This week’s Department of Know is hosted by Rich Stroffolino with guests Dennis Pickett, vp, CISO, RTI International, and Jacob Combs, CISO, Tandem Diabetes Care
Missed the live show? Check it out on YouTube
The Department of Know is live every Monday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com
Gemini AI agents scour the dark web
Google launched Gemini AI agents in public preview to monitor the dark web, analyzing up to 10 million posts daily to identify threats relevant to specific organizations. The system builds a profile of a customer, scans dark web activity for data leaks, initial access broker activity, and insider threats, and generates prioritized alerts with context from human analysts tracking 627 threat groups. Accuracy is reported at 98%, reducing false positives that are common in traditional monitoring. Gemini agents can also automate threat investigation and response within Google Security Operations. (The Register)
FCC bans foreign routers
The US Federal Communications Commission updated its “Covered List” of products barred from FCC clearance in the US to include all foreign consumer-grade routers. It previously added most foreign-made drones ot the list. This plan applies to “new device models,” so devices already on the market and previously purchased routers are not impacted. The FCC cited, “Malicious actors have exploited security gaps in foreign-made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft,” as the reason for the ban. Router makers can appeal for Conditional Approval to sell in the US with a petition to the Department of Defense or Homeland Security.
(FCC, BBC, Brian Krebs)
Former NSA chiefs worry US cybersecurity is slipping
At RSAC 2026, former National Security Agency leaders warned that the U.S. is losing its offensive cyber edge amid rising threats from China, AI, and cybercriminals. Officials including Paul Nakasone and Mike Rogers said repeated attacks have led to complacency, while political division, lack of major cyber legislation, and weakened public-private coordination are slowing response efforts. They also warned China has pre-positioned inside critical infrastructure, and without stronger action, a major cyber crisis could be inevitable. (CyberScoop)
Huge thanks to our sponsor, ThreatLocker
Auto cyberthreats on the rise
In more news coming out of RSAC, automotive cybersecurity is a big deal as vehicles become increasingly connected and autonomous. Kamel Ghali, vice president of Car Hacking Village, and Julio Padilha, CISO of Volkswagen & Audi South America, say that modern cars, with millions of lines of code and extensive wireless connectivity, face rising threats similar to the 2015 Jeep Cherokee hack by Charlie Miller and Chris Valasek, which allowed remote control over vehicle functions. Ghali highlighted ongoing research at Car Hacking Village and warned AI and post-quantum encryption will reshape vehicle security. Padilha emphasized continued investment to secure autonomous systems. (Dark Reading)
Bubble AI app builder phishes for Microsoft 365
Kaspersky researchers report that threat actors are abusing Bubble to host phishing apps that steal Microsoft 365 credentials while evading detection. Because the apps are served from trusted *.bubble.io domains, email security tools often fail to flag them, letting victims get redirected to fake Microsoft login pages. The AI-generated apps reportedly use complex JavaScript and Shadow DOM structures that are difficult for both humans and automated tools to analyze, helping conceal malicious behavior. (BleepingComputer)
Lloyds customer data exposed in IT glitch
The error exposed personal data of nearly 500,000 Lloyds Banking Group customers – data that included payment details, account details and national insurance numbers visible to other users. Officials from Lloyds Bank – one of the UK’s “big four” banking houses – blamed the glitch on “a software defect introduced during an IT update to its Lloyds, Halifax, and Bank of Scotland mobile banking apps in the early hours of March 12. Although the window of exposure the customers’ data was very small – at least for human observers – the customers, and even people who were not Lloyds Banking Group customers may have had their transaction details exposed.
Hundreds of valid API keys discovered on the Web
Researchers from Stanford say that after analyzing ten million websites, they found almost 2,000 API credentials strewn across 10,000 web pages. Their research was done, they said, because, “much of the attention on exposed credentials has focused on scouring code repositories and source code.” They put forth that “analysis of production websites is essential to understand the scope of the problem.” The researchers found “highly sensitive API credentials left publicly exposed on public webpages…which act as access tokens that authorize applications to interact with third-party services, granting direct access to critical infrastructure like cloud platforms and payment providers.” These, the researchers say, “are even more dangerous than exposed login details because they provide programmatic access to resources.” The valid credentials belong multinational corporations, critical infrastructure entities, and government agencies, and provide access to services like AWS, GitHub, Stripe, and OpenAI.