Daily Cyber Threat Brief – Ep 1054: Jan 26, 2026
Host: Tyler Ramsby (Guest-hosting for Dr. Gerald Auger)
Podcast: Daily Cyber Threat Brief, Simply Cyber
Date: January 26, 2026
Episode Overview
Theme:
A quickfire breakdown of the most important cybersecurity news stories of the day, tailored for practitioners, leaders, and career-focused pros. Host Tyler Ramsby brings his offensive security and training background to offer candid “raw takes” and pro insights, covering everything from Microsoft patch messes to nation-state attacks and evolving threats like AI-powered malware. The episode features actionable career and technical advice blended with practical humor and community engagement.
Key Discussion Points & Insights
1. Microsoft Patch Fiascos (Outlook & Windows 11 Boot Failures)
Timestamps:
-
Outlook story: [12:02]
-
Windows 11 boot failures: [15:45]
-
Summary:
- Microsoft released an out-of-band emergency update to fix Outlook issues with PST files stored in cloud storage, affecting classic Outlook for enterprise users.
- Simultaneously, a new Windows 11 update has caused unmountable boot volume errors (black screen of death), requiring manual recovery.
-
Tyler's Take:
- Frustration and humor about the frequency of Microsoft update problems.
- Advice to IT admins: Patch cautiously, ideally rolling out to small rings first and only expanding after monitoring for issues.
- For external and internal penetration testers, notes that patching isn’t always prioritized internally, creating risk.
-
Notable Quotes:
- “You don’t need threat actors when you have Microsoft… If you just want to experience denial of service, just use Microsoft.” – Tyler [16:30]
- “This is really good security. If you cannot boot your computer, your computer cannot be hacked.” – Tyler [16:58] (sarcasm)
2. Sandworm Cyberattack on Poland’s Power Grid
Timestamp: [19:13]
-
Summary:
- ESET attributes a major December attack on Poland’s grid to Sandworm (Russian APT), using custom data-wiping malware (“DinoWiper”).
- Attack coincided with the 10th anniversary of Sandworm’s infamous Ukraine blackout operation.
-
Tyler's Take:
- Explains APTs and nation-state threat actors for newcomers.
- Stresses increased prevalence of cyberwar as a form of modern conflict, especially targeting critical infrastructure.
- Calls for “defense in depth,” regular tabletop exercises, and red/blue team assessments (“It’s not if you get breached, it’s when. How do you contain it?”).
-
Notable Quotes:
- “DinoWiper sounds like a diaper brand... Bad branding by ESET.” – Tyler [20:01]
- “Anyone in critical infrastructure will be targeted.” – Tyler [21:48]
3. Dresden State Art Collections Cyberattack
Timestamp: [23:41]
-
Summary:
- Major German museum network suffers a targeted attack, disrupting digital operations but not affecting artifact security.
- Unclear attribution; speculation on ransomware or social engineering as likely methods.
-
Tyler's Take:
- Emphasizes that all organizations, not just high-profile companies, are targets.
- Highlights that smaller/non-profit orgs are particularly vulnerable due to limited resources.
- Suggests cybersecurity newcomers volunteer with non-profits for hands-on learning and resume-building.
-
Notable Quotes:
- “Regardless of your size, everyone’s a target when it comes to criminals and threat actor groups trying to steal money.” – Tyler [26:34]
- “For those of you looking to break into cyber, help a nonprofit – they can’t afford a major cybersecurity firm or pen test.” – Tyler [27:35]
4. Nike & World Leaks Data Breach Claims
Timestamp: [35:55]
-
Summary:
- Nike listed as a victim on new leak site “World Leaks”; group claims possession of data but details unknown.
- Precedents with other companies (like Dell) claiming only synthetic/publicly available info was leaked, though that’s often misleading.
-
Tyler's Take:
- Warns to expect more such attacks/breach announcements, as cybercrime gangs rebrand and relaunch.
- Advises vigilance for phishing following breach announcements, e.g., scam “verify your account” emails.
-
Notable Quotes:
- “Often when an organization says, ‘It’s just publicly available info,’ it’s almost always not correct… the company’s just trying to do some protection of their brand.” – Tyler [37:20]
- “Be alert for emails claiming to be from Nike support asking to ‘re-verify’ your account... these are likely follow-up scams.” – Attributed to Roswell UK, cited by Tyler [38:40]
5. CISA Adds Exploited Vulnerabilities to KEV Catalog
Timestamp: [41:38]
-
Summary:
- Four new critical exploited vulnerabilities added: in Zimbra, Versa Concerto SD WAN, Vit.js, and ESLint Config Prettier.
-
Tyler's Take:
- Explains what CVEs and zero-days are.
- Encourages aspiring pen testers to get involved by researching and reporting vulnerabilities (“finding your own CVEs isn’t difficult and looks great on your resume”).
- Underscores the danger of unpatched internal systems.
