Podcasts
CyberWire Daily
Ep 2476
The CyberWire Daily Podcast 1.27.26
Ep 2476 | 1.27.26

“The hackers made me do it,” or did they?

Show Notes
Transcript

Microsoft rushes an emergency fix for an actively exploited Office zero-day. A suspected cyberattack halts rail service in Spain. The FBI probes Signal chats in Minnesota. The UK moves to overhaul policing for the cyber age. Romania investigates a hitman-for-hire site. A UK court awards $4.1 million in a Saudi spyware case. Google agrees to a voice assistant settlement. CISA maps post-quantum crypto readiness. Prosecutors charge an Illinois man over a Snapchat hacking scheme targeting hundreds of women. Our guest today is Cynthia Kaiser, SVP of the Ransomware Research Center at Halcyon, sharing some insight into the AI and quantum threats to cybersecurity and the national cyber strategy. A Best Buy guy tries a creative alibi.

Today is Tuesday January 27th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Microsoft issues an emergency patch for an actively exploited Office zero-day. 

Microsoft has issued emergency out-of-band security updates for an actively exploited zero-day vulnerability in Microsoft Office, tracked as CVE-2026-21509, with a CVSS score of 7.8. The flaw allows attackers to bypass Object Linking and Embedding, or OLE, security protections by abusing how Office handles untrusted inputs in malicious documents. Exploitation requires a user to open a specially crafted Office file, although the Preview Pane remains safe.

The issue affects Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise. For Microsoft 365 and Office 2021 and later, a service-side fix is already live and takes effect after restarting applications. Older versions, including Office 2016 and 2019, remain at risk until formal patches are released, and users are advised to apply registry-based mitigations in the meantime. According to Microsoft, technical details about the attacks remain limited.

A suspected cyberattack shuts down regional rail services in Spain. 

Catalonia faced widespread travel disruption on Monday after a suspected cyberattack shut down regional rail services during the morning rush hour. All Rodalies commuter and Regionales trains were abruptly suspended around 6.45am following system failures at Adif, Spain’s rail infrastructure manager. Thousands of passengers were stranded, prompting the Catalan government to urge remote work and universities to reschedule exams.

Spain’s Transport Minister Óscar Puente said a cyberattack was one possible cause, though this remains unconfirmed. Services later resumed intermittently, according to state rail operator Renfe, which cited a major computer malfunction.

The incident compounded an already turbulent week for Spanish rail, following multiple fatal and injurious accidents nationwide. Barcelona Mayor Jaume Collboni called the disruption unacceptable, while opposition figures blamed long-term underinvestment and demanded accountability.

The FBI investigates Signal group chats used by Minnesota residents. 

FBI Director Kash Patel said Monday that the bureau has opened an investigation into Signal group chats used by Minnesota residents to share information about federal immigration agents, citing concerns that such activity could put agents in danger. Speaking on a conservative podcast, Patel said the probe was prompted by claims that users shared agents’ locations and license plate numbers, though he did not specify which laws may have been violated.

Free speech advocates quickly raised First Amendment concerns, arguing that sharing lawfully obtained information about law enforcement activity is constitutionally protected. Civil liberties groups warned the investigation could chill legitimate speech and public oversight of government actions. The chats, hosted on the encrypted app Signal, have been used by activists and community members to warn neighbors about Immigration and Customs Enforcement activity. Patel acknowledged the free speech implications but said the FBI would “balance” constitutional rights with potential violations of federal law.

The UK plans to overhaul policing to better fight cybercrime. 

The UK government has unveiled plans for a sweeping overhaul of policing, aimed at tackling the surge in cybercrime, online fraud, and other internet-enabled offenses. Proposals from the Home Office call for creating a new National Police Service, described as Britain’s equivalent of the FBI, to handle serious and cross-border crimes increasingly beyond local forces’ reach. Officials say roughly 90 percent of crime now involves a digital element, with fraud accounting for about 44 percent of recorded offenses.

Home Secretary Shabana Mahmood said the reforms reflect how crime has evolved in scale and sophistication, calling them the most significant changes in nearly 200 years. Under the plan, the National Crime Agency would be absorbed into the new service, while local forces remain focused on neighborhood policing. The government also plans major investments in digital tools, artificial intelligence, and national coordination, alongside new oversight for technologies such as facial recognition.

