This week’s Department of Know is hosted by Sarah Lane with guests John Barrow, CISO, JB Poindexter & Co., and Derek Fisher, Director of the Cyber Defense and Information Assurance Program, Temple University
Missed the live show? Check it out on YouTube
The Department of Know is live every Monday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com
Chrome unveils Quantum-Safe certificates
Google’s Chrome team is testing quantum-resistant HTTPS certificates to protect against future attacks by quantum computers. The initiative uses Merkle Tree Certificates, which replace traditional certificate chains with compact proofs, reducing TLS handshake data and integrating transparency into issuance. Chrome’s three-phase rollout began with feasibility testing alongside Cloudflare, with public deployment and a dedicated Quantum-resistant Root Store planned for 2027. (InfoSecurity)
UK warns of Iranian cyberattack risks
The UK’s National Cyber Security Centre (NCSC) warned British organizations of potential Iranian cyberattacks amid Middle-East tensions. State-sponsored and Iran-linked hackers are believed to retain some operational capability despite Iran’s ongoing internet blackout. The NCSC advised organizations with Middle-East supply chains or assets to review their attack surface, increase monitoring, and follow guidance on DDoS, phishing, and ICS-targeting threats. (BleepingComputer)
Google says 90 zero-days were exploited in attacks last year
A report from the Google Threat Intelligence Group (GTIG) says that it tracked these 90 zero-day exploited vulnerabilities throughout 2025, and almost half of them were in enterprise software and appliances. This is 15% more than 2024, but lower than the record 100 zero days tracked in 2023. Forty-seven of the vulnerabilities targeted end-user platforms, and 43 targeted enterprise products. “The most targeted enterprise systems were security appliances, networking infrastructure, VPNs, and virtualization platforms, as these provide privileged network access and often lack EDR monitoring.” (BleepingComputer)
Huge thanks to our sponsor, Dropzone AI
Dropzone AI puts AI SOC agents on every one of those alerts. Every alert investigated, end to end, across your full tool stack, around the clock. Over 300 deployments in production today.
They are at RSAC this year. Booth 455. dropzone.ai/rsa-2026-ai-diner
Possible iPhone-hacking toolkit used by spies
An iPhone hacking toolkit called Coruna has likely infected tens of thousands of devices and may have originated as a US government tool. The toolkit exploits 23 iOS vulnerabilities to silently install malware when users visit a compromised website. Google and security firm iVerify traced Coruna through multiple campaigns- Russian spies targeting Ukrainians, then cybercriminals stealing cryptocurrency from Chinese-speaking victims. Apple patched the vulnerabilities in iOS 26, but older versions remain at risk. (Wired)
Fake LastPass support emails steal vault passwords
LastPass warned of a phishing campaign using fake support email threads to steal vault passwords. Emails impersonate LastPass, urging users to click links like “report suspicious activity,” which lead to a fake login page that captures credentials. Attackers use multiple sender addresses and altered URLs to appear legitimate. LastPass systems were not compromised and users are reminded never to share their master password. The company is working to take down the phishing sites and asks suspicious emails to be reported to abuse@lastpass.com. (BleepingComputer)
Coalition building security foundations for 6G
We’re still a long way from finalizing any spec for what 6G networks will look like, with only broad strokes on ultra-low latency, AI integration, and linking satellite and terrestrial systems. But that doesn’t mean it’s too early to think about security. The UK, US, Canada, Japan, Australia, Sweden, and Finland announced the formation of the Global Coalition on Telecoms to set out non-binding principles aimed at developing 6G with a “secure by design” approach. Their initial guidance calls for stronger threat containment, diversification of the 6G supply chain to prevent systemic threats, and support for quantum-resistant cryptography. This is meant to guide vendors, academics, and trade groups in 6G development.
Hackers abuse .arpa DNS and ipv6 to evade phishing defenses
The .arpa domain is “a special top-level domain reserved for internet infrastructure rather than normal websites. It is used for reverse DNS lookups, which allow systems to map an IP address back to a hostname.” Researchers at Infoblox described a campaign that uses the ip6.arpa reverse DNS TLD, to essentially point to faked IPv6 addresses owned by the threat actors, who can “abuse the reverse DNS zone for the IP range by configuring additional DNS records for phishing sites.” A link to a more detailed description of this technique is available in the show notes to this episode.