Microsoft Patches, Sandworm & Dresden Hack: Cyber Security News

The out-of-band release occurred Saturday for Windows 10, Windows 11, and Windows Server. This was to fix an issue that stopped Microsoft Outlook classic from opening “when using PSTs stored in cloud storage.” A Microsoft Outlook PST file is “a data file used by the application to store a user’s email and other data locally on their computer instead of on the mail server,” and is “commonly used to access mail when offline and back up important messages.” This problem had existed since the release of the January 2026 Patch Tuesday updates. This issue primarily involved classic Outlook, used in enterprise licensing, and not with home installations of Windows.

A second headache for Microsoft involves reports that “some Windows 11 devices are failing to boot with “UNMOUNTABLE_BOOT_VOLUME” errors after installing the January 2026 Patch Tuesday security updates.” This problem issue affects Windows 11 version 25H2 and all editions of Windows 11 version 24H2. Users are reporting encountering a screen of death and systems are “unable to boot into Windows and require manual recovery efforts to boot again.” This is an ongoing issue.

Researchers from ESET state that the cyberattack, described as the largest the country has seen in years, was the work of the notorious Russia-aligned APT group. Sandworm is best known at least in 2025 for attacks on infrastructure in Ukraine. The attack on Poland’s power grid, which occurred in the last week of December involved data-wiping malware that ESET has named DynoWiper. ESET researchers have also highlighted the fact that “the coordinated attack occurred on the 10th anniversary of the Sandworm-orchestrated attack against the Ukrainian power grid, which resulted in the first ever malware-facilitated blackout.”

(ESET – WeLiveSecurity)

On Wednesday, one of Europe’s oldest museum groups, Germany’s Dresden State Art Collections, suffered a targeted cyberattack that left it with limited digital and phone services, and no ability to process online ticket sales, visitor services, or transactions at the museum shop. The museums remain open to visitors and the culture ministry said “security systems protecting the collections were not affected and that both physical and technical security remain fully intact.” Officials have not attributed the attack to any group, and it is not clear whether the incident involved a ransom.

Huge thanks to our episode sponsor,
Conveyor

The maker of athletic footwear and apparel had been listed as a victim on a Tor-based leak website operated by the WorldLeaks gang, along with a threat to make stolen data public, although the type of data has not been identified. WorldLeaks is a new gang apparently built on the remains of Hunters International. According to Security Week, the WorldLeaks website names nearly 120 alleged victims, one being Dell, who in July 2025 said the hackers had “only stolen synthetic or publicly available information.”

The vulnerabilities are a PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite, an authentication bypass in the Versa Concerto SD-WAN orchestration platform, an improper access control vulnerability in Vite JS, a front-end build tool for web projects, and an embedded malicious code vulnerability in eslint-config-prettier. A link to additional details including CVE numbers, CVSS scores and the threats these vulnerabilities pose is available in the show notes to this episode.

The group is taking credit for a voice-phishing campaign which allowed it access to market-intel broker Crunchbase, streaming platform SoundCloud, and financial-tech firm Betterment. The voice-phishing campaign gave the group access to single-sign-on codes. SoundCloud says the breached affected about 28 million users, while the Betterment and Crunchbase data dumps “contain more than 20 million and 2 million records respectively,” all relating to PII, according to representatives from ShinyHunters.

Although this is the time of year where everyone makes predictions, and although this list focuses on AI, the list presented by David Berlind and published on ZDNet makes for compelling reading for cybersecurity experts. Berlind offers ten separate ways that AI can and likely will unleash havoc on organizations and their security teams, notably by being weaponized by threat actors. These include AI-enabled malware, agentic AI, prompt injection, finding and exploiting weak APIs, and yes, six more. A link to the article is available in the show notes to this episode.

Spotify, Apple Podcasts, YouTube, RSS link, Amazon Musicadd as an Alexa Skillor search “Cybersecurity Headlines” on your favorite podcast app.