Loading summary
A
Yes. Yes, yes. What's up everybody? Good morning. Welcome to the party. Today is January 5th, 2026. This is episode 1039 of your Simply Cyber Daily Cyber Threat free podcast. Listen. If you are looking to stay current on the top cyber news stories of the day while being surrounded by amazing cyber security community members who are all about support, inclusion and empowering you to absolutely slay it on your career journey, well then you're in the right place because that's what we're doing here every single weekday morning. I'm your host, Jerry. We're off and running. Stay tuned. We're going to be crushing it today, I promise you. Yes. Good morning everybody. Welcome to the party. Marcus Kyler of the Yeet Crew. Phil Stafford if the San Francisco contingent. Guys, happy New Year. Happy holidays. I am back from a two week break. If today's your first episode, welcome to the party. You may be a little bit confused. We've been doing this for over 3 plus years, a thousand plus episodes. I took my first break in 16 years, took 2 weeks off. Quite an impr. Like just a really interesting experience overall. Some highs, some lows. I'll be able to share those all with you guys if you are interested during Jawjacking. But what I am happy to say is that the ball kept rolling. Daniel Lowry DJ B Coffee cup. Cheers to you. Definitely appreciate the support guys. I hope you are ready for a 2026 that's absolutely going to go bananas. We're already executing on the mission that I told you about at the end of 2025. As far as what you can expect for 2026. We had our first full video drop yesterday. People are loving it. I'll share more about that later. But let's talk about this show, this podcast, what we're doing here. What's up? Roswell UK Ad Tech Stones Fan CyberSecJS Mar Levy thanks for getting up early everybody on the left coast. Elliot matice to name one. Guys, listen, AB's in chat. Let's be cool. Sierra Montgomery getting up early. I love it. I love it. I love it. Listen guys, every single episode we go through eight stories of the top cyber news stories of the day. Now listen, I don't care if you're a GRC analyst, a sock analyst, a pen tester, a ciso, security administrator, IT person, software developer, no matter what, in order to be effective and absolutely boss at cyber security, you must stay current on the current news because threat intelligence matters. Threat actor behaviors matter. In order to understand where to address risk and how to Allocate resources like money and people and time. You need to know where the biggest problems are and where to allocate those resources. Right. If you were a general in a battle, you wouldn't deploy a bunch of soldiers to an area that has no action going on. That would be stupid. That's why you got to stay current every day, and that's why we do this show every single day. Now, if today's your first episode, man, you picked a banger to show up on. Welcome to the party, pal. Drop a hashtag first timer in Chad, hashtag first timer in chat, let us know. I have a special sound effect, a special emo cosmic cowboys in chat. What's up, dude? Listen, we've got a great show, but we have a way of welcoming our newcomers. We have a special sound effect. Like I said, it is John McLean from the Die Hard series welcoming you to the party, pal. So I can't wait for that. If we get a first timer, we'll drop that. Guys, hey, really quick. I have been out for a couple weeks. If anyone scored a job in the last couple weeks, maybe we already celebrated it on the channel, but let me know. I would love to wrecking ball the living hell out of this episode, if you know what I mean. First timer of the year. Brexit. Brexit. Judges will allow it. We'll allow it. Around the horn. First timer for 2026. There we go. Every single episode. As if the Value Train already wasn't epic. What's up, DPrem11. Happy New Year to you too. The. The Value Train is backed up to the station. We've clipped on six more caboose cars here, and we're gonna keep on rocking. How is that happening? Every single episode of the Daily Cyber Threat Brief, including this one, and is worth half a CP to you. So say what's up in chat. Grab a screenshot. It's right above my head. This is. This is the chat. This is the community, right? Say what's up in chat. Grab a screenshot, file it away. The name of the episode is. Got the unique identifier in it and the. The. The. The date, right? So you can have, like, basically a nice timestamped piece of evidence. Obviously, the screenshot's going to have today's date on it as a creation date, but let's make it easy for those auditors, you know what I mean? Auditors. Am I right? Just kidding. I was an auditor for a number of years, so I'm only allowed to dunk on it. All right? Guys, so we got our CPEs. It is Monday, which means it is Simply Cyber Community Member of the Week. Where is that boink? We got Simply Cyber Community Member of the Week. We got a good one to share with you. As always, Threat Locker. One of the sponsors did renew the Simply Cyber Community Member of the Week. So I'll be able to continue to give out prizes all year. All year long. All year. Yes. Yes. Love it, love it, love it. All right, now before we get into it, let me. Let me pay the bills, right? Simply Cyber Community Member of the Week doesn't get a hundred dollar gift card or merch without. Without paying the bills. You pick it up when I'm putting down. Everybody. James Aquigan at 35, 000ft, landing safely into 2026. Good to see you, James. Thank you, Elliot Matice. Guys, it is great to be back. I. I deliberately did a digital detox. I deliberately, deliberately, deliberately. Oh, God. Deliberately did not work. Okay. And I did a pretty good job of it. I feel like. James O' Quicker with 20 gifted subs. Heck yeah, buddy. Thank you so much, James McQuiggin. Love it, love it, love it. Thank you. All right, let's. Let's pay some bills, guys. Every single episode. We're. We're very happy to have our sponsors letting you know. Sponsors that have renewed for all of 2026. Talking about anti siphon training. Thank you. Anti siphon training. Guys, listen. Anti siphon training is disrupting the traditional cyber security training industry by offering. Hold on, I. I can't have that. Like, I'm so particular about my background screensavers. It is a bit of a. It's a bit of a. I don't even know what the right word is. I'm a psychopath, I guess. I don't know what it is. All right, we'll let that load up here. Listen, Anti siphon training offers high quality, cutting edge education to everyone, regardless of financial position. Coming up in just a few weeks, January 19th, you have time to get this on your calendar. January 19th. Four days. Four hours a day. Four hours a day. Which means you can check your email, get your breakfast, get your coffee, knock out some work, do training, and then still be able to put out any fires at the end of the day. John Strand's Active Defense and Cyber Deception course. I've taken this course. This course is awesome. I love this course. It is a blend of technical delivery as well as. Not theoretical, but like, he gets into ethics, like hacking back. He'll show you how to hack back. But like, should you be doing that? I don't know the difference between Venom and Poison. If you've taken the class, you know what I'm talking about. This is a great class and you could take it for as little as $0. They do ask for a $25 minimum donation, but if you're hard up in 2026, they're not going to kick you to the curb. Go check it out. Anti siphon training. Look at. I'm going to drop a link to this. This is a wicked fun course, right? I'm just saying. Plus, if you are currently in between jobs, right here, dropping a link to this course, I'm gonna pin it. If you are in between jobs right now and you want to stay kind of in that, that active learning, active engagement, the vibe of getting up, you know, showering, getting dressed, going to work, right? Like, go work on yourself. This is a great way to have a week carved out for yourself and, and break the monotony of waiting for a reply from a job application. All right, great course. I love it. All right. Also want to say shout out to new sponsor. Okay, check this out. AR Area. Excuse me. Area is sponsoring for the month of January. There is a link in the description below. Go check this out. Guys, you know that I was like super excited about AI and AI agents and learning about AI agents. Area is killing it. Your leadership teams demanding AI automation. Whose team isn't right? Employees are using it throughout the workforce. You don't even know what tools they're using. Shadow AI is all over the place, creating vulnerabilities, compliance risk, of course, fragmented solutions you can't control and the risk begin to compound exponentially. Your sales team's using one tool, your marketing team's using another. Nobody's tracking anything. It's ridiculous. And with one incident, one failure, it could cost you your IP theft, your regulatory fines, competitive position. Even your best talent could get poached away. It could be gross. But what if AI became an advantage instead of a risk, right? What if your teams could innovate faster while staying completely secure? And that's what Area delivers. A unified platform that combines AI security, governance and orchestration so you don't have to choose between innovation and protection. That's right, guys. It's like legit. Like, it kind of solves the problems that most people are having with AI adoption in your organization. Take control today. Turn your AI stress into AI success. Ready to embrace enterprise AI? It's worth a checkout visit. Area, Enterprise AI platform for secure and scalable solutions to see the platform in action. Go check it out at AI r I a.com so it's basically area except instead of E it's a I R I A a I R I a dot com. Go check it out. I think it's really cool. A lot of WYSIWYG stuff. If you've used the let me know and chat holler at you. Let's hear quickly from Threat Locker and then we're gonna dive head first in the news. So go. If you like to wear one of those like rubber caps over your hair when you swim, either keep your hair clean and dry or to make you fast like Michael Phelps, go grab one of those because we're diving in after the Threat Locker ad. Let's go. I want to give some love to the daily Cyber Threat Brief sponsor, Threat Locker. Do zero day exploits and supply chain attacks keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how ThreatLocker can help prevent ransomware and ensure compliance. Visit threatlocker.com DailyCyber. All right y', all, listen, it's been two weeks. I don't know if Daniel and B said it, but do me a favor, sit back, relax and let's let the cool sounds of the hot news wash over all of us. Each one of us in an awesome wave. I will see you at the mid roll. Let's cook baby. From the CISO series, it's cyber security headlines.
