In this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, joined by a special guest. BBC World Cyber Correspondent Joe Tidy is a long time listener and he pops in for a ride-along in the news segment plus a chat about his new book.

This week news includes:

• Did the US cyber Venezuela’s power grid, or do they just want us to think they coulda?
• US govt might boycott the RSAC Conference ‘cause Jen Easterly being CEO makes them mad
• MS Patch Tuesday fixes CVSS5.5 bug and … stops you shutting down
• Wiz pulls off cloud stunt hack that ends with control of everyone’s AWS console
• Millions of Bluetooth devices that use Google’s Fast Pairing will pair with anyone, any time
• GNU inet-tools’ telnetd parties like it’s 2007, and brings -f root unauthed remote login back

Thinkst is this week’s sponsor, and long time friend of the show Haroon Meer joins. As always they’re polishing their Canary tokens - adding breadcrumbs to lead you to them - but they’re also a bunch of giant nerds who now run South Africa’s Computer Olympiad.

Show Notes:

Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York Times https://www.nytimes.com/2026/01/15/us/politics/cyberattack-venezuela-military.html

Why I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity - Ars Technica https://arstechnica.com/security/2026/01/unnamed-officials-tell-nyt-precise-cyber-op-took-out-venezuelas-power-grid/

Layered Ambiguity: US Cyber Capabilities in the Raid to Extract Maduro from Venezuela | Royal United Services Institute https://www.rusi.org/explore-our-research/publications/commentary/layered-ambiguity-us-cyber-capabilities-raid-extract-maduro-venezuela

Former CISA Director Jen Easterly Will Lead RSAC Conference | WIRED https://www.wired.com/story/former-cisa-director-jen-easterly-will-lead-rsa-conference/

Trump officials consider skipping premier cyber conference after Biden-era cyber leader named CEO - Nextgov/FCW https://www.nextgov.com/people/2026/01/trump-officials-consider-skipping-premier-cyber-conference-after-biden-era-cyber-leader-named-ceo/410744/

Federal agencies ordered to patch Microsoft Desktop Windows Manager bug | The Record from Recorded Future News https://therecord.media/desktop-windows-manager-vulnerability-added-to-cisa-list

Windows 11 shutdown bug forces Microsoft into damage control • The Register https://www.theregister.com/2026/01/19/windows_11_shutdown_bug/

CodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig | Wiz Blog https://www.wiz.io/blog/wiz-research-codebreach-vulnerability-aws-codebuild

Critical flaw in AWS Console risked compromise of build environment | Cybersecurity Dive https://www.cybersecuritydive.com/news/critical-flaw-in-aws-console-risked-compromise-of-build-environment/809745/

Never-before-seen Linux malware is “far more advanced than typical” - Ars Technica https://arstechnica.com/security/2026/01/never-before-seen-linux-malware-is-far-more-advanced-than-typical/

VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research https://research.checkpoint.com/2026/voidlink-early-ai-generated-malware-framework/

Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking | WIRED https://www.wired.com/story/google-fast-pair-bluetooth-audio-accessories-vulnerability-patches/

Critical flaw in Fortinet FortiSIEM targeted in exploitation threat | Cybersecurity Dive https://www.cybersecuritydive.com/news/critical-flaw-in-fortinet-fortisiem-targeted-in-exploitation-threat/809863/

CVE-2025-64155: 3 Years of Remotely Rooting the FortiSIEM https://horizon3.ai/attack-research/disclosures/cve-2025-64155-three-years-of-remotely-rooting-the-fortinet-fortisiem/

A single click mounted a covert, multistage attack against Copilot - Ars Technica https://arstechnica.com/security/2026/01/a-single-click-mounted-a-covert-multistage-attack-against-copilot/

Police raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader | The Record from Recorded Future News https://therecord.media/police-raid-homes-of-alleged-black-basta-hackers

Jordanian initial access broker pleads guilty to helping target 50 companies | The Record from Recorded Future News https://therecord.media/guilty-plea-initial-access-broker-r1z

Supreme Court hacker posted stolen government data on Instagram | TechCrunch https://techcrunch.com/2026/01/16/supreme-court-hacker-posted-stolen-government-data-on-instagram/

oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd https://seclists.org/oss-sec/2026/q1/89

How crypto criminals stole $700 million from people - often using age-old tricks https://www.bbc.com/news/articles/c93w30gl5jno

Ctrl + Alt + Chaos: How Teenage Hackers Hijack the Internet https://www.amazon.com/Ctrl-Alt-Chaos-Teenage-Internet/dp/133500193X/ref=tmm_hrd_swatch_0