-
Notable Quotes:
- “If you cannot afford big certifications like the OSCP, you can find CVEs.” – Tyler [42:31]
- “If you don’t have a good patching system, that’s the biggest takeaway from this story. You have to patch all the things.” – Tyler [44:55]
6. ShinyHunters Claims Okta-Related Data Breaches (SoundCloud, Crunchbase, Betterment)
Timestamp: [46:17]
-
Summary:
- Group claims they used voice phishing to capture Okta SSO codes and breach several large tech companies.
- SoundCloud eventually confirmed a significant breach affecting up to 28 million users.
-
Tyler's Take:
- Foresees surge of AI-powered voice phishing (“deep fakes”).
- Criticizes slow breach detection—SoundCloud disclosed only after a week of customer complaints.
- Calls for better detection and response to active threats.
-
Notable Quotes:
- “It should not take your end-users to say, ‘Yo, your website sucks...’ before the company realizes they’ve been breached.” – Tyler [47:52]
7. ZDNet’s “10 Ways AI Might Ruin Your Life in 2026”
Timestamp: [49:48]
-
Summary:
- ZDNet article warns about new attack surfaces and threats enabled by AI: from malware and agentic bots to prompt injection, API attacks, deepfakes, and more.
-
Tyler's Take:
- Agrees AI is now a core attack surface—“AI tools… are the new attack surface.”
- Recommends using article content and topics for self-education, blue team exercises, or even content creation.
- Stresses that AI is “already fundamentally transforming the industry.”
-
Notable Quotes:
- “AI tools, not will be, they already are, the new attack surface.” – Tyler [50:20]
- “If you want to create content: ‘10 Ways AI Will Destroy the World’—guaranteed views.” – Tyler [50:59]
Notable Moments & Quotes
-
On Microsoft Woes:
- “Every update that gets pushed out ends up breaking it... This is your typical day-to-day story.” – Tyler [13:01]
-
Technical vs. Career Advice:
- “You gotta patch all the things, but sometimes with Microsoft, you have to very, very carefully patch all the things.” – Tyler [16:39]
-
On Nation-State Threats:
- “We are going to be talking less about your traditional war and more about cyber war.” – Tyler [20:22]
-
On Career Movement:
- “If you want to break into cyber and help bridge the experience gap, volunteer with a nonprofit in your area.” – Tyler [27:16]
Community Q&A (Jawjacking Segment)
(Starts ~[56:16] and continues for 30 minutes)
- OS Preferences: Strong advocacy of Ubuntu/Linux over Windows except for specific tasks (“I do all my live streaming, editing, and hacking from Ubuntu”; [56:30])
- SOC Analyst Resources: Recommends Hack the Box Academy’s blue team learning path for those eyeing SOC roles.
- Interview Tips:
- Don’t fake answers—if you don’t know, say so and follow up later ([~57:20]).
- Always ask for coaching/critical feedback at interview’s end—“What’s one thing I could do better?”.
- How to Get into Pen Testing: Not impossible but an advanced entry. Emphasizes OSCP certification or contributing open-source CVEs to stand out.
- Bug Bounty vs. Pen Testing: Warns most bug hunters don’t make a full living; those skills don’t always transfer directly to practical pen tests.
- Work-Life Balance for Entrepreneurs:
- “Do not sacrifice your family on the altar to your business... take notifications off your phone.” ([~1:19:30])
- On Patch Management: Patch as soon as viable, but monitor—especially critical for externally facing systems.
Community & Career Highlights
- Encouragement to connect and be active in communities (Simply Cyber, Hack Smarter, etc.) for accountability and growth.
- Advice for newcomers seeking experience: Volunteer for nonprofits or smaller orgs; “everyone’s a target” makes this help valuable and mutually beneficial.
- Design feedback given live on a community member’s website: Simplicity, readability, and dark mode compatibility recommended.
Segment Timestamps
| Segment | Timestamp |
|-------------------------------------------------|-----------|
| Show/Host Introduction | 00:20 |
| Microsoft Outlook Patch Story | 12:02 |
| Windows 11 Boot Failures | 15:45 |
| Sandworm Attack on Polish Power Grid | 19:13 |
| Dresden Art Collection Ransomware Attack | 23:41 |
| Nike, World Leaks, Dell Data Claims | 35:55 |
| Actively Exploited CVEs (CISA) | 41:38 |
| ShinyHunters, Okta & Voice Phishing | 46:17 |
| ZDNet’s 10 Ways AI Will Ruin Your Life | 49:48 |
| Jawjacking (Q&A, Career, Community Discussion) | 56:16 |
Tone & Style
Tyler’s style is frank, practical, and full of playful jabs (especially at Microsoft). He mixes technical depth and high-level summaries, always tying stories to actionable lessons for IT, cybersecurity professionals, and those considering a career move. The episode is interactive, responding to live chat and weaving user suggestions and questions into broader career and technical discussions.
Summary
This episode delivers a humorous, high-take rundown of the day’s top cyber news: Microsoft update woes, global critical infrastructure attacks, high-profile brand breach claims, software vulnerabilities, and the evolving threat landscape powered by AI and social engineering. Tyler’s advice-driven analysis pulls together lessons for practitioners, career hopefuls, and cybersecurity leaders—with an open invitation to join, contribute, and benefit from the wider Simply Cyber community.