B
These are the cybersecurity headlines for Monday, January 5, 2026. I'm Steve Prentiss.
A
All right, Steve.
B
Palo Alto Network's boss calls AI agents biggest insider threat. This is according to Chief Security Intel Officer Wendy Whitmore, describing these as the new insider threat to companies in 2026. She describes the threat as a double edged sword because CISO and security teams find themselves under a lot of pressure to deploy new technology as quickly as possible. And that creates this massive amount of pressure to go through procurement processes, security checks and to understand if the new AI applications are secure enough for the use cases that organizations have. She added, quote, one of the risks stems from the super user problem which occurs when the autonomous agents are granted broad permissions, creating a super user that can chain together access to sensitive applications and resources without security teams knowledge or approval. End quote. More details from her interview are available in the show notes to this episode.
A
All right. Hey, what's up, Grady? Don't worry, we just. We just got cooking, buddy. Doom. Cracking. I missed it too, buddy. All right, so check it out. If you have been a longtime follower of Simply Cyber, you may recall last April I went to San San Francisco RSA and I did a lot of work with Cisco while I was there. And they were all about, you know, the agent, the agent, the agent, right? And. And for good reason. Agentic AI is kind of the evolution, right? So 2023, lots of us are using text fields and just typing in kind of transactional one way like, or one shot prompts, right? Like, you know, whatever, gem, chat, GPT, like read a report for me or write a python script that does something. Then it's like. And pukes it out, right? Well then we got a little bit more creative, a little bit more orchestrated. Hey, agent, you do this one thing. Hey, other agent, you do this other thing. Hey, other agent, you do this. And now let's let them get together. And now you're very good at what you do. And this is why people are like, oh my God, AI is coming to take my job, right? Because they're starting to be very task specific. Well, the big call to arms in 2025 was. Hold on, how do I do? The big call to arms in 2025 was, oh, human in the loop. Like, dude, if I had a nickel for every time someone said human in the loop, the Buffer Oer Flow studio would have a gold fountain back there just pissing gold. Like everybody. Human in the loop. Human in the loop. The I. That. That's fine. But you have to remember that we have AI identities or machine identities now, right? There's always been system accounts, there's always been user accounts, but now AI and agentic AI are getting their own accounts. And you have to account LOL. Jesus. You have to. Oh, by the way, my 13 year old informed me that spelling out like LOL or OMG, like spelling those out means I'm old. Like, so, by the way, just spoiler alert, if you spell out lol, you're old according to the. The youngs. Okay, so check it out. You still have to account for these new identities in your environment with logs and stuff. And as the Palo Alto Chief Security Intel Advisor points out, you're giving these people or these people. Jesus, you're giving these AI agents super access to be able to do all the things. This is. I'm telling you guys, this makes me feel like it's 1999 again and not the Prince version, which was awesome, but it's 1999 again where we're starting to put systems. Well, maybe early 2000s, we're starting to put systems together, you know, servers, active directory environments. And everybody's like oh, like just right click permission all or permission everyone. And now everything seems to work. Hey, this application's not working. No problem. Just give it access to everything. And because you do that, you introduce massive risk. Which gets back to the point that I was just mentioning a moment ago when I was doing the area ad read, is that gone are the days where you had to have like a super user privilege to like rightclick and apply these privileges, these agentic AIs, they're being installed and deployed and unfortunately they're getting access because management's like, yo, listen, we're going to be using this, we need it. I saw the demo at the vendor booth at the conference and it's going to make us oodles of money. Great cash, homie. So implement it, nerd. And we're just like, oh my God. So here's what I would say. Here's what I would say to you. Number one, you know, whatever. Like, welcome to GI Joe. Knowing's half the battle. Okay, I think we actually have a lesson learned thing. Hey, super Zoomie, good to have you. Coffee cup. Cheers to you too. That was supposed to be all coffee cup, not. This is fine. Listen, where is the more you know link? Oh, there it is. Listen, the more you know first, knowing's half the battle. Be aware these agentic AIs are introducing massive risk to your environment. Not so much attack surface, but it. Because it has access and because it's designed to be engaged with oftentimes do specific things. Threat actors, if they're able to get access, can utilize these tools to be even more effective, move quicker and have bigger impact on incidents in your environment. So number, so whatever awareness is number one. Number two, I would say as best, as best you can put some governance around these things, you'll. Listen. If you're going to be using AI agents, fine, but we need visibility. Number three and if possible start. And I'd have to check with Wade Wells, my resident threat hunting aficionado and all the blue teamers in chat if you got any thoughts on this. But dude, starting to account for what AI behavior looks like in your Environment. And you know, is it, is it, you know, overstepping its boundaries? Right, so privileged access management is a very difficult control to implement. Very difficult. I think it's AC7. Hello, NIST853. I know it's been a minute. Hello, darkness, my old friend. Hold on one second. It's been a minute. I was on vacation. But I think AC7's least privileged. Oh my God. Unsuccessful log on attempts. Gross. AC6. I'm slipping, man. AC6, least privilege, which is essentially you achieve that through privileged access management. If you can implement that on the AI agents as a governance best practice, whether it's a human or an AI, it still only needs permission. And what it needs permission to, that can help manage the risk exposure to you. All right, all right. So that's the first story. Let me see. Can I. Oh my God, man, can I do this? 35 months. Okay. Happy New Year. I'm dropping my own. My own blue badge here. Happy New Year. There we go. All right, let's keep cooking.
B
Hackers claim RE security hack firm says it was a honeypot. Threat actors associated with the Scattered Lapses Hunters group claimed to have recently breached the systems of cybersecurity firm RE Security and stolen internal data. RE Security, however, says the attackers, quote, only accessed a deliberately deployed honeypot containing fake information used to monitor their activity. End quote. This past Saturday, the threat actors published screenshots on Telegram of the alleged breach, claiming they stole employee data, internal communications, threat intelligence reports, and crime information. However, representatives from Shiny Hunters have told bleeping computer that they were not involved in this activity despite being associated with the Scattered Lapsus Hunters group. Thousands of cold.
