Daily Cyber Threat Brief – Jan 28’s Top Cyber News NOW! (Ep 1056)

Host: Dr. Gerald Auger (Simply Cyber Media Group)
Date: January 29, 2026

Episode Overview

This episode delivers the top cybersecurity news and analysis for professionals, insiders, and business leaders. Dr. Gerald Auger pulls from 20+ years in GRC cybersecurity to break down eight major news stories, injects actionable insights, and engages the #TeamSC community. Highlights of the session include emerging threats, critical vulnerabilities, AI risks, government policy, industry best practices, and real-world career advice.

Key Segments & Insights

1. U.S. Acting Cyber Chief Uploads Sensitive Files to Public ChatGPT

[16:02]

Story: Madhu Gautamakala, US acting cyber chief, uploaded “official-use only” contracting documents to a public ChatGPT instance, triggering internal DHS security alerts.
Risks: Demonstrates dangers of pushing sensitive information into public AI tools, even by senior leadership—no way to “claw back” data after upload.
Policy Lesson: Leadership who get “special exceptions” to use risky tech undermine organization-wide security.
Memorable Quote:

“If you have sensitive information...and you stick it in an AI tool that is not local, guess what? You've just lost sovereignty over that data.”—Gerald [17:03]
Practical Advice:
- Always advise leadership of risk—grant exceptions only with eyes open.
- Consider deploying internal/private AI or data masking tools for sensitive workflows.
- Policy is only effective if leaders are held to standards.
Context: Recalls the Samsung ChatGPT incident (2023), now a classic case study.

2. Sakari Ransomware: A Cautionary Tale of AI-Generated Malware

[23:26]

Story: Halcyon and CheckPoint expose the “Sakari” ransomware, built so poorly that paying ransom will NOT decrypt data. Each victim’s RSA key is discarded, making recovery impossible.
AI Abuse: Researchers suspect AI tooling (machine translation, code generation) produced this “vibe coded” malware.
Market Impact: Nonfunctional ransomware destroys attacker reputation; victims are urged NOT to pay.
Memorable Quote:

"Some clown babies develop some ransomware using AI...they literally didn’t test it. So the decryption process doesn’t work."—Gerald [24:08]
Action:
- Add Sakari as an AI-malware case study.
- Warn your threat intel network and SMEs: if hit, do not pay, and recover from backups.
- Small businesses especially at risk; verify incident response plans.

3. WhatsApp’s Strict Account Lockdown vs. Spyware

[28:32]

Story: WhatsApp unveils a “strict account settings” mode for high-risk users (e.g., journalists, activists), blocking media from non-contacts and boosting privacy protections.
Trade-offs:
- Enhanced privacy often means decreased usability (potentially disables certain features/APIs).
- Most users won’t need this, but should test and roll back if unwanted friction occurs.
Community Context:
- Signal already offers strong privacy; WhatsApp moving to catch up.
- Admins should inform VIPs and executives about these protections.

4. Mustang Panda’s Sophisticated Stealer Campaign

[33:17]

Story: China-linked threat group “Mustang Panda” (CrowdStrike nomenclature) upgrades “Cool Client” backdoor for espionage against governments in Myanmar, Mongolia, Malaysia, Russia, and Pakistan.
Tactics:
- Clipboard monitoring, browser credential theft (Chromium), active window tracking, plugin-based modular features.
- Data exfiltration through hardcoded API tokens for Google Drive, Pixel Drain.
Technical Deep Dive:
- Kaspersky found advanced, persistent, multifunction malware—part and parcel with nation-state level tradecraft.
- Community Laughter: Gerald shares a generated image of a “Panda driving a Mustang.”
Defense:
- EDR, email security, and layered defense for at-risk governments and organizations.

5. Legal Battle: Virginia Flock Camera Surveillance is Upheld

[41:08]

Story: Federal judge rules Norfolk’s use of 176 automated license plate reader (ALPR) “Flock” cameras does NOT violate the Fourth Amendment.
Implications:
- Sets precedent for expanded street-level surveillance without warrants.
- Debate: Law enforcement effectiveness vs. chilling effect on civil liberties, risk of abuse (e.g., stalking, political retaliation).
Gerald’s Take:
- Tools intended for good can be weaponized or misused.
- Cautions against “full dystopian 1984”—but warns of surveillance overreach.

