This week’s Department of Know is hosted by Rich Stroffolino with guests Jason Taule, CISO, Luminis Health, and Chris Ray, Field CTO, GigaOm
Missed the live show? Check it out on YouTube
CISO Series The Department of Know is live every Monday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com
President signs defense bill funding Cyber Command, Pentagon phone security
The $901 billion Pentagon policy bill, named the 2026 National Defense Authorization Act was signed on Thursday night with bipartisan support in both the House and the Senate. It authorizes unprecedented spending levels for national security programs and effectively preserves the dual-hat leadership structure of U.S. Cyber Command and the National Security Agency. In addition to funding for Cyber Command, the bill also “requires the Defense secretary to ensure DOD senior leaders are provided with mobile phones with “enhanced cybersecurity protections,” including data encryption.”
New exploit of React2Shell
A ransomware gang has been observed exploiting the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access and deploy ransomware in under a minute, a quick pivot from the espionage and crypto-mining activity reported when the flaw first emerged. According to researchers, attackers used the bug to remotely execute JavaScript on a vulnerable React Server Components endpoint before dropping the Weaxor ransomware strain. The attackers quickly disabled Windows Defender, deployed Cobalt Strike for command-and-control, encrypted files, wiped shadow copies, and cleared logs, all without moving laterally. Researchers also warn that patching alone isn’t enough
France arrests threat actors for installing malware on Italian ferry
French authorities have arrested two crew members working on Italian passenger ferry. They are suspected of infecting the ship with malware that could have enabled them to remotely control the vessel. One of the pair, a Bulgarian national, has been released without charge, while the other, a Latvian suspect who recently joined the crew of the Italian owned ferry remains detained and faces charges of conspiring to infiltrate computer systems on behalf of a foreign power. This after a remote access tool was discovered aboard the ship. The malware was discovered by the shipping company itself, while the ship was docked at the Mediterranean port of Sète, which is located in southern France.
Huge thanks to our sponsor, ThreatLocker
workshops that show CISOs exactly how to implement and maintain Zero Trust in real
environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March
6. Get $200 off with ZTWCISO26 at ztw.com.
US turns to private firms in cyber offensive
Late last week, Bloomberg’s sources said the US administration is preparing a new national cyber strategy that would enlist private companies to help carry out offensive cyber operations against criminal and state-backed attackers. The plan would expand the government’s cyber capacity but raises legal and security risks, since private firms currently lack clear authority to conduct attacks and could become targets themselves. The strategy also calls for streamlining cyber regulations, modernizing federal systems, and accelerating post-quantum security, with more details expected through an executive order or legislation.
Senate Intel chair urges safeguard against open-source software threats
Tom Cotton, the Senate Intelligence Committee Chairman, is asking National Cyber Director Sean Cairncross to take steps to counter the risks of foreign adversaries playing too heavy a role in open-source software, describing the environment as one in which threat actors “assume that contributors are benevolent, [so they can] insert malicious code into widely used open source codebases.” Cotton mentioned a beta version of the compression utility XZ Utils, as well as a Russia-based developer that is the sole maintainer of some open-source software that exist inside Defense Department software packages as examples.
Hackers breach Britain’s health service tech provider
DXS International, a UK technology company whose software is widely used by the country’s National Health Service (NHS), has disclosed a cybersecurity incident involving unauthorized access to internal office servers, detected on December 14. The company said the breach was contained and that clinical services remained fully operational. It is not yet known whether NHS patient data was affected, though the incident has been reported to the Information Commissioner’s Office. DXS is working with NHS cybersecurity teams and external specialists to investigate. The company does not expect a material financial impact. Its software supports clinical decision-making and referral management for GP practices and handles around 10% of NHS referrals in England.
NIST tried to take down NTP servers after blackout caused atomic clock drift
Jeffrey Sherman, a NIST supervisory physicist who maintains the institute’s atomic clocks, acknowledged in a mailing list post that he tried to disable backup generators powering some of its Network Time Protocol infrastructure, after a power outage in Boulder, Colorado led to errors. The power failure was due to intense stormy weather. NIST uses its atomic clocks to provide a Network Time Protocol service, which much of the computing world relies on to synchronize events. Sherman wasn’t able to simply turn the main system off and back on again due to backup generator that automatically kick in to keep the servers running. During the outage, NIST advised users them to refer to the organization’s ’s other sources of time information.
Former cyber incident responders plead guilty to ransomware spree
As quoted in Cyberscoop, “former cybersecurity professionals Ryan Clifford Goldberg and Kevin Tyler Martin pleaded guilty Thursday to participating in a series of ransomware attacks in 2023 while they were employed at cybersecurity companies tasked with helping organizations respond to ransomware attacks. Goldberg, who was a manager of incident response at Sygnia, and Martin, a ransomware negotiator at DigitalMint at the time, collaborated with an unnamed co-conspirator to attack victim computers and networks and use ALPHV, also known as BlackCat, ransomware to extort payments.” Each pleaded guilty to conspiracy to interfere with interstate commerce by extortion. Victims of the attacks included a medical company based in Florida, a pharmaceutical company based in Maryland, a California doctor’s office, an engineering company based in California and a drone manufacturer in Virginia, according to the indictment.