A
All right, all right, I guess. Okay, so a couple things here. One, One, this is like I, you know. Okay, so listen, threat actors have evolved over time, by the way, if you're new here. I like to edge. I'm an educator, okay? I love educating. I like to go beyond the headlines. I like to help people understand, not just like this story, but like the, you know, background or, you know, grounding of the story, all these things. So listen to this. Normally threat actor groups, you know, it's just like punch you in the mouth, steal your money, move on to the next victim. But some of them evolve into, you know, more organized enterprises now. Shattered Shattered Scattered Spider Lapsis and Shiny Hunters recently formed like a, you know, a maligned Voltron. And they're younger people, they kind of run around in what they call the calm. And they basically have like, hey, you're. You're kicking Butt. I'm kicking butt. This guy down the, down the hall in the dorms is kicking butt. Let's get together and kick butt together. And they're like, sure. This next evolution seems like they're doing PR and crisis management, which is wild, right? So here's the deal. Somebody's lying, okay? Somebody is lying. This company re security deployed a honeypot on the Internet. Now anyone can deploy a honeypot on the Internet. All right? In fact, if you're looking to deploy a honeypot on the Internet, may I recommend teapot teapots. Like as far as I'm concerned, like the bees knees here. I'm gonna drop a link to it. It's open source. GitHub. If you, if you've deployed teapot in your life, let us know in chat. We'll have a. We'll have a teapot session. Anyways, they deployed a honey pot. The reason you do that is to get intelligence and threat intel on attackers, right? If I deploy a honeypot that has log 4J vulnerable in it right now on the Internet and it doesn't get popped for a week or two, well, then I know that threat actors in real life are not actively looking to exploit log 4J right? Now. Say there's a. You know, I'm sure there's gonna be a story coming up here. Again, I don't research or prep for any of this story, so I have no idea what's going to be coming down the pike. Okay? Because ain't nobody got time for that. Ain't nobody got time for that. But let's say, you know, like, I don't know. Yeah, let's just make. I don't know if real Bilbo's here. Let's just pretend Fortinet has a. A new zero day that just dropped. Okay? Fortinet has a new zero day that just dropped. Imagine. I mean, I think if we just wait till Wednesday, we'll get one of those stories. But. And you are running that Fortinet or you're a security researcher and you want to know, hey, are there active exploits in the wild for. For this Fortinet zero day? You could stand up a honey pot with the vulnerable service running and see how long it takes to get exploited. And then you can even get indicators of compromise based on that exploitation, which is great from a defender perspective. This is why honey pots exist. And this is why re security deployed one. Now, like I said, somebody is lying here. The honeypot got attacked, which is by design. Okay. By the way, if you want to Learn more about Honeypots, John Strand's active Defense and cyber deception course that's coming up in a few weeks. Literally, this is. This is a form of cyber deception, is a honey pot, right? Hit a honey pot. Don't. Don't hit me. Shiny. This, you know, amalgamation of Shiny Hunters, threat lapses, whatever. Scattered Lapses Hunters, I guess they're calling themselves. They claim, oh, this wasn't us. We were not affiliated with this. However, somebody posted on the official Telegram channel that they did pop resecurity and that they do have information. And it looks like they. It looks like they're also saying that they published screenshots that they allege were stolen. Okay, they also. This is personal, but because they're saying for months, RE Security has been trying to socially engineer us, and we know who they are, and that's why we attacked them. Okay, so here's my thing. If this is on the official Shiny Hunters telegram, I don't know, man. I don't know how Shiny Hunters is. Like, it wasn't us, right? I mean, it's like the calls coming from inside your house. Now, it could be a rogue operator. Shiny Lapses Hunters is a ransomware as a service. They have affiliates and stuff like that. Not entirely affiliates, but they do have affiliates. So tldr, someone's lying here. But to me, it's just funny because it's like public relations and crisis management from one of these two businesses. Either RE Security got punched in the mouth and had their stuff stolen, and they're saying that it was a honey pot. No, nothing to see here. Or Shiny Lapses Hunters thought that they hit a gold mine and they're actually just dumping fake data and they don't want to lose credibility as a legit threat actor. Either way, the TLDR for you here is. This is an interesting story. Get your popcorn right, Start wolfing that down and, you know, play with a honey pot. The final thing I'll say really quickly about honey pots, and I got this tip from Eric Capuano. If you guys know Eric Capiano, the dude's awesome Honey pots deployed on the Internet. So if, listen, you can employ honey pots in like two places on your internal network and on your Internet facing network, right? An Internet facing honeypot is great for research, great for threat intelligence, but it's not very good for. For much else. A honeypot inside your internal environment is one of the highest fidelity tools you can deploy as a defender. Let me repeat that, okay? A honeypot is one of the highest fidelity tools you can Deploy in your environment. As a defender, we have dlp, mfa, you know, backups. We have all sorts of great tools in our toolbox. If you stick a honey pot in your environment and it gets knocked over or probed or you know, like a little, A little, you know, like. I don't know why Jesse Johnson comes to mind, but like a little under the, a little under the hood action. If you, if you're picking up what I'm putting down, you get a little tickle in a place that there shouldn't be fingers. Okay? That means a threat actors in your environment. It is one of the highest fidelity ways to confirm the. That you have a compromise active in your environment. Because if you have a honey pot no one knows about, a threat actor will not know that it's part, not part of your environment. And a threat actor is going to go left or right spraying your environment laterally or to find lateral movement opportunities. They're not going to know Jan in accounting, my aunt or Thea coming in for a visit. They're not even going to attempt to look on your network for that honeypot. High, high fidelity. Don't sleep on honey pots. They're good. Okay. Also, thank you for the. Yeah. Oh yeah. No. Flu season's been brutal. Flu season ran through my house.
B
It was gross fusion exploit attempts spotted during Christmas holiday According to security firm Gray Noise, a coordinated campaign that exploited a dozen Adobe Cold Fusion vulnerabilities resulted in thousands of attack attempts over the Christmas 2025 holiday. The attack appears to be mostly from a single threat actor operating from Japan based infrastructure. Most of the activity, amounting to nearly 6,000 requests occurred on Christmas Day. Covenant Health announces.
A
All right, hold on. What are we doing here? Thousands of cold fusion. What? Okay, listen. I don't research or prep for these shows because I want my honest, my honest reaction and my honest hot takes for you guys. Oh yeah. Roswell UK is 100, right? Listen, if you can't deploy a honey pot because of your skill capabilities or because your environment won't allow you, don't sleep on Canary tokens. This is one of my favorite tools, Thinks Canary. This company right here, never been a sponsor. I will scream from a mountaintop how great this product is. Drop these tokens in your environment. For sure. For sure. We should get. I should contact them. I would love. I wear their shirts and stuff. It's such a cool company. All right, so listen guys. 1997 called. They want their web application development solution back. Okay. Or that was Dreamweaver. Cold Fusion was part of the Adobe suite back in the day when Adobe was like really bad. Oh yes, you can see Adobe really going for it. I haven't. Dude, I thought Cold Fusion had been deprecated. Honestly, I. I hate to be such a. An old here, but for real Cold Fusion. Yikes. Looks like a single threat actor, Japanese based is generating about 90 of the traffic exploiting more than 10 cold fusion CVs from a year ago. Listen, this 100% checks out to me, okay? Again, this is why you have to do this every single day. Because you start seeing trends and stuff. Listen, one person is accounting for 98% of the tax. Do you know why? Because cold fusion is not hot. Ok? Did we just become best friends? Hold on. That was a misfire. That was a Will Ferrell misfire. Cold fusion not hot. That Hansel so hot right now. Seriously dude. So if I had to guess, either this is some threat actor who got all geeked up about learning learning some type of vulnerability in an attack. Hold on one second. The attacks use Project Discovery Interact for out of band verification with Jindy LDAP injection as the main vector. Jindy LDAP. If I'm not mistaken, this is what log4j did, right? Hold on one second. Standby. Log4jindy. Yeah, yeah, log4j headed Jindy. Which, that's an acronym. I can't even remember what it is, honestly. But Java naming and directory interface. So log4jvibes still kicking it in 2026, most of the activity occurred on Christmas day. Thanks a lot, you peckerhead. Everybody, Everybody wants to work on Christmas Day, you jerk. Okay? 5,000 malicious requests targeting US based servers. Okay, so here's the deal. Number one, it's January 5th, so if you're just finding out about this now, I got news for you, you really should have been on top of this already. Okay, so there's a, there's a bunch for me to unpack here for you. What's up? Zach Hills in the chat, ladies and gentlemen, Zach Hill. Listen, let me unpack this for you. Number one, if you're running cold fusion in your environment and you did not know, that's a major opportunity to improve, okay? If you're running kind of like a. I don't know if Cold Fusion's officially supported still, but I feel like it's. It's deprecated. Okay? So you should know if you're running cold fusion in your environment, number one. Number two, these are CVEs or vulnerabilities from 2023 and 2024. Hello, I'm Jerry calling you from 2026. All right, it's 2026. These vulnerabilities have been patched. Unless cold fusion is end of life and they're not being patched, which means you should have gotten off of it in the last year or two anyways. Not saying I told you so, but for real, number three, and this is probably the one that is the most. Like, you wouldn't hear about this in a classroom, but you know, these attacks occurred on Christmas Day. Guys, you know who works Christmas Day? And I, I say this with all the respect it warrants, okay? You know who works Christmas Day? Junior engineers, junior analysts, people with less time in the seat. Not because they, you know, know less, but because the people who are older or have worked there longer, they want to take Christmas Day off because they want to do the Christmas things. So whether it's New Year's Eve, Christmas Day, Fourth of July. Right, whatever. Threat actors like to target these holidays because it's usually a skeleton crew and it's usually less experienced people who can't handle the incident response pieces. Right? So just be aware of that. Fuzzy. WCTX says they were a first timer last week. Welcome to the party, pal. Welcome to the party, pal. All right, Triple D saying I'm looking 20 years younger. Wait until tomorrow. I'm going to cut this beard off or at least trim it way, way down and you'll feel it. All right? So anyways, whoever this threat actor is, like, great work. You exploited like a three year old vulnerability. Noise.