6. Still Exploited: WinRAR Path Traversal Flaw

[47:07]

Story: Google says CVE-2025-8088 (WinRAR path traversal) is being actively exploited by Russian (Turla), Chinese-linked, and cybercrime groups; allows initial access through booby-trapped archives.
Attack Chains: Uses alternate data streams for stealth payload delivery; phishing is primary delivery method.
Advice: PATCH IMMEDIATELY.
- Educate users: “If you see this WinRAR icon, patch now!”
- Central patch management (Ivanti etc.) recommended.
Memorable Story:
- Gerald shares a personal anecdote about Memoji and accidentally texting a “lion love” message to a friend. [52:26]
- Adds humor to highlight how mistakes happen everywhere, even in cybersecurity.

7. Telnet Is Back—and Dangerously Vulnerable

[53:55]

Story: Decade-old GNU Net Utils Telnetd root-auth bypass is being exploited (added to CISA KEV). Hundreds of thousands of Telnet instances, mostly IoT/OT, still exposed—usage is RISING as SSH declines.
Risks:
- Telnet sends everything in plaintext—ripe for interception.
- Many devices (especially IoT/legacy) default to Telnet, now being targeted en masse.
Memorable Meltdown:

“Are we taking crazy pills?… I can't think of a more out of control thing than having a telnet server Internet-facing… I’m getting lightheaded thinking about it.”—Gerald [54:41]
Action Steps:
- Scan external IP ranges for port 23.
- Replace Telnet with SSH, restrict/monitor ALL legacy device access.

8. Fortinet FortaCloud SSO Zero Day

[61:54]

Story: Authentication bypass allows attackers to create rogue FortiCloud SSO admin accounts, pull firewall configs from fully patched FortiGate devices.
Remediation:
- Fortinet disabled abused accounts, patched server-side, and urges admins to treat affected systems as compromised.
- Best Practice: Restrict admin access, disable FortiCloud SSO until fixed.
Gerald’s Advice:
- "If you run Fortinet & FortiCloud, this is all hands on deck."
- Fortinet frequently faces vulnerabilities; admins must stay vigilant and ready to patch.

Notable Quotes & Community Moments

On Policy Risk:

“We are forced into these very difficult positions...all you can do is advise of the risk, make them aware of it, grant the exception, and just be like, listen, this goes against policy...let’s hope for the best.” —Gerald [17:03]
On Bad Ransomware:

“The viability of being a ransomware threat actor is that you deliver on the key or the data...if you don’t, your market immediately implodes.” —Gerald [25:13]
On Telnet Redux:

“Telnet is a relic...you have to pay $10 to get access to the museum of history to look at a telnet server, but there are still vulnerabilities. As a researcher: don’t only look at AI—old tech has live flaws!" —Gerald [54:41]
On Career Networking (Jawjacking Q&A):

“You can train all day, but until you play a game, you just don’t know if you’re good or not...Employers don’t pick the valedictorian. It’s not a meritocracy. It’s about relationships and networking.” —Gerald [72:24]

Jawjacking: Audience Q&A Highlights

[62:38] onward
Dr. Auger addresses a flurry of community questions about:

Impact of a PhD on Security Careers
- No immediate impact—long-term value is credibility, branding, capability signaling.
- Advice: Don’t do it for clout; do it if you’re passionate.
Transitioning from DoD Intel to Cyber Threat Intelligence
- Recommended role: CTI analyst; supplement with some SOC and threat behavior skills.
Master’s vs. Certifications
- Depends on your target role; often certs (especially HR gatekeepers like Security+) + networking give better job access than a master’s.
Building a Portfolio & Networking
- Essential to be “on the front row” of the candidate pool.
- Personal branding (YouTube, LinkedIn, active community presence) gets you noticed.
AI’s Impact on Security Jobs
- AI is changing how ransomware and malware are created (quicker, more variants), but human insight/creativity in defense will remain essential.
WinRAR and Roaring Mistakes
- Community laughs as Gerald recounts texting “I’d be lion if I said I didn’t love you—roar!” to the wrong friend.