Romanian authorities investigate a hitman-for-hire website. 

Romanian authorities are investigating two nationals suspected of running a hitman-for-hire website that allegedly allowed users to contract assassins online. Police conducted searches in Bucharest and Ramnicu Vâlcea at the request of UK authorities, seizing electronic devices, cryptocurrency worth about $650,000, and large sums of cash. Prosecutors say the platform used cryptocurrency and escrow-style payments to conceal identities and transactions. The suspects face potential charges including organized crime, incitement to murder, and money laundering. Officials note such sites often prove fraudulent, though investigations are ongoing.

A UK court awards $4.1 million in a Saudi spyware case. 

A UK court has awarded more than £3 million, about $4.1 million, to London-based Saudi critic Ghanem Al-Masarir, ruling that his phones were hacked by spyware linked to the Saudi state. Judge Pushpinder Saini found a “compelling basis” that Al-Masarir’s iPhones were infected with Pegasus spyware and that the operation was directed or authorized by Saudi Arabia.

The court said the hacking enabled extensive surveillance and caused severe psychological harm, forcing Al-Masarir to stop producing his popular YouTube content. Evidence from digital forensics researcher Bill Marczak of The Citizen Lab supported the findings. Saudi Arabia did not contest the case, leading the judge to enter summary judgment, calling the intrusions exceptionally grave invasions of privacy.

Google agrees to settle claims of voice assistant eavesdropping. 

Google has agreed to pay $68 million to settle a class-action lawsuit alleging its voice assistant recorded users’ conversations without consent and shared them with advertisers. The proposed settlement, filed in federal court in California, awaits approval from U.S. District Judge Beth Labson Freeman. Plaintiffs claimed Google devices recorded private discussions even without the “Hey Google” activation phrase. If approved, the fund will cover consumer claims and legal fees, with payouts varying by the number of valid claims. Google did not comment.

CISA shares new guidance mapping post-quantum cryptography. 

The Cybersecurity and Infrastructure Security Agency has released new guidance mapping post-quantum cryptography, or PQC, standards to common enterprise hardware and software categories. Issued in response to a June 6, 2025 executive order, the advisory is meant to help CIOs and security teams assess quantum-safe readiness and plan long-term migration. CISA identifies product classes already using, or transitioning toward, National Institute of Standards and Technology PQC algorithms, including cloud services, collaboration tools, browsers, and some endpoint security products. However, the agency stresses that none are fully quantum-resistant yet. Most implementations focus on key establishment, not digital signatures or authentication. The guidance signals that PQC is becoming a practical procurement consideration, while highlighting significant gaps enterprises must address as quantum-safe standards mature.

Prosecutors charge an Illinois man with allegedly compromising nearly 600 women’s Snapchat accounts. 

U.S. prosecutors have charged Illinois man Kyle Svara with running a phishing scheme that allegedly compromised nearly 600 women’s Snapchat accounts between 2020 and 2021. Authorities say he impersonated Snap employees to steal access codes, download private images, and sell or trade the material online, including via Reddit. One client was former Northeastern University coach Steve Waithe, later convicted of sextortion. Svara now faces federal fraud and identity theft charges and is scheduled to appear in court in Boston.

 

 

Next up, I speak with Cynthia Kaiser, SVP of the Ransomware Research Center at Halcyon, as she shares some insight into the AI and quantum threats to cybersecurity and the national cyber strategy. We’ll be right back.

Welcome back.

A Best Buy guy tries a creative alibi. 

A 20-year-old Best Buy employee in Savannah is learning that retail crime dramas rarely end with a plot twist in the defendant’s favor. Police say Dorian Allen helped suspected shoplifters walk out of the Abercorn Street store with more than $40,000 in merchandise, from snack foods to $700 PlayStation consoles. His explanation: online blackmail.

According to the Savannah Police Department, Allen claimed a mysterious “hacker group” emailed instructions on which customers to wave through, threatening to leak nude photos if he refused. Investigators say he could not identify the hackers, describe them, or produce the emails.

Store video allegedly shows weeks of point-of-sale manipulation, totaling 143 items. Allen now faces theft charges, while the supposed hackers remain, for now, safely imaginary.

 

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

And that’s the CyberWire Daily, brought to you by N2K CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: N2K Networks, Inc.