B
May ransomware attack damage. The healthcare organization based in Andover, Massachusetts, which suffered a ransomware attack last May, is now notifying customers that their personal and health information may have been compromised. The organization has increased the number of individuals affected from an initial 7,800 to a slightly larger number, 478,000 in December. The Qilin ransomware group has claimed responsibility for this attack.
A
Oh yeah, this threat actor group, they got five on it because they're chilling. It's the chilling ransomware group getting after it. Guys, if you work in healthcare, you know already that you are a prime target for ransomware. Threat actors, manufacturing and healthcare are delicious. They are an absolute filet mignon, prime rib, grade A Angus beef. You know, it's coming directly from the ranch style meat for threat actors because the number one in health care, patient safety is top priority. So if a system goes down, the threat, an organization is more likely to want to get it back up immediately because you. There's been all sorts of documented instances. Women in labor who have to be rerouted to a new hospital because the hospital is down from ransomware. And then losing the baby, like we've had that, we've had stroke. People get rerouted and have issues. So there can be real human impact. And the chilling group knows what's up. So I will tell you, the Covenant healthcare originally reported 7, 800 records impacted and then they had to upgrade their total to478,000. Two things jump out right away. Number one, I don't think that this was, this was not like Oracle when Oracle was like, no, no, we didn't get breached. No. And the threat actors are like publishing all sorts of Oracle evidence and they're like, no, wasn't me, wasn't me, wasn't me. This is much different in healthcare, 500 is the magic number as opposed to 3 is the magic number, right? Little Dea Soul reference Dr. After 500 records, you have to report to Healthcare and Human Services Agency's Office of Civil Rights, which means you go on a wall of shame and you have to send out all these notification letters and everything like that. So from 7, 800 to 478,000 like it it more people are impacted, but it doesn't really change kind of the status of Covenant Healthcare. I will tell you this, I did talk to a good friend who works in healthcare recently and they are dealing with, or they dealt with a incident. And guys, I just want to make that this is another one that you would never ever learn in a classroom. I don't care how cool a classroom you got, right? Newest tech next, you know, AI enabled classrooms, you're not going to hear this. Listen, when you have a data breach in a healthcare organization, right? Guess what? There's no you. You don't hit control A on the environment and then count the number of records and there's your magic number. No, no, no, no, no, no, no. Imagine if you will, a file server got taken as part of this attack, right? And in the file server were 600,000 PDFs, how are you going to know whose information is in those PDFs or not in those PDFs? Yeah, you can use some tools to read the PDFs, maybe you can use AI, but there's no easy clean Control A, Control C, control. There's no simple way. It is back breaking manual labor in a lot of instances because you can't just like, let's just say half a million and move on. Like these are real people's information. And because protected health information was part of the Compromise. You could have some really sensitive things in there, right? Maybe sexual orientation, maybe sexually transmitted disease, maybe, you know, other things that are considered, you know, very sensitive from a social stigma perspective. Right. You know, an underage person who had an abortion, right. And doesn't want their parents to know. Like, there's all sorts of things that it's not just like, oh, I went to a dock in the box and got a flu shot. Who cares? Listen, privacy is an individual experience, right? Like what you want to keep private versus what someone else wants to keep private. There isn't a one size fits all. So for these healthcare organization, it is incumbent on them to get it right, but not just from a good person perspective, but from a liability perspective. So I'm not going to dunk on Covenant Health here. Tldr, though, is like, yeah, they suffered a data breach. Hopefully they got it cleaned up. This was in May of 2025. So if you have the impact from this has probably already been felt. Throw. Throw another log on the tire fire. That is your identity theft protection stuff. Guys, I have been gone for two weeks. I realize I'm running late on the show format. Give me some grace. I'm feeling myself. The coffee's delicious. I'm feeling good. As Triple D pointed out, I don't look like a. I don't look like I should be putting a body bag. Johnny. Right? I don't have bags under my eyes. That was a Karate Kid reference. If you don't know it, you should. It's a good one. Put him in a body bag. All right, let's keep cooking.
B
Huge thanks to our sponsor, Hawks Hunt. A small tip for CISOs. If you are unsure whether your security training is actually reducing phishing risk, check out what Qualcomm achieved with Hawks Hunt. They took their 1000 highest risk users from consistent underperformers to outperforming the rest of the company, driving measurable human risk reduction and earning a CSO 50 award. See the Qualcomm case study@hawkshunt.com Qualcomm that is H O X H U N T.com quality.
A
Welcome. All right. Get him in a body bag. Yeah, it's like that guy had one line. One line. And you know what? He made the best of it, that guy. I salute you, brother. All right. Hey, let's blow out the copyright strike because why not? It's first day back. Let's do it. Listen, someone who just showed up's like, put him in a body bag. What? What are we doing here, guy? Yo, Check it out. Welcome to the mid roll guys. Thank you all so very much for being here. I appreciate you. It's great to be back in the stream. I do plan. I have a dude, guys. Like I said, I disconnected for two weeks so I haven't even put together a punch list of things that need to be done. I do know I will be updating some of the emotes, some of the sound effects on the soundboard. The drink will definitely get an emote and more. Guys, thank you all for being here. What are we doing on headcount 361 of you guys ready to get back into it? I want to remind everybody a couple great things. One stream sponsors, Threat Locker, Anti Siphon Area and Flare Academy. Guys links are in the description below. I will tell you whether you choose to use the product or not. I would ask you to click the links and check out, check out the sponsors. Okay. They do enable me to bring this show to you. Cost you nothing to be here because they are paying for the show to be produced and it goes a long way to help. It goes a long way to help, right? So please take a minute, click on the links, check out the product. I do want to tell you about Flare Academy though. Flare Academy does not have. They're taking a little bit of a break but there's going to be an entire list of learning opportunities in 2026. If you didn't know. Flare Academy hosts these two hour workshops. Flare is a cyber threat intelligence company that goes deep into the dark web and the Cyber Threat Actor forums to mine information. So you don't have basically these guys put on waiters and go muck around in the pluff mod and bring back oysters so you don't have to get dirty. Check it out. You can learn from them. I'm actually doing one of the webinars with them in 2026. I'm feeling pretty cool about that. So go check it out. Simply Cyber IO Flare. Simply Cyber IO Flare. I gotta tell you guys on a personal note, I really like the people at Flare. I think the organization's very cool. I think the product is cool. But I love the people so I'm really, really pumped to continue to work with them. Every single day of the week has a special segment and Mondays is Simply Cyber's community member of the week. Sponsored by Threat Locker. Threat Locker takes a deny by default approach to application security. Just like Simply Cyber takes a community based approach to, you know, basically service and helping each other. And I'm super pumped because Threat locker sponsors that I get to give the Simply Cyber Community Member of the week a dollar Amazon gift card or some Simply Cyber merch. Guys, I would love to call your attention to this week's Simply Cyber community member, Erica McDuffie. Now, Erica McDuffie you might recognize from two cyber chicks, but she is a longtime Simply Cyber Community member. She has done multiple interviews on the channel, bringing GRC guidance and helping people level up and be GRC professionals. I'm a huge fan of Erica and the reason I selected her this week is because we actually just started our 2020, 2026. Every single Sunday at 4pm we're dropping a new video and we dropped this video yesterday. Go check it out. If you haven't seen it yet, I think it's a banger. It's a whole new format of a show. I'm gonna have so many of these type of videos coming up. So I know AB already saw it and a couple others. But listen, I interviewed three different GRC professionals and asked him the same interview question and got three different responses based on experience. And Erica was our senior practitioner and she absolutely slayed her answers right here. Look at her. Just like dropping knowledge. Dropping knowledge. Guys, if you are looking to work as a GRC analyst, Erica has taken time, energy and effort and contributed amazing value. So go check that out. And congratulations to her. Not to take away from her, but I also want to say Jesse Johnson, the cosmic cowboy, was in here and Shamira Gonzalez also in here. So appreciate all of them. So definitely appreciate Erica. Thank you so very much, Erica. I will connect with you to get your prize to you. Now, everybody, let's let. Let's let this wash over us. Hey, if you feel like dancing like nobody's watching, do it. I'm gonna be doing it even though I got 300 people watching LA. All right, holla. I hope Alpha Sierra is here and enjoyed that. All right, let's keep cooking, y'. All.