Key Takeaways & Actionable Advice

Patch legacy software (WinRAR, Telnet), especially where actively exploited.
Beware shadow AI risks; leadership using public tools may create unintentional breaches.
Inform and enable critical privacy/security features for high-exposure users.
Never pay ransoms to poorly built ransomware like Sakari—data recovery is impossible.
Audit and eliminate legacy and risky protocols (e.g., Telnet)—build maturity in asset management.
For career aspirants:
- Build a visible brand, network actively, supplement credentials with real skills.
- Focus on roles where your background (Intel, SOC, etc.) transfers directly.
For leaders:
- Set the standard on security compliance and lead by example; don’t seek risky exceptions.

Top Memorable Moments

Gerald’s fervent—at times comedic—reaction to legacy tech mishaps (“Are we taking crazy pills?”)
Community inside jokes (e.g., using the Carl emote for “dumb moves”)
Sharing light-hearted personal stories to highlight larger lessons (the “lion-emoji love text”)

Useful Timestamps

| Time | Topic | |-----------|---------------------------------------------------------------| | 00:01 | Show open, community welcome, CPE credit talk | | 16:02 | US Cyber Chief & Public ChatGPT incident | | 23:26 | Sakari ransomware’s AI-fueled failure | | 28:32 | WhatsApp strict privacy/anti-spyware features | | 33:17 | Mustang Panda: Cool Client espionage malware | | 41:08 | Virginia Flock camera Fourth Amendment lawsuit | | 47:07 | WinRAR path traversal vulnerability exploitation | | 53:55 | Telnet vulnerabilities, IoT/OT legacy risks | | 61:54 | Fortinet Cloud Zero Day—mitigation keys | | 62:38 | Jawjacking: Live audience Q&A, career advice (onward) |

Original Tone:
Casual, energetic, humorous, and deeply practical. Dr. Auger uses real-world analogies, community engagement, and lived experience—making complex topics both accessible and actionable.

Listen to learn, laugh, and level up—the Simply Cyber way.

Daily Cyber Threat Brief – Jan 28’s Top Cyber News NOW! (Ep 1056)

Host: Dr. Gerald Auger (Simply Cyber Media Group)
Date: January 29, 2026

Episode Overview

Key Segments & Insights

1. U.S. Acting Cyber Chief Uploads Sensitive Files to Public ChatGPT

[16:02]

Story: Madhu Gautamakala, US acting cyber chief, uploaded “official-use only” contracting documents to a public ChatGPT instance, triggering internal DHS security alerts.
Risks: Demonstrates dangers of pushing sensitive information into public AI tools, even by senior leadership—no way to “claw back” data after upload.
Policy Lesson: Leadership who get “special exceptions” to use risky tech undermine organization-wide security.
Memorable Quote:

“If you have sensitive information...and you stick it in an AI tool that is not local, guess what? You've just lost sovereignty over that data.”—Gerald [17:03]
Practical Advice:
- Always advise leadership of risk—grant exceptions only with eyes open.
- Consider deploying internal/private AI or data masking tools for sensitive workflows.
- Policy is only effective if leaders are held to standards.
Context: Recalls the Samsung ChatGPT incident (2023), now a classic case study.

2. Sakari Ransomware: A Cautionary Tale of AI-Generated Malware

[23:26]

Story: Halcyon and CheckPoint expose the “Sakari” ransomware, built so poorly that paying ransom will NOT decrypt data. Each victim’s RSA key is discarded, making recovery impossible.
AI Abuse: Researchers suspect AI tooling (machine translation, code generation) produced this “vibe coded” malware.
Market Impact: Nonfunctional ransomware destroys attacker reputation; victims are urged NOT to pay.
Memorable Quote:

"Some clown babies develop some ransomware using AI...they literally didn’t test it. So the decryption process doesn’t work."—Gerald [24:08]
Action:
- Add Sakari as an AI-malware case study.
- Warn your threat intel network and SMEs: if hit, do not pay, and recover from backups.
- Small businesses especially at risk; verify incident response plans.

3. WhatsApp’s Strict Account Lockdown vs. Spyware

[28:32]

Story: WhatsApp unveils a “strict account settings” mode for high-risk users (e.g., journalists, activists), blocking media from non-contacts and boosting privacy protections.
Trade-offs:
- Enhanced privacy often means decreased usability (potentially disables certain features/APIs).
- Most users won’t need this, but should test and roll back if unwanted friction occurs.
Community Context:
- Signal already offers strong privacy; WhatsApp moving to catch up.
- Admins should inform VIPs and executives about these protections.

