Cybersecurity Podcast Highlights: LLM Exploits, NTLMv1 Cracking, Microsoft Emergency Patch, and Google AI Vulnerabilities

20 Jan 2026

CybersecurityVulnerabilitiesHackingAI_SecurityCloud_SecurityMicrosoftGoogleLLMNTLMPatch_Management

The January 20, 2026 episode of the Sans Internet Storm Center Stormcast podcast, hosted by Johannes Ullrich from Jacksonville, Florida, covers several cybersecurity topics. Attackers are now targeting exposed language models (LLMs) on the internet, exploiting their access for free queries or extracting embedded internal data. Google released a rainbow table for NTLMv1 (MD4) hashes, enabling the cracking of these hashes within 12 hours using $600 in cloud resources, highlighting the persistent vulnerability of this protocol. Microsoft issued an out-of-band update over the January 18-19 weekend to fix issues introduced by the previous Patch Tuesday, including RDP malfunctions and shutdown/hibernation errors on Windows 11, 10, and Server 2025. Additionally, a vulnerability in Google Calendar and Gemini AI allows attackers to exfiltrate meeting summaries via malicious invitations, bypassing AI protections.