B
Sedgwick confirms New Year's Eve cyber incident. The claims administration company has confirmed that its government focused subsidiary is dealing with a cybersecurity incident. Sedgwick provides claims and risk management services to federal agencies like the dhs, Immigration and Customs Enforcement, Customs and Border Protection, Citizenship and Immigration Services, the Department of labor, and cisa. The Trident locker ransomware gang has claimed responsibility. Sedgwick stresses that its government solutions arm is segmented from the rest of its business and that no wider Sedgwick systems or data were affected. End quote.
A
Oh, yeah, dude, when you got These big fat DOD contracts or federal government contracts, you definitely want to be crystal clear that that data was not involved. Oh, yeah. No, no, no, we're good, we're good. Nope, no, no, no, no. Keep sending the checks. All right? I haven't heard of Trident Lock, a ransomware gang. Listen, this is a company that's dealing with a ransomware attack. Threat actors only stole three gigabytes of data. I mean, that's not nothing. But in the grand scheme of 2026, ransomware, dude, three gigs is like threat actors will publish three gigs of data just to demonstrate that they act, they've successfully attacked you, whatever. So this is a company, if you're not doing tabletop exercises, if you're not protecting from basic ransomware attacks, having like, backups, recovery, making sure people know what they're doing. There's some other, you know, best practices. Like it gets into specific tooling, right? There's tooling that can detect mass amounts of data is being. File names being changed to like, whatever, and then interrupt and kill those services or kill those processes. Anyways, what I want to tell you on this one is, and this is like a full disclosure, two things. One, on New Year's Eve, threat actor attacked. Go back into the wayback machine 30 minutes ago, where I just told you that this Japanese guy that was going ham on cold fusion for whatever reason on Christmas Day chose that day because it's skeleton crew, you know, another day, New Year's Eve. Do you know why? Because the senior administrator, Kevin, is hammered. Okay? I'm. I'm being playful and eccentric to, to make a point, but, like, people are out having a good time. People are, you know, eating food, drinking booze. You know, maybe they're standing in Times Square wearing a diaper or whatever. I don't even know how those people in Times Square stand there for 10 hours and not lose their spot. Okay? But anyways, this is a time to do it, so that reiterates my point. And then secondly, I just want to tell everybody in full disclosure, until today, I had never heard of Trident Locker group. So don't think if you hear a threat actor name like Trident Locker or Chillin was another one earlier today. Like, if you haven't heard of these. Listen, if you haven't heard of a threat actor group name, that doesn't mean that you're like slipping or, you know, like, it doesn't mean that everybody else here knew about it and you didn't. Right? A lot of imposter syndrome happens in cyber security. You just gotta Ride the lightning and embrace the uncomfortable. I never heard a Trident Locker. I've worked in cyber security for like a thousand years. Never heard of them. Doesn't matter. Because at the end of the day, I don't call. I don't care if they're called Trident Locker, Flaming Donkey, or Flim Flam Jim Jam. It's a threat actor group deploying ransomware. I know ransomware. I know the problems of ransomware. I know the impact and I know the defensive mechanisms to limit the impact of that ransomware. So call yourself Try and locker today or, you know, you know, whatever. Demir Locker. Right? If you want to go that route. It doesn't matter. It doesn't matter.
B
Finland arrests two from ship suspected of cable break. Following up on a story we covered on Friday. Finnish police have now arrested two crew members of a ship suspected of damaging an undersea telecommunications cable, and they are interviewing others. The ship, named Fitberg, has a crew of 14, reportedly from Russia, Georgia, Azerbaijan and Kazakhstan. It was seized on December 31 following a rash of cable faults detected in the Baltic Sea. The investigating authorities are currently conducting crime scene work on the seabed near the damaged cable cloud.
A
All right, so two things here. Number one, is this an actual photo? Damn, dude, don't mess with the finish. They'll deploy a chopper and then they'll have these guys drop down. This looks like Battlefield 6, by the way. Like, who was taking this picture? Like, who? I always ask this question, right? Like in movies or in like. Or when there's, like, footage. Like, the footage. Like, I'm not going to get all up into the muck of this, but the footage of the choppers going into Venezuela for that operation that happened recently, that we're not going to talk about on the show, like, who was filming that and then sent it to the State Department. Okay, so anyways, I don't know who took this picture, but, like, clearly a crew member who's like, hey, looks like there's a helicopter with soldiers boarding us. This could be a problem. So the fins not to be messed with, arrest a couple people. Guys, I want to remind you. Look at this. The network stack. We have IT career questions. Zach Hill in chat right now. So he could definitely help with this. This is a classic, you know, you. I guess, help desk situation or early IT career type thing. Guys, you. Someone calls you or you yourself, right? Something's not working. This tv. Like, look at this. Do you see this, like, loading bar bull crap going on? Okay, number one, turn it off and on again. That's Step one, oh, I don't care how old you get. Turn it off and on again. Okay. Number two, it could be a layer one issue, the network. Okay, so listen, undersea cables, they're delivering all sorts of networks bandwidth to you know, Scandinavia and you know, European countries. And yes, you can do elite level zero day hacksaw and do all sorts of like next gen AI stuff. Or you could just drop an anchor and destroy the physical medium. Because whether you break it at layer four, layer six, which is a stupid. Layer five, six and seven is basically one layer. Okay. Or layer one, it's effective. It's like a chain. You break one link in the chain and you're good to go. These fins are pissed off because allegedly these Russians, Aeris and Georgians are basically dragging an anchor across the ground and just ripping cables up. Now how they are going to prove that these people were doing that and how they arrested those two individuals is beyond me because dude, like if I'm out in the ocean, like if I key, Listen, if I key your car, I'm not suggesting anyone key anyone's car, but I feel like this is like a popular thing to do in New England, right? You pissed off at someone, someone slights you, whatever, you just key their car right in the parking lot. I don't, I don't want to, I'm not promoting vandalizing anyone's vehicle. I'm just saying if there's no footage of you keying the car, how are you going to get arrested for that? Just like they're out in the ocean, dude, I've been on boats out to sea. It's not uncommon to not see other vessels for quite some time. Right? So I'm sure they don't have a camera undersea at the level, at the layer. Now I will say that it is possible that they can detect where the break is happening or on the, on the, on the undersea cable and then use maritime GPS mapping to show that this boat was directly above it as the hit happened. So that is possible. All I'm saying is if you're, if you're defending as an organization, you have to protect the entire tech stack, not just the software layer. Right? Okay. Roswell uk. I know about radar. Check this out. Maritime tracking website. I watch this. Yeah, right here. This is kind of like Flight Alive where you can see all the airplanes. Like at any point you can go to this website. It's kind of fun. Like if you're a nerd, it's kind of fun, right? And you could See where all the boats are right now? Now obviously there's no boats. Look at. Yeah, check this out. Ton of boats kind of cruising around Antarctica. A couple boats down here. This is where I went down in Antarctica. Let's see, we got a French boat, a Great Britain boat, passenger vessel. Look at this. Someone, some personal person's just chilling, just chilling down here right now. Hanging out. Look at this. There's. Do you guys see this? This is cool. There are four pleasure crafts. So I guess this is a passenger vessel and then maybe these are like jet skis flying around. I've never heard of a pleasure craft before. It sounds a little naughty, but anyways, yeah, you can go here and check it out. You can even type in your own boat if you want. Here's the Lawrence M. Gould. This is the boat that I was on. I'm just basically going a little bit, going a little bit down memory lane here. Yeah, looks like it's in port right now. Getting service. You can see this is a boatyard. The Goulds getting serviced Email feature abused.
B
In multi stage phishing campaign Researchers from Check Point have revealed details of a phishing campaign that involves the impersonation of legitimate Google generated messages. By abusing Google Cloud's application integration service to distribute emails, the campaign takes advantage of the trust associated with Google Cloud infrastructure to send the messages from a legitimate email address. The campaign takes advantage of application integrations Send Mail Task which allows users to send custom email notifications from an integration lock Bit takedown.