4. Mustang Panda’s Sophisticated Stealer Campaign

[33:17]

Story: China-linked threat group “Mustang Panda” (CrowdStrike nomenclature) upgrades “Cool Client” backdoor for espionage against governments in Myanmar, Mongolia, Malaysia, Russia, and Pakistan.
Tactics:
- Clipboard monitoring, browser credential theft (Chromium), active window tracking, plugin-based modular features.
- Data exfiltration through hardcoded API tokens for Google Drive, Pixel Drain.
Technical Deep Dive:
- Kaspersky found advanced, persistent, multifunction malware—part and parcel with nation-state level tradecraft.
- Community Laughter: Gerald shares a generated image of a “Panda driving a Mustang.”
Defense:
- EDR, email security, and layered defense for at-risk governments and organizations.

5. Legal Battle: Virginia Flock Camera Surveillance is Upheld

[41:08]

Story: Federal judge rules Norfolk’s use of 176 automated license plate reader (ALPR) “Flock” cameras does NOT violate the Fourth Amendment.
Implications:
- Sets precedent for expanded street-level surveillance without warrants.
- Debate: Law enforcement effectiveness vs. chilling effect on civil liberties, risk of abuse (e.g., stalking, political retaliation).
Gerald’s Take:
- Tools intended for good can be weaponized or misused.
- Cautions against “full dystopian 1984”—but warns of surveillance overreach.

6. Still Exploited: WinRAR Path Traversal Flaw

[47:07]

Story: Google says CVE-2025-8088 (WinRAR path traversal) is being actively exploited by Russian (Turla), Chinese-linked, and cybercrime groups; allows initial access through booby-trapped archives.
Attack Chains: Uses alternate data streams for stealth payload delivery; phishing is primary delivery method.
Advice: PATCH IMMEDIATELY.
- Educate users: “If you see this WinRAR icon, patch now!”
- Central patch management (Ivanti etc.) recommended.
Memorable Story:
- Gerald shares a personal anecdote about Memoji and accidentally texting a “lion love” message to a friend. [52:26]
- Adds humor to highlight how mistakes happen everywhere, even in cybersecurity.

7. Telnet Is Back—and Dangerously Vulnerable

[53:55]

Story: Decade-old GNU Net Utils Telnetd root-auth bypass is being exploited (added to CISA KEV). Hundreds of thousands of Telnet instances, mostly IoT/OT, still exposed—usage is RISING as SSH declines.
Risks:
- Telnet sends everything in plaintext—ripe for interception.
- Many devices (especially IoT/legacy) default to Telnet, now being targeted en masse.
Memorable Meltdown:

“Are we taking crazy pills?… I can't think of a more out of control thing than having a telnet server Internet-facing… I’m getting lightheaded thinking about it.”—Gerald [54:41]
Action Steps:
- Scan external IP ranges for port 23.
- Replace Telnet with SSH, restrict/monitor ALL legacy device access.

8. Fortinet FortaCloud SSO Zero Day

[61:54]

Story: Authentication bypass allows attackers to create rogue FortiCloud SSO admin accounts, pull firewall configs from fully patched FortiGate devices.
Remediation:
- Fortinet disabled abused accounts, patched server-side, and urges admins to treat affected systems as compromised.
- Best Practice: Restrict admin access, disable FortiCloud SSO until fixed.
Gerald’s Advice:
- "If you run Fortinet & FortiCloud, this is all hands on deck."
- Fortinet frequently faces vulnerabilities; admins must stay vigilant and ready to patch.

