This week’s Department of Know is hosted by Rich Stroffolino with guests Jonathan Waldrop, CISO, Acoustic, and Chris Ray, Field CTO, GigaOm
Missed the live show? Check it out on YouTube
The Department of Know is live every Monday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com
Russians targeting encrypted messaging app users
The Netherlands’ Defence Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) published details about a campaign by entities tied to Russian state actors, targeting users of Signal and WhatsApp. This didn’t crack either app’s end-to-end encryption. Instead, Dutch intelligence saw Signal users targeted by people posing as the app’s support team, warning specific users about “data leaks” and trying to get their PIN codes. These codes are used to register a new device and intercept new messages. On WhatsApp, the attackers try to trick people into using the “Linked Device” feature to get access to all messages.
OpenAI rolls out vulnerability scanner
It was big news when Anthropic rolled out vulnerability scanning in Claude Code, and so it’s a big deal that OpenAI did the same now with Codex. Codex Security was previously known as Aardvark, in private beta testing since last year and now available as a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers. In testing, OpenAI said it found over 10,000 high-severity issues with Codex Security, including in widely used projects like Chromium, OpenSSL, PHP, and GnuTLS. Anthropic’s announcement had stock market implications; we’ll see if that becomes part of the story with Codex Security.
US unveils new cyber strategy
The US administration released a national cybersecurity strategy outlining six policy pillars focused on strengthening U.S. digital defenses and countering foreign cyber threats. The plan emphasizes proactive measures including offensive cyber operations, closer public-private partnerships, and investments in emerging technologies like AI and quantum computing. Other priorities include securing federal networks, protecting critical infrastructure and supply chains, streamlining regulations, and expanding the cybersecurity workforce.
Huge thanks to our sponsor, Adaptive Security
Meta apps offer new scam protection
Meta is adding new scam detection features across Facebook, Messenger, and WhatsApp to warn users about suspicious activity before interaction. The updates include alerts for unusual device-linking attempts on WhatsApp, warnings for suspicious friend requests on Facebook, and expanded AI-based scam detection on Messenger that can review chats for common fraud patterns. This is all meant to help users identify and block potential scams before they become a problem.
Stryker offline after wiper malware attack
Medtech company Stryker is offline after a wiper malware attack claimed by Handala, an Iranian-linked pro-Palestinian hacktivist group. The attackers say they stole 50 terabytes of data and wiped over 200,000 systems, servers, and mobile devices, affecting offices in 79 countries. Staff reported losing both corporate and personal device data. Internal services and applications were disrupted, forcing some teams to revert to manual workflows. Handala, linked to Iran’s Ministry of Intelligence and Security, has targeted Israeli organizations since December 2025 with destructive malware.
Storm-2561 uses SEO poisoning for fake VPN clients
Microsoft Threat Intelligence reports that the cybercriminal group Storm-2561 is running a credential theft campaign using SEO poisoning to distribute fake VPN clients. Users searching for legitimate VPN software are redirected to malicious sites hosting ZIP files with MSI installers that side-load DLLs, including the Hyrax infostealer, to capture VPN credentials. The malware is digitally signed to appear legitimate and maintains persistence via the Windows RunOnce key. Microsoft advises enabling Defender protections, multifactor authentication, and blocking untrusted executables.
Salt Typhoon apathy possibly killing momentum for tougher telecom security rules
Despite the fact that just two years ago, Chinese hackers were found to have compromised at least ten U.S. telecoms, “giving them broad access to phone data affecting nearly all Americans,” those in charge of bolstering the country’s cyber defenses state that constituents struggle to understand why this should be a concern, thus depriving policymakers of the public pressure needed to the nation’s telecommunications cybersecurity. Some officials speculate that, cyberattacks that expose sensitive data, and U.S. companies routinely collecting and selling data have left Americans “numb to data theft and data-for-profit–so additional breaches feel like just another drop in the bucket.”