A
This is not a new attack. We saw this. We saw this, I want to say in Q3 of 2025 basically. Because of Google cl, you know, Google Compute and all the services that Google offers through Google Workspace, threat actors have discovered that they can send email and have it appear to be coming from Google itself, which basically this just helps lend authority to phishing emails. Don't sleep on phishing emails, Guy. It's 2026. I get it. We got a lot going on in 2026. But the deal is phishing is still super effective at getting people to do things that threat actors want. Click on things, give emails, give creds, install malware, you know, open the door, what's it? Tyler Ramsby from CairoSec, a phenomenal pen testing company. If you're looking for pen testing services, may I recommend Kairosec? He said one of his tried and true tricks is to call help desk and when the person answers and says hello, it's Marcus Kyler. Can I help you Marcus? Can you work Help Desk For a minute. Just for this example, please. Hey, it's Marcus. Can I help you? Tyler will hang up and then Tyler will immediately call an end user and be like, hello, this is Marcus Kyler. I'm. I'm. I'm. I noticed something on your computer is a mission. And the whole reason he does that is to lend further proof that if the victim is like, oh, wait, I know Marcus Kyler. I've heard Marcus Kyler. I know Marcus Kyler works at Help desk. This is legitimate. They're doing the same thing here. Threat act. Victim gets email, and they're like, oh, wait a minute. It says that I have a failed distribution payment. Seems like bull crap. Seems like a fish. Oh, wait, it's coming from Google. It must be legit. Let me go ahead and, you know, take a huge bite of this hook and get it all jammed up into my gills. All right? This is being through Google Cloud's application integration. I don't know if you can necessarily. Here's my thing. At the. At the email gateway, you cannot block. I mean, you could block this at the email gateway, right? Nobody in your environment. Okay, listen, really quickly. Let me just pause here. This is one of these opportunity bro. This is one of these opportunities where a GRC person gets to work. Okay? So listen, we can apply a million controls here and see what's up. How does a GRC person approach this? Well, threat actors are sending these emails using Google Cloud's integrated application service and tricking my end users. Right. My aunt Dorothea, who also works for me, just called and said, hey, I don't know what just happened, but I fell for this thing. And, you know, I don't want anyone else to fall for it. Okay, so what do I do as a GRC pro or as a blue team? Okay, all the emails are going to be coming from this email. So we have like a choke point. Nor reply.app. integration google.com I could block this at the f. At the email gateway. Nobody in my environment gets an email from this. Problem solved. This is true, but it's also akin to killing a mosquito with a cannon. You can do this, but because. Because this is a legitimate service that Google Cloud offers. Any other service that uses this for legitimate reasons, both externally, your partners and vendors, and internally, maybe you've hooked this up for automation in your environment. Nobody's getting those emails either. So, yes, you can cut your. You can cut your head off. Wait, hold on. That's a stupid metaphor. You can replace all the doors in your house with walls that way no threat actor can break into your home. But guess what, your family's not going to be able to enter your house either. So that's a stupid solution. You need to have much more nuance. Is there a way to detect this? Obviously educating your end users is a top priority. In addition to all this, you can also have like some, you know, I guess, vibe checks on if it's coming from this email, maybe you notify someone. Maybe, maybe if it's coming from this email, you can add an additional, you know, bright colored banner to the email, which is a totally reasonable solution, and say, hey, just so you know, this could be fake, make sure you're doing all the things, kind of a just in time, right? Reminder of your end user. It will be. It will bypass demark and spf, these great email security controls that we have, dmarc, dkim and spf. So don't rely on those exclusively. Just know that there is no bulletproof solution. There is no silver bullet is what I should have said. Security control threat actors are going to threat act and get around things.
B
So.
A
And if you're a student or a security researcher or whatever, this is a great opportunity to show how DMARC and SPF are not complete security controls that are un bypassable. Okay. This is not compromising DMARC and spf, just to be clear, this is bypassing them, which is a different, you know, a different way.
B
Hero RECEIVES OBE OB Gavin Web, senior UK Security professional with the National Crime Agency, will receive an Order of The British Empire obe in the 2026 New Year's Honors List for his role in dismantling the Lock Bit ransomware gang's infrastructure.
A
Yeah, Gavin.
B
The OBE recognizes extraordinary public service and is among the UK's highest civilian honors. Webb played a key leadership role in Operation Kronos, a global law enforcement effort that seized critical systems used by Lockbit, one of the world's most notorious round ransomware groups. Despite not.
A
All right, hold on.
B
Having a traditional IT background, Webb's work significantly disrupted cyber criminal operations and strengthened international cyber security efforts.
A
All right, so Gavin Webb getting the obe. Hey, Roswell, uk, is our resident representative for the United Kingdom. Is this, is this OBE thing like, what's the equivalent? Is this like, is this like a legit given out like once a generation? Or is this like an annual thing that they gotta find someone to give it to, like the Nobel Peace Prize or something? Again, I'm not taking anything away from this dude. Operation Kronos was awesome and anyone involved with it was Awesome. I do want to point out that. Yeah, I mean, I guess TJ brings up a good point. This guy, Gavin Webb, yes, he is getting this, but everybody that was involved as a. Everybody that got taken down, all the criminals who got impacted from the lock bit, ransomware takedown, now have a, you know, a person, a face to go with the Operation Kronos, which is kind of a thing. All right. I do want to point out that this Gavin Webb guy, he probably did do a lot of work, but I, I assure you, 100, there was a team of people underneath him or alongside him working to take care of this. This is one of those ones, man, where personally I always. I don't want to call it like survivor bias or whatever, but it's always tough when you get like a team effort gets done and then you get recognized as like the, The. The. The. The Slayer and you're like, ah, how about, you know, like, like, like the. You guys can't really see it here, but in 20, at the end of 2024, this show got recognized for podcast of the year from Sans. And I made it a. You know, the very first thing out of my mouth after giving recognition to Mrs. Ozer was, you know, the, The. The mods and the people showing up in the community and everything, that. That's what makes it happen. Because I. So anyways, whatever, and this is a win for us. Lock bit was a nuisance. The National Crime Agency, nca, I think that just got stood up not that long ago, kind of flexing a little bit. Our resident UK person, pip pip Cheerio, says it's the fourth highest rank in the most excellent order of the British Empire, sitting below commander and above member. Okay. In a typical year, around 400 people receive an OB. Okay, cool. All right, so, I mean, this is cool, but. I don't know, it's a cool. It's cool. It's a cool career thing. Nice job. Gavin Webb, Operation Kronos. Is there a Darknet Diaries for Operation Kronos? I feel like there should be. All right, let's. Let's pivot. We're a couple minutes over, but guess what? I'm okay with that. I feel good about what just happened. Guys, I want to say thank you so very much. If this was your first episode, I hope you come back. And if this is, you know, a long time, you're a long timer. I hope you enjoyed the show. It's great to be back. It's great to be 2026. I appreciate you. Thank you so very much. I'M Jerry from Simply Cyber. Don't go anywhere because we're about to rip the top off and do some jawjack. And Jawjacking is a today going to be a 20 minute AMA show where we just kick it, have some fun. I'd love to share a little bit about my time off with you guys, so it'll be a little bit more of a personal thing. Have a good one, Artie. Good night to you too. If you guys got to get out of here, peace out. Be well. We'll be back tomorrow at 8am Eastern time. I'm Jerry from Simply Cyber. Until next time, stay secure, don't go anywhere. I'll move us over to Jawjacking. