This week’s Department of Know is hosted by Rich Stroffolino with guests Montez Fitzpatrick, CISO, Navvis, and Peter Gregory, author.
The Department of Know is live every Monday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com
Compromised password managers? Maybe not.
Researchers from ETH Zurich and Università della Svizzera italiana found multiple weaknesses in Bitwarden, LastPass, and Dashlane that could expose passwords if the services’ servers were compromised, despite their “zero-knowledge” claims. Using a malicious-server model, the team demonstrated 12 attacks against Bitwarden, seven against LastPass, and six against Dashlane, with some leading to password disclosure or vault changes. The researchers said legacy cryptography and unclear threat models contributed to the issues.
Texas sues TP-Link over router hack
Texas Attorney General Ken Paxton sued TP-Link Systems, alleging it deceptively markets its products as secure while allowing vulnerabilities that Chinese state-sponsored hackers have exploited. The lawsuit cites a 2023 report linking TP-Link firmware flaws to activity by the Camaro Dragon hacking group, and argues because many components are sourced from China, the company could be subject to Chinese intelligence laws requiring cooperation with state authorities. TP-Link denied the allegations.
Huge thanks to our sponsor, Adaptive Security
Google patches Chrome zero-day, exploits surface
Google issued an emergency patch for Chrome’s first zero-day of 2026, a high-severity use-after-free flaw in the browser’s CSS handling. The bug could let attackers run code inside the browser sandbox via a malicious webpage, and Google says it was already being exploited in the wild before the fix. Security researcher Shaheen Fazim reported the issue on February 11th, and patched versions are now rolling out for Windows, macOS, and Linux.
Microsoft Copilot summarizes confidential emails
Microsoft says a code bug in Microsoft 365 Copilot caused the AI to summarize emails marked confidential since late January, bypassing sensitivity labels and data loss prevention policies. The issue was detected on January 21st, and affects the Copilot Chat “work tab,” which incorrectly pulls and summarizes emails from users’ Sent Items and Drafts folders, including messages explicitly restricted from automated access. Microsoft says this is a code error and began rolling out a fix earlier this month.
Threat actor exploits Dell zero-day
Researchers at Mandiant and Google say a suspected China-linked threat group has been exploiting a critical zero-day in Dell RecoverPoint for Virtual Machines since at least mid-2024. The hardcoded credential flaw allows unauthenticated attackers to gain root-level access, move laterally, maintain persistence, and deploy malware. Dell has issued remediation guidance. Google has offered recommendations to help organizations assess potential compromise.