Notable Quotes & Community Moments

On Policy Risk:

“We are forced into these very difficult positions...all you can do is advise of the risk, make them aware of it, grant the exception, and just be like, listen, this goes against policy...let’s hope for the best.” —Gerald [17:03]
On Bad Ransomware:

“The viability of being a ransomware threat actor is that you deliver on the key or the data...if you don’t, your market immediately implodes.” —Gerald [25:13]
On Telnet Redux:

“Telnet is a relic...you have to pay $10 to get access to the museum of history to look at a telnet server, but there are still vulnerabilities. As a researcher: don’t only look at AI—old tech has live flaws!" —Gerald [54:41]
On Career Networking (Jawjacking Q&A):

“You can train all day, but until you play a game, you just don’t know if you’re good or not...Employers don’t pick the valedictorian. It’s not a meritocracy. It’s about relationships and networking.” —Gerald [72:24]

Jawjacking: Audience Q&A Highlights

[62:38] onward
Dr. Auger addresses a flurry of community questions about:

Impact of a PhD on Security Careers
- No immediate impact—long-term value is credibility, branding, capability signaling.
- Advice: Don’t do it for clout; do it if you’re passionate.
Transitioning from DoD Intel to Cyber Threat Intelligence
- Recommended role: CTI analyst; supplement with some SOC and threat behavior skills.
Master’s vs. Certifications
- Depends on your target role; often certs (especially HR gatekeepers like Security+) + networking give better job access than a master’s.
Building a Portfolio & Networking
- Essential to be “on the front row” of the candidate pool.
- Personal branding (YouTube, LinkedIn, active community presence) gets you noticed.
AI’s Impact on Security Jobs
- AI is changing how ransomware and malware are created (quicker, more variants), but human insight/creativity in defense will remain essential.
WinRAR and Roaring Mistakes
- Community laughs as Gerald recounts texting “I’d be lion if I said I didn’t love you—roar!” to the wrong friend.

Key Takeaways & Actionable Advice

Patch legacy software (WinRAR, Telnet), especially where actively exploited.
Beware shadow AI risks; leadership using public tools may create unintentional breaches.
Inform and enable critical privacy/security features for high-exposure users.
Never pay ransoms to poorly built ransomware like Sakari—data recovery is impossible.
Audit and eliminate legacy and risky protocols (e.g., Telnet)—build maturity in asset management.
For career aspirants:
- Build a visible brand, network actively, supplement credentials with real skills.
- Focus on roles where your background (Intel, SOC, etc.) transfers directly.
For leaders:
- Set the standard on security compliance and lead by example; don’t seek risky exceptions.

Top Memorable Moments

Gerald’s fervent—at times comedic—reaction to legacy tech mishaps (“Are we taking crazy pills?”)
Community inside jokes (e.g., using the Carl emote for “dumb moves”)
Sharing light-hearted personal stories to highlight larger lessons (the “lion-emoji love text”)

Useful Timestamps

Listen to learn, laugh, and level up—the Simply Cyber way.

wavePod

🔴 Jan 28’s Top Cyber News NOW! - Ep 1056

Powered by Wave AI

Summary

Daily Cyber Threat Brief – Jan 28’s Top Cyber News NOW! (Ep 1056)

Episode Overview

Key Segments & Insights

1. U.S. Acting Cyber Chief Uploads Sensitive Files to Public ChatGPT

2. Sakari Ransomware: A Cautionary Tale of AI-Generated Malware

3. WhatsApp’s Strict Account Lockdown vs. Spyware

4. Mustang Panda’s Sophisticated Stealer Campaign

5. Legal Battle: Virginia Flock Camera Surveillance is Upheld

6. Still Exploited: WinRAR Path Traversal Flaw

7. Telnet Is Back—and Dangerously Vulnerable

8. Fortinet FortaCloud SSO Zero Day

Notable Quotes & Community Moments

Jawjacking: Audience Q&A Highlights

Key Takeaways & Actionable Advice

Top Memorable Moments

Useful Timestamps

Summary

Daily Cyber Threat Brief – Jan 28’s Top Cyber News NOW! (Ep 1056)

Episode Overview

Key Segments & Insights

1. U.S. Acting Cyber Chief Uploads Sensitive Files to Public ChatGPT

2. Sakari Ransomware: A Cautionary Tale of AI-Generated Malware

3. WhatsApp’s Strict Account Lockdown vs. Spyware

4. Mustang Panda’s Sophisticated Stealer Campaign

5. Legal Battle: Virginia Flock Camera Surveillance is Upheld

6. Still Exploited: WinRAR Path Traversal Flaw

7. Telnet Is Back—and Dangerously Vulnerable

8. Fortinet FortaCloud SSO Zero Day

Notable Quotes & Community Moments

Jawjacking: Audience Q&A Highlights

Key Takeaways & Actionable Advice

Top Memorable Moments

Useful Timestamps