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered and totally free. Let's level up together. It's time for some Jawjacking. What's up? What up, people? How you doing? Welcome to Jawjacking. I'm your host, Jerry Guy. Coming hot off the heels of the daily Cyber Threat Brief hosted by say with me that nerd, Dr. Gerald Ozier. Oh, my God, bro. It's an hour show. You go an hour and 10 minutes. Cutting into my jawjacking time, number one. Number two, like pump the brakes on cold fusion hate. Jesus. Take a couple weeks off and all of a sudden you're feeling yourself. You throwing Karate Kid references around? In all seriousness, it's me, Jerry. I'm here chilling. I'm here to answer all your questions. Listen, I'm gonna share some stuff with my, my break. There were some highs, there were some lows, okay? I. I do want to share some fun stuff with you guys. But as a promise to this community, here's the deal. I get a lot of dms. I even get text messages from people who want me to do things for them. People have questions, they want me to review things they want. They want direct answers to things. I really, I don't have a lot of time. Okay? Time is maybe my most valuable asset I have. So because I cannot do one on one all the time, I have this show, and this show I commit to you is 30 minutes every weekday. And there will be someone in the seat here to answer your questions and help you. So it's mentoring at scale. So if you have questions, answer them. Otherwise, I'm going to go off on a tangent on some other stuff. All right? So Jay Brock, 8377 says, Long time or this marks my two year anniversary of finding Simply Cyber. Hell yeah, dude. Love it, love it, love it. Thanks so much. In recognition of J. Brock's two year anniversary, let's drop five gifted subs compliments of me. There we go. Boom, baby. Boom. Five gifted Subs so Snoops is a member. Kyra's a member. Sorrow Speaks. Welcome to the party, pal. Je and Michelle and then El Cyberpinguino. Guys, all five of you are now squad members. So go ahead, jump into that emo tray. Enjoy that. All right, guys, I'm on Mod chat Mod. So if questions drop in, holler at me. Otherwise, I'm gonna go here. What's up, Code Brew? All right, guys, so check it out. Holiday was great. A lot of introspection. I. I did not do any learning, okay? So I was gonna go learn AI agents and build an agent and all this other stuff. Guys, I really locked it down with my family. So we had a bit of a illness that passed through. You guys may remember. I was kind of like fighting something. Right near the end of my 2025, before I went on vacation, it hit my family. We were all banged up. That wasn't good. I. I realized that I. I spend a lot. Even when I'm with my family, I'm like multitasking and working, and I didn't want to do that. So I. I did like a borderline digital detox. Right. I did play a little bit of video games, but I. I spent, you know, time with the family and everything. We. Mental health's great. Thank you, Amish. Runaway. Mental health's great. I'm feeling good. I will tell you. I do have some friends and group chats, like on Discord and Signal and stuff, where I was like, very cognizant that I was not actively engaged. And honestly, it was more because I just. I was just taking a minute. Okay. Just taking a beat. So. Thank you, Jenny. So it was all good. I will tell you. Sadly, one of my dogs, we found a. Essentially a mass on his body. We had that surgically removed. We don't know exactly what it was, but he's in recovery right now, which has been. Not a strain, but I mean, it's in a place that he can get to and chew at. So we've here at the house, we've been, you know, on nurse duty, if you will. Like, in fact, as soon as the show ends, I'm gonna go in there and relieve my wife so she can take a break and, you know, you know, do do things that she would like to do some questions coming into chat right now. Crypto Cryptic Roses. When applying for roles on LinkedIn, is it necessary or beneficial to reach out to relevant people at the company if no specific recruiter or hiring manager is listed? I would, I would. I mean, I might not reach out to them. So listen, the answer is yes. Okay? Now, number one, if you don't know anyone there, I wouldn't reach out and be like, hey, I applied for this job. Can you help me out? Right. If you do know someone there, I would say, hey, can you help me out? Now number two is, you know, basically, I don't want to call it social engineering, but like, find people. Number one, find people who work there in the cyber department, right? You can kind of like o sent them. Number two, you can comment on their post. You can begin to present yourself into their sphere of awareness. That way, if your resume drops past them, they're like, oh, I remember this person. They, they actually had like a really interesting take on something I said or whatever. You can also use LinkedIn and OSINT to kind of maybe help deduce the tech stack that that organization's using. And then you can adjust your resume to highlight or feature that tech stack. Right. I'm thinking like ServiceNow or CrowdStrike or Splunk or whatever it is. Right? So yeah, yeah. And if there's no recruiter or hiring manager, I mean, for sure, for sure. Cryptic Roses says, what's your view on Try Hacks Me's AI focused training on our data with no opt out? How valuable is it for cyber pros given the recent attention in Tyler Ramsby's post? Yeah, I want you guys to know, or whatever, this isn't like a Flex or anything. I haven't even really said it publicly. But like, so Try Hack Me, reach out to me. You may know that I did the advent of Cyber videos last year. I did several. And the year before that I did a couple. And I think the year before that they reached out to me this year and I declined because of this situation. I am, I am standing essentially with the cyber professionals like Tyler, who's very vocal about this, who are coming out. Here are my thoughts on this. Okay, number one, not the problem to me is not giving these people the option to opt out. Now. It gets nuanced. Okay, so number one, this is Try Hack Me's data. Okay? If you use Try Hack Me for free, then, you know, I don't think you have become best friends. Yep. All right, we got a super chat. I'll get to that in just one minute. Thank you.
B
The.
A
If you, if you're not paying for Try Hack Me, I don't think you really have any. I don't think you have a leg to stand on about them using that data that they've collected for their own development of processes. And product number two, if you are paying for Try Hack Me, then, I mean, then you have a little bit. Because the agreement is I'm paying for access to this learning platform and that's the, you know, here's my money and give me access to the platform. You data mining me is like less cool and offering me the opportunity to opt out, then that's fine. And from a PR perspective and an optics perspective, I mean, Google just did this. Google or LinkedIn, I think they're all doing it right. LinkedIn just did it right. Where they're like, hey, we're going to mine your. All of your data. You have like a week to opt out. And people were pissed off. I mean, I didn't, I didn't make the effort to go opt out. I'd prefer it not be used, but it didn't matter to me enough to go take action. Okay, So I think the problem is them not offering the opt out as far as them using that data. I don't know, man. I mean, I mean, I guess if Try Hack Me never come out and publicly said that they were doing this, so many businesses are using all of the insights that they're getting both to sell as an asset and also to refine product. And also now as far as Try Hack Me, I, I think it's actually kind of counter. And like the final thing I'm going to say. Hey, thanks. Thanks, Rob. Good to have back, Jerry says stones fan. Mr. Cooper, listen, here's my final thing on this one. If your entire business model is to train people to become penetration testers and then you're working on developing an AI tool that does pen testing, I don't know. Aren't you kind of like shooting your golden goose? Right? Unless, unless Try Hack Me thinks that this AI pen testing tool is going to be more valuable and generate more money than Try Hack Me as a learning platform. But it, I don't know, it doesn't seem to me, it doesn't seem aligned to their portfolio. It actually seems perpendicular where they're. You know what I mean? I don't know. All right, so Cyber Risk, which says, anyone else posting on Substack, drop your username and I'll follow you as Cyber Risk Witch. Okay, so Cyber Risk, which is on Substack. Go check it out. I think Substack's a cool platform. There's actually a attorney who has turned into an independent journalist that I like who is on Substack, and I went and checked out his sub stack, and it's actually a cool little platform. I was actually thinking about doing something with Substack, so definitely drop that. All right, so here are questions that Mod Chat dropped that I don't have on stream right now. Number one is can we get Put them in a Body Bag Sound, Soul Shine. Yeah, we can do that. I don't know when I would do it. I don't know when I would use it, but we can certainly entertain it. Cone of Shame or Donut of Doom. I've never heard of Donut of Doom. Cone of Shame is what I've heard of. I'm not a sweets guy, but donuts do sound good right now. Flanders, Ken, with a super Chat. Thanks for the super chat. Did we just become best friends? He says, do you use Flipper, Raspberry PI or Wi Fi Pineapple? I use all three, so I've got a Flipper. My Wi Fi Pineapple is in that cabinet behind me. Although I've never actually used it. I own one, but I've never had a good use case for it. And then Raspberry, and I use those things for security things and. And fun little projects more really, but. And then Raspberry PI. Yeah, I have a Raspberry PI. I haven't turned it on in a few years, though, so I. I probably have an older one. I've done a pie hole with it. That's been fine. I will tell you, I tried to run off a Raspberry PI as my main rig for two weeks, like, a couple holidays ago. And I gotta tell you, it was so frustrating that within, like, three days of trying to use Raspberry PI as my main tool, I just used it to remote into my MacBook and I. I just basically remoted into my MacBook and use my MacBook, so. All right, Mota. Oh, wait, hold on. More questions here. I took the last. Hold on. We got a quick celebration. Motaz Weza says I got a new job, and I'm not sure if this is worth mentioning. Bro, Sith, you are a blue badge. You know, it's worth mentioning. Ladies and gentlemen at Motors, congratulations, dude. I love it. Wrecking ball moments. Love myself some wrecking balls. Great way to start off the new year. Getting back to the questions. STV0887 says I took the last two weeks off and disconnected like you. Do you have any material to recap the last two weeks? Like an end of the week recap video? No, I don't do that. I don't have that. If you really want to recap, what I would recommend is. Let me show you what I would do. What I would do is I would do this. I'm going to YouTube. I'm going to live. All right, let's see what was like last week, December 30th, right? So this was the daily Cyber Threat brief. Is Daniel Lowry popping in? Okay, I. I've noticed that. Here's what I would do. Okay? See this show transcript button, it's going to show the transcript right here on the side. You have to copy and paste it like this. This is what I would do. This is my playbook. Okay, I'm copying and then I'm gonna say, Gemini, summarize this. Oh, my God, bruh. Oh, my God. I don't. Whatever.
B
You.
