This week’s Department of Know is hosted by Rich Stroffolino with guests Krista Arndt, associate CISO, St. Luke’s University Health Network, and Jason Shockey, CISO, Cenlar FSB
Missed the live show? Check it out on YouTube
The Department of Know is live every Monday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com
Gemini prompt injection flaw exposes calendar info
Miggo Security found a prompt injection issue in Google Gemini that lets attackers hide instructions inside calendar invites. When users asked Gemini basic scheduling questions, the model copied private meeting details into a new calendar event visible to the attacker. Google patched the issue after disclosure. Researchers say AI-native workflows broaden the attack surface as other labs recently demonstrated similar data exfiltration and privilege escalation paths across Copilot, Vertex AI agents, and multiple AI coding IDEs.
UK and China try to ease cyberattack tensions
Bloomberg’s sources say the UK and Chinese governments created a forum called Cyber Dialogue to discuss allegations of cyberattacks, believed to be the first of its kind with China. This will provide a single mechanism for senior-level discussions of cyber incidents directly, rather than working through back channels or more diffuse methods. Sources previously reported on Chinese threat actors infiltrating UK government servers and critical infrastructure for over a decade. This comes as China is in the midst of negotiations to build a new “super-embassy” in London, and as the UK government announced a total reset in its national cybersecurity policy.
AI-generated malware touches the Void…link
Last week, we covered an advanced Linux malware framework called VoidLink, which offers some sophisticated cloud-focused tooling like custom loaders, rootkits, and modules for evasion across cloud providers. Initially, researchers at Check Point believed it was the work of Chinese developers due to its sophistication. However, in a follow-up report, they now say it shows “clear evidence that the malware was produced predominantly through AI-driven development,” believed to be the work of a single person iterating on it for about a week. That’s because the dev accidentally exposed source code, documentation, and internal product structure in an open directory on their server. It shows development starting in November 2025, using an AI assistant in the IDE TRAE. The developer initially used the AI to generate a multi-team development plan, which served as a roadmap for subsequent development. The AI initially estimated this would take 16-30 weeks for a human team, but timestamps show VoidLink functional by early December 2025.
LastPass ‘create backup’ link deemed a scam
A phishing campaign is spoofing LastPass maintenance notices and urging users to “create backup” within 24 hours in order to steal master passwords. Clicking the link sends victims to a fake LastPass site designed to harvest vault credentials. LastPass issued an advisory saying it never asks users to back up vaults or reveal master passwords and listed malicious domains and indicators. The company has not responded to questions from The Register about how many customers received or fell for the scam.
Huge thanks to our sponsor, Conveyor
Meet Conveyor’s new Trust Center Agent.
The Agent lives in your Conveyor Trust Center and answers every customer question, surfaces documents and even completes full questionnaires instantly so customers can finish their review and be on their way.
Top tech companies like Atlassian, Zapier, and more are using Conveyor to automate away tedious work. Learn more at conveyor.com.
SmarterMail auth bypass flaw now exploited despite patch
Following up on a story we covered on December 31, threat actors are now exploiting an authentication bypass vulnerability in SmarterTools’ SmarterMail email server and collaboration tool that allows resetting admin passwords. Specifically, the issue “resides in the force-reset-password API endpoint, which is intentionally exposed without authentication.” The issue was reported by watchTowr on January 8, and SmarterMail released a fix on January 15. The watchTowr researchers found evidence of exploitation just two days later. “This suggests that hackers reverse-engineered the patch and found a way to leverage the flaw.”
An alternative to CVE appears
The Global CVE Allocation System, or GCVE, will be “maintained by the Computer Incident Response Center Luxembourg (CIRCL) as an alternative to the traditional Common Vulnerabilities and Exposures program, which narrowly avoided shutdown last April when CISA initially failed to renew its contract with MITRE, which operates the CVE system.” Although collapse was averted, it exposed the program’s dependence on a single funding source. The propose GCVE avoids reliance on a centralized system, allowing independent numbering authorities to allocate identifiers. The system will maintain backward compatibility with the existing CVE infrastructure through a technical accommodation.
The problem of AI agents emerges at Davos
At the annual World Economic Forum meeting, better known by the Swiss resort that hosts it, the topic of AI agents and how to secure them against becoming the ultimate insider threat, took center stage. The Chief Technology Officer of training company Pearson, Dave Treat, stated, “”We have enough difficulty getting the humans trained to be effective at preventing cyberattacks. Now I’ve got to do it for humans and agents in combination.” It seemed no one had a good response. Cloudflare co-founder and president Michelle Zatlyn said, “with agents, you need to think about them as an extension of your team, an extension of your employee base.” Hatem Dowidar, group CEO of Emirati company Etisalat, suggested more guardrails. “With human agents, many years ago we started saying ‘all calls are recorded for quality purposes?’ We need to create that also for AI agents,” he said. Mastercard CEO Michael Miebach said “organizations should take a page from the banking industry’s security and threat-intelligence practices and collect as many signals as possible from relevant data streams and other indicators to determine if activity is safe or malicious.”