/MITRE CVE system, the new Global CVE Allocation System (GCVE) was launched from Luxembourg to provide redundancy and decentralization.
• Dr. Auger’s Take:
  • It's backup in case the US-based program fails—a good example of avoiding single points of failure.
  • "For business continuity and resiliency, this is smart. But we'll see if it becomes widely adopted or fizzles like IPv6."
  • Reflects the increasing globalization of infosec standards and risks.

7. Osiris Ransomware Uses ‘Bring Your Own Vulnerable Driver’ (BYOVD)

[55:59–60:30]

• What happened: A new ransomware strain, Osiris, targeted Southeast Asia, using a malicious driver ("PoorTry") to kill defenses—a known BYOVD tactic.
• Dr. Auger’s Breakdown:
  • Probably related to “INC” ransomware group—a likely rebrand or splinter.
  • BYOVD is analogous to DLL sideloading—attackers load malicious drivers to gain elevated access and disable AV/EDR.
  • Defense tips:
    • Restrict RDP (remote desktop) access.
    • Enforce MFA.
    • Application allowlisting (aka whitelisting).
    • Tabletop exercises for ransomware scenarios.
  • Quote: "Can we just normalize MFA please? It’s ridiculous at this point." (59:23)

8. AI Agents at Davos: Security and Insider Threat Risks

[60:30–63:59]

• What happened: At Davos, major orgs discussed the challenge of securing AI agents as "the ultimate insider threat."
• Quotes & Insights:
  • Pearson CTO: "We have enough difficulty getting the humans trained to be effective at preventing cyber attacks. Now I've got to do it for humans and agents in combination.” (60:50)
  • Cloudflare: “Agents are an extension of your team and employee base.”
  • MasterCard: "Take a page from banking—collect as many signals as possible to detect malicious activity."
• Dr. Auger’s Reflection:
  • "The value and incentive to leverage AI is so high that even with these concerns, businesses will steam forward."
  • “Glad they’re having these conversations, but it’s 3 years too late.” (61:50)
  • Sees a risky, under-regulated path ahead for AI as part of the workforce.

Panel: Jawjacking Q&A (Dr. Auger & Daniel Lowry)

[65:11–end]

• Catching up with Daniel Lowry, who’s been busy with a new cyber training role for the US military.
• Inspirational career advice: Always be prepared for opportunity; readiness meets opportunity in unpredictable ways.
  • “It’s all about being prepared and being able to execute when those situations appear.” (70:13)
• Becoming a cyber expert: There’s no fixed timeline; “anywhere from 4 months to 40 years.” Realistically, 1–3 years for proficiency in an area.
• Home lab tips: Cloud environments (Azure, O365) and virtualization (Proxmox); hands-on > theory.
• Starting/running a pen testing business: Network with other firms, share leads, and market yourself by “doing cool, interesting stuff people talk about.”
• GRC & CMMC: Study NIST SP 800-171, 800-53; demand in compliance-focused roles is growing.
• OpenAI profitability: Not currently profitable, but with massive investment and global rivalry (esp. China), funding is all but assured. “Without Microsoft and Google, AI would just fold.” (86:36)
• Exam prep: Read broadly, follow each rabbit hole, and above all, get hands-on experience.

Notable Quotes, Analogies & Memorable Moments

• “If my moral compass was broken…I would do BEC, not ransomware. Straight cash, homie!” [12:00]
• "Captain Phillips flaw—Look at me, I’m the captain now." [21:10]
• “Pegasus is the Bugatti of spyware.” [28:31]
• "This is like last year’s Christmas rewrapped and called new." [16:00]
• “You can reverse patches. Thank you for coming to my TED Talk.” [26:20]
• “Glad they’re having these [AI agent risk] conversations, but it’s three years too late.” [61:50]
• “Can we just normalize MFA please? It’s ridiculous at this point.” [59:23]
• "Your phone connects to the strongest signal it sees — that's the flaw, and the feature." [35:30]
• "Just offering some guidance... treat the PNPT exam as a real pen test, not a CTF." [90:04]

Timestamps for Major Segments

| Segment | Timestamp | |--------------------------------------------------------|----------------| | Episode Introduction & Community Welcome | 00:01–11:02 | | SharePoint BEC/AiTM campaign | 11:02–20:21 | | SmarterMail patch exploitation discussion | 20:21–27:48 | | Spanish NSO Group Pegasus spyware investigation | 27:48–33:54 | | Fake cell tower scam in Greece | 33:54–40:58 | | Mid-roll: Sponsors, Dad Jokes, Community | 42:01–46:18 | | NIST budget and staff cuts | 46:18–51:31 | | GCVE vulnerability numbering system | 51:31–55:59 | | Osiris ransomware (BYOVD campaign) | 55:59–60:30 | | Securing AI Agents at Davos | 60:30–63:59 | | Panel (Jawjacking): Career, exam, business Q&A | 65:11–end |

Final Thoughts

This episode encapsulates why the Daily Cyber Threat Brief is a must-listen: Dr. Auger and guests break down not just what's happening in cyber, but why it matters, how it works, and what to do about it—all in an authentic community-driven environment. Whether you’re a longtime practitioner, career-switcher, aspiring pentester, or business leader, you’ll find actionable insights, real talk, and plenty of infectious enthusiasm.

Listen and level up—stay secure, and join TeamSC again for more “straight cash, homie!” cyber takes.