In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They discuss:

• La France is tres sérieux about ditching US productivity software
• China’s Salt Typhoon was snooping on Downing Street
• Trump wields the mighty DISCOMBOBULATOR
• ESET says the Polish power grid wiper was Russia’s GRU Sandworm crew
• US cyber institutions CISA and NIST are struggling
• Voice phishing for MFA bypass is getting even more polished

This episode is sponsored by Sublime Security. Brian Baskin is one of the team behind Sublime’s 2026 Email Threat Research report. He joins to talk through what they see of attackers’ use of AI, as well as the other trends of the year.

Show Notes:

France to ditch US platforms Microsoft Teams, Zoom for ‘sovereign platform’ amid security concerns | Euronews https://www.euronews.com/next/2026/01/27/france-to-ditch-us-platforms-microsoft-teams-zoom-for-sovereign-platform-amid-security-con

Suite Numérique plan - Google Search https://www.google.com/search?q=Suite+Num%C3%A9rique+plan&rlz=1C5CHFA_enAU857AU857&oq=Suite+Num%C3%A9rique+plan&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIKCAEQABgKGBYYHjIICAIQABgWGB4yBwgDEAAY7wUyCggEEAAYgAQYogQyCggFEAAYgAQYogQyBwgGEAAY7wUyBwgHEAAY7wXSAQczMDRqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8

China hacked Downing Street phones for years https://www.telegraph.co.uk/news/2026/01/26/china-hacked-downing-street-phones-for-years

Cyberattack Targeting Poland’s Energy Grid Used a Wiper https://www.zetter-zeroday.com/cyberattack-targeting-polands-energy-grid-used-a-wiper/

Trump says U.S. used secret ‘discombobulator’ on Venezuelan equipment during Maduro raid | PBS News https://www.pbs.org/newshour/nation/trump-says-u-s-used-secret-discombobulator-on-venezuelan-equipment-during-maduro-raid

Risky Bulletin: Cyberattack cripples cars across Russia - Risky Business Media https://risky.biz/risky-bulletin-cyberattack-cripples-cars-across-russia/

Lawmakers probe CISA leader over staffing decisions | CyberScoop https://cyberscoop.com/cisa-madhu-gottumukkala-house-homeland-hearing-workforce-staffing-levels/

Trump’s acting cyber chief uploaded sensitive files into a public version of ChatGPT - POLITICO https://www.politico.com/news/2026/01/27/cisa-madhu-gottumukkala-chatgpt-00749361

Acting CISA director failed a polygraph. Career staff are now under investigation. - POLITICO https://www.politico.com/news/2025/12/21/cisa-acting-director-madhu-gottumukkala-polygraph-investigation-00701996

NIST is rethinking its role in analyzing software vulnerabilities | Cybersecurity Dive https://www.cybersecuritydive.com/news/nist-cve-vulnerability-analysis-nvd-review/810300/

Federal agencies abruptly pull out of RSAC after organizer hires Easterly | Cybersecurity Dive https://www.cybersecuritydive.com/news/cisa-nsa-fbi-rsac-conference-jen-easterly/810482/

Real-Time phishing kits target Okta, Microsoft, Google https://cyberscoop.com/shinyhunters-voice-phishing-sso-okta-mfa-bypass-data-theft/

Phishing kits adapt to the script of callers https://www.okta.com/blog/threat-intelligence/phishing-kits-adapt-to-the-script-of-callers/

On the Coming Industrialisation of Exploit Generation with LLMs – Sean Heelan’s Blog https://sean.heelan.io/2026/01/18/on-the-coming-industrialisation-of-exploit-generation-with-llms/

GitHub - SeanHeelan/anamnesis-release: Automatic Exploit Generation with LLMs https://github.com/SeanHeelan/anamnesis-release/

Overrun with AI slop, cURL scraps bug bounties to ensure “intact mental health” - Ars Technica https://arstechnica.com/security/2026/01/overrun-with-ai-slop-curl-scraps-bug-bounties-to-ensure-intact-mental-health/

Bypassing Windows Administrator Protection - Project Zero https://projectzero.google/2026/26/windows-administrator-protection.html

Task Failed Successfully - Microsoft’s “Immediate” Retirement of MDT - SpecterOps https://specterops.io/blog/2026/01/21/task-failed-successfully-microsofts-immediate-retirement-of-mdt/

Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission https://grahamhelton.com/blog/nodes-proxy-rce

WhatsApp’s Latest Privacy Protection: Strict Account Settings - WhatsApp Blog https://blog.whatsapp.com/whatsapps-latest-privacy-protection-strict-account-settings

Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects’ laptops: Reports | TechCrunch https://techcrunch.com/2026/01/23/microsoft-gave-fbi-a-set-of-bitlocker-encryption-keys-to-unlock-suspects-laptops-reports/

He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive | WIRED https://www.wired.com/story/he-leaked-the-secrets-southeast-asian-scam-compound-then-had-to-get-out-alive/

Key findings from the 2026 Sublime Email Threat Research Report https://sublime.security/blog/key-findings-from-the-2026-sublime-email-threat-research-report/