A
You know what I'm doing here. I would just. That's what I would do. I know what. Look at. I just. I just crushed this. This is what. This just happened. Okay, that's what I would do if I were you. Okay, next one. Gina Gibbons says I'm between jobs and would like to take the GRC course from SC Academy. Does the course come with a certificate? The course does come with a certificate of completion. It's not a certification, but, yeah, it comes with a certificate of completion. It's a great course. I recommend it. I am biased, so ask somebody else who doesn't have a financial vested interest. But, yeah, definitely take it. Gibbons. Oh, oh, oh, oh, yeah. Roswell, uk. We. We actually. So listen, we actually put a cone on the dog, but he's never had a cone. He didn't like it. He basically just sat and froze and whimpered and cried. So what we ended up doing is he's actually pretty chill. He's not really trying to work at it. So he just slept on the couch, like, holding the dog. All right. Continuing to look through chat here. Cryptic roses says, is it reasonable to expect graduate cyber candidates to know Windows Troubleshooting when it is not listed in the job spec but features heavily in the assessment process? Asked Bl. Now you. I think he meant Daniel Lowry. I mean, I think Windows Troubleshoot. I mean, it depends on the job, right? I don't know what job you're talking about, but yeah, I mean, basic Windows troubleshooting. Yeah. I don't know. Here's the thing, if you're going to be. The thing is I think understanding Windows troubleshooting is valuable, but not so you can troubleshoot someone's Windows box. It's more so you can just kind of understand how the operating system works more as a power user and understand like, what is a service, what is a process, if there's like, you know, what's a scheduled task, what's the registry, right? Like those simple basic things that you should understand as a cyber person. Dude, I'll tell you what, like College of Charleston, I've hired. I set up an internship program with the College of Charleston. I was stunned. I don't know if they fixed this yet. I was stunned. Their computer science program, you could graduate with a degree in computer science from College of Charleston. At the time, you did not need to know what networking is. You did not have a networking course. I got these interns and they did. I had to give them a basic, like primer on what IP addresses are and networking. Like they knew what an IP address was, but they didn't understand, like where it came from or, you know, what IPv4 is. And it blew my mind. That's something that you should absolutely understand. Wow, a lot of questions here. Cryptic Roses says, what have people's experiences between the Micro certified Azure AZ 900 cert. Did it help open doors? What study tips? So if you've taken the AZ900, what are your thoughts? And you can add Cryptic Roses with that information. I think I've taken the az. I mean I've taken. I've definitely taken the training that's associated with the AZ 900. Here's a fun fact. You can learn at Microsoft for free. It's only when you take the exam that you have to pay. Okay, I, if it were me, I would go get the AZ500. I think the AZ500 has. I think the AZ500 has more value from a market marketing perspective. Oh, Motaz. Weza says a lot of this changes from consulting to internal GRC experts, all thanks to me. Thank you very much, Motaz. I, I assure you I may have played some role in your transition in your. And you're getting a new job and I'm super pumped to have been able to be part of your journey, but you definitely put in the work, dude. And simply Cyber community members, thank you for helping Motas feel welcome and supported and included. Take care, Jenny. Thank you. Jenny Housley, ladies and gentlemen, helping with the mod chat. All right, last question. I work in an emergency management Handling man made and natural disasters. And I want to add cyber skills to my skill set and also a few certs to my resume. Any advice? Yeah, for sure. So number one, I mean, honestly, what I would say is I would go look at industrial control systems. Cowboy C1Q only because emergency management handling man made natural disasters. A lot of. There's a lot of industrial control systems all up in there. You know, I feel like it would complement what you're currently doing. I'm making some assumptions about the work that you're doing and how it interfaces. If you're interested, go check out Mike Holcomb and I. I think Comptia does have an ICS cert right now. Obviously CompTIA SEC plus is going to be a fine one that you won't lose value on, but check out Mike Holcomb. Hold on one second. This is where I would go. This guy's awesome. I love this guy. Okay, so check it out. You got to go to his YouTube and then go to his playlists and then look at this right here. Getting started in ICSOT. 20 hours. 10 hours for OSINT and ICS. This is it right here. Who asked that question? Cowboy. All right, at Cowboy, we're gonna drop this for you and for everybody else. All right, guys, check it. Check it out now. Thank you all so much for being here. We're often running on a beautiful 2026 reminder. I told guys about this, but if you did not. What's going on here? I told you about this, but oh my God. But if you missed it. Oh, hold on. This is the right video. Laughs. So I just want to remind everybody that we've launched a new series on the channel every single Sunday until further notice, we are going to be dropping a produced video that I think adds oodles of value. You can see here. Right here is the video. Pre Junior and Senior, would you get this GRC interview question right? I don't know. If you're a GRC professional, you can play along. And if you are looking to break into the industry and learn, this video is epic. It literally gives you it a GRC interview question that you are likely to see in an interview. And it gives you three answers. One from someone looking to break in, someone who has been working in the industry for a few years as a GRC professional and then someone who's got 10 plus years as a GRC professional. The answers are phenomenal. I think the video concept is super cool. Go check it out. Would you get this GRC question right? Boom. All right. Code Brew. Good to see you. Justin Gold, Josh Mason, Jesse Johnson, everyone. Holla, holla, holla. Thank you so very much. Okay, hold on. Last question here. I guess there's some talk says could I, could I simplify or engineer a workflow using Selenium Scappy or Beautiful Soup to scrape episode transcripts RD Y1K Josh Mason has said reach out to him. So at Josh, I suppose. Josh, I don't know what your handle is on YouTube, but already go go on the Simply Cyber Discord server. Simply Cyber IO Discord and get after it. Cryptic roses says I was on about Windows xp. I wouldn't expect a. I'm not going to ask someone coming in to a job interview about Windows xp. Windows XP has been deprecated for like a decade. I wouldn't expect them to understand it. All right, guys, thanks so very much. I'm Jerry, your chat. Until next time, stay secure.
Podcast: Daily Cyber Threat Brief
Host: Dr. Gerald “Jerry” Auger, Simply Cyber Media Group
Date: January 5, 2026
This episode kicks off the new year with a rapid-fire rundown of the eight top cybersecurity stories shaping the landscape for professionals in 2026. Host Jerry Auger—known for mixing deep expertise with a supportive community-driven vibe—covers a spectrum of issues: from the evolving threats of AI agents and ransomware, to the resurgence of old vulnerabilities, and the lingering risks of phishing. Jerry provides actionable insights for analysts, GRC pros, blue teamers, and business leaders to stay informed and equipped.
Timestamp: 12:25
"Be aware: these agentic AIs are introducing massive risk to your environment… it has access and it’s designed for tasks, making attackers more efficient if compromised." — Jerry (17:55)
Timestamp: 19:42
“A honeypot is one of the highest fidelity tools you can deploy as a defender.” — Jerry (26:26)
Timestamp: 28:26
“Whoever this threat actor is, great work—you exploited a three-year-old vulnerability. Noise.” — Jerry (34:47)
Timestamp: 34:50
“Privacy is an individual experience… for healthcare, it's so important to get breach response right.” — Jerry (37:27)
Timestamp: 47:15
Timestamp: 51:25
“You break one link in the chain—doesn’t matter at what layer—it’s out.” — Jerry (52:02)
Timestamp: 58:02
“You can replace all your doors with walls—no one can break in, but your own people can’t get in either. It’s a stupid solution.” — Jerry (59:58)
Timestamp: 64:16
On real-world skills:
“Honeypots deployed inside your internal network? Highest fidelity you can get as a defender.” (26:34)
On AI privilege issues:
“Just because AI makes stuff work doesn’t mean it needs access to everything! We’ve been down this road before, it ended badly.” (16:08)
On impostor syndrome:
“If you haven’t heard of a threat actor group, doesn’t mean you’re slipping. Doesn’t matter what name they use; what matters is you know how to handle ransomware.” (49:21)
On healthcare breaches:
“There is no simple way; when it’s PDFs on a file server, you can’t just Control-A and move on. These are real people’s lives.” (36:09)
Special Segments:
Pro Tips:
Stay informed daily: The episode underscores that threat intelligence, old and new, still matters for all cyber defenders, and community comradery makes the journey better and more productive—whether you’re fighting ransomware, wrangling cloud email risks, or just starting out.
“If you’re looking to slay it in cyber, you’ve gotta stay current. And that’s why we do this show every weekday morning.” — Jerry
For more info, discussions, and workshops, visit: simplycyber.io