This week’s Department of Know is hosted by Rich Stroffolino, with guests Arif Hameed, CISO, C&R Software; Adam Palmer, CISO, First Hawaiian Bank; Jon Collins, Field CTO, GigaOm; and Jack Leidecker, EVP, CSO, Gainsight.
The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com.
In this week’s cybersecurity news…
SearchLeak attack allows for 1-click exfiltration on M365 Copilot
Three vulnerabilities, harmless on their own, but when their powers combine, like a malicious Voltron, they spell big trouble. We saw this recently with an attack chain called SearchLink, first spotted by Varonis. This combines a parameter-to-prompt injection, an HTML rendering race condition, and a content-security-policy bypass to create a Bing server-side request forgery. This opens the door to letting attackers steal content accessible through Copilot Enterprise Search with a maliciously crafted URL. Basically clicking on the URL starts a flow that embeds exfiltrated information in an image tag of a URL, which then pings a URL under the attackers control.
The Check Point VPN Zero-Day and What It Says About Ransomware in 2026
Check Point announced they fixed a vulnerability in its VPN that allowed a remote threat actor to bypass authentication on devices configured to use the deprecated IKEv1 key exchange protocol. This had been abused in Quilin ransomware attacks against dozens of organizations, starting on May 7th. Checkpoint took notice of it when it saw increased network traffic on June 4th. Check Point VP of research Lotem Finkelstein said exploitation was “relatively limited.” It has since released a patch and is urging customer to apply it.
Huge thanks to our sponsor, ThreatLocker
That’s the challenge behind cloud adoption. Behind AI. Behind automation. And behind every major technology decision.
ThreatLocker helps organizations take a Zero Trust approach to that challenge—giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do.
That’s why ThreatLocker is proud to support Cyber Security Headlines. Because security works best when innovation and control move together.
Feds require Anthropic to ban ‘foreign national’ access to Fable, Mythos
Anthropic has “suspended access to its two most capable AI models, Fable 5 and Mythos 5, for all users worldwide after the U.S. government issued an export control directive ordering the company to block access by any foreign national.” This directive, which was sent to Anthropic late Friday, required the company to comply with the export ban in 90 minutes, according to sources speaking to the Financial Times. Former Facebook CSO Alex Stamos issued an open letter signed by over 40 CISOs and researchers from Adobe, Zoom and Sophos, protesