The RSA Conference, renowned as the world’s largest and most influential cybersecurity gathering, has announced the appointment of Jen Easterly as its new Chief Executive Officer. A distinguished cybersecurity expert and decorated U.S. Army veteran, Easterly previously served as the Director of the Cybersecurity and Infrastructure Security Agency (CISA). In her new role, she will oversee RSAC’s expansive global portfolio, which includes the flagship annual conference in San Francisco, international programming, the esteemed Innovation Sandbox contest, and initiatives focused on AI security and secure software development.
Security Updates from Palo Alto Networks
Palo Alto Networks has released critical security updates addressing a vulnerability with a CVSS score of 7.7 that affects its GlobalProtect Gateway and Portal. This flaw, identified as CVE-2026-0227, can lead to a denial-of-service (DoS) condition in PAN-OS software due to improper checks for exceptional conditions. While the vulnerability primarily impacts configurations with an enabled GlobalProtect gateway or portal, the company has confirmed that there is currently no evidence of exploitation in the wild.
Windows Update Issues
In a recent development, the January 2026 security update from Microsoft has resulted in connection and authentication failures within Azure Virtual Desktop and Windows 365, particularly affecting the Windows App. Users may experience credential prompt failures during Remote Desktop connections across all supported versions of Windows, from Windows 10 Enterprise to Windows 11 25H2, as well as Windows Servers 2019 to 2025. Microsoft is actively working on a resolution and plans to issue an out-of-band update shortly.
AI Missteps in Law Enforcement
The chief constable of West Midlands Police has acknowledged an error made by Microsoft’s Copilot AI assistant in generating an intelligence report. The report mistakenly included a fictional soccer match between Aston Villa and Maccabi Tel Aviv. Initially, the police force attributed the error to social media scraping and Google search results, denying AI involvement. Microsoft has yet to confirm Copilot’s role but emphasized the importance of reviewing the sources of information provided by the AI system.
Cybersecurity Warnings from Western Agencies
In a collaborative effort, Britain’s National Cyber Security Centre (NCSC) has joined forces with its Five Eyes partners, including CISA and the FBI, to issue guidance on securing industrial operational technology. The agencies highlighted the increasing risks associated with remotely monitored systems, which, while enhancing efficiency, also broaden the attack surface for cyber threats. The NCSC has introduced a new guidance document aimed at providing a practical framework for secure connectivity in critical infrastructure sectors.
Ransomware Incident at Kyowon
South Korean conglomerate Kyowon has confirmed a ransomware attack that occurred on January 10, potentially compromising customer information. Specializing in education, publishing, and digital learning tools, Kyowon has approximately 5.5 million members. However, details regarding the extent of the data breach remain unclear, with no group claiming responsibility for the attack thus far.
New Attack Technique Targeting Microsoft Copilot
Researchers at Varonis have unveiled a novel attack technique named “Reprompt,” which allows threat actors to exfiltrate user data from Microsoft Copilot via a single malicious link. This method circumvents existing data leak protections, enabling persistent session exfiltration even after the Copilot application is closed. The researchers noted that the attack exploits a Parameter 2 Prompt (P2P) injection technique, allowing for continuous and undetectable data extraction.
Central Maine Healthcare Data Breach Notification
In an update regarding a data breach reported in June, Central Maine Healthcare is now notifying over 145,000 patients that their personal, treatment, and health insurance information was compromised. The breach, discovered on June 1, involved sensitive data such as names, dates of birth, Social Security numbers, and treatment details.
