This week’s Department of Know is hosted by Rich Stroffolino, with guests Kathleen Mullin, former CISO, MyCareGorithm, and Nick Espinosa, host, Deep Dive Radio Show.
Missed the live show? Check it out on YouTube.
The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com.
In this week’s cybersecurity news…
Google wants people to remember CodeMender
At its I/O conference, Google announced it’s making its CodeMender tool available to select groups of experts. Google initially announced CodeMender in October 2025, an AI agent, similar to Anthropic’s Mythos, that can debug and fix software vulnerabilities. At the initial announcement, Google said it was taking “a cautious approach, focusing on reliability” with CodeMender, with all patches reviewed by human researchers. Google Deepmind CTO Koray Kavukcuoglu confirmed they have been in discussions with governments and enterprises to audit systems with CodeMender.
UK cybercrime law reform would protect almost no one, say experts
According to Recorded Future News, the British government’s plans to overhaul the Computer Misuse Act of 1990 “would offer such narrow legal protections that most security researchers would be left in the same position as today.” The updated law was intended to “protect researchers from conviction in court, as long as they meet certain safeguards,” but sources say those safeguards are extremely limited, requiring government-certified researchers to immediately stop scanning once a vulnerability is found, only protecting them if they are doing individual scanning, not managing a team or automated system.
Claude sandbox hole: real and dangerous
Aonan Guan, a cloud and AI security researcher at Wyze Labs, found two patched vulnerabilities in Anthropic’s Claude Code sandbox that could allow network sandbox bypass and data exfiltration when combined with prompt injection. The flaws include a SOCKS5 hostname null-byte injection to expose credentials, GitHub tokens, and cloud metadata, but were silently fixed. Anthropic says the issue was already patched before disclosure. Guan argues the lack of clear public notice leaves users unaware their sandbox boundary may have been ineffective for months.
Shai-Hulud wave compromises 600 npm packages
Socket, Endor Labs, Aikido Security, and Microsoft say a new Shai-Hulud supply chain attack published more than 600 malicious npm packages, mainly targeting the @antv ecosystem. Researchers found the malware steals developer and CI/CD credentials, self-propagates using stolen npm tokens, exfiltrates data through the encrypted Session network, and generates legitimate-looking Sigstore attestations to evade detection. Aikido also found persistence backdoors in VS Code and Claude Code configs, while nearly 3,000 GitHub repos were automatically created to store stolen data.
Huge thanks to our sponsor, ThreatLocker
of Zero Trust Network Access and Zero Trust Cloud Access, access isn’t based on
credentials alone, it requires the right user, the right device, and the right conditions.
Because as we’ve seen in recent large-scale CRM breaches, stolen credentials and
misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is
exposed, and access is limited to exactly what’s needed. Learn more and start your free
trial today at ThreatLocker.com/CISO.
CISA admin leaks keys
Security reporter Brian Krebs was contacted by researchers at GitGuardian, warning that a GitHub repository exposed credentials for several AWS GovCloud accounts. GitGuardian routinely scans for exposed secrets and notifies account holders. In this case the owner didn’t respond to their notification. The GitHub repository was named “Private-CISA” and contained cloud keys, tokens, passwords in plaintext, and other sensitive CISA and DHS assets. The account owner also disabled a default GitHub feature to prevent sharing secrets. While the repo eventually set to private, researchers at Seralys confirmed the credentials were working up to 48 hours later. CISA said it was aware of the exposed assets but said there was “no indication that any sensitive data was compromised.”
CISA Urges Critical Infrastructure to Prepare for Long-Term Isolation
Cybersecurity and Infrastructure Security Agency is advising critical infrastructure operators to prepare for the possibility of operating independently from IT systems and third-party vendors for weeks or even months during a major cyber conflict. The guidance is driven largely by concern over persistent threats from Chinese state-linked groups such as Salt Typhoon and Volt Typhoon. CISA plans to conduct targeted resilience assessments focused on ensuring utilities and infrastructure operators can continue delivering essential services even if disconnected from external networks. The agency says organizations should strengthen operational technology resilience and rehearse manual recovery procedures, reflecting growing fears that future cyber conflicts may deliberately target interconnected infrastructure dependencies.
(Cyberscoop)
Two open-source supply chain issues
Linus Torvalds says AI-powered bug hunting tools are overwhelming the Linux kernel security mailing list with duplicate reports, making it “almost entirely unmanageable.” He said multiple researchers are using the same AI tools to uncover the same vulnerabilities, forcing maintainers to spend time redirecting reports or explaining that bugs were already fixed. Torvalds said AI-generated findings are useful only when paired with meaningful contributions like patches and technical analysis, criticizing “drive-by” reports that add little value beyond what automated tools already surface.
TanStack is considering making pull requests invitation-only after that supply chain attack from last week, tied to the Shai-Hulud worm, compromised its GitHub Actions workflows. Attackers exploited a feature to run malicious code through automated CI pipelines, poisoning a shared cache across the repository. TanStack has removed the vulnerable workflow pattern, disabled shared caches, strengthened dependency and authentication protections, and adopted new safeguards in the Node.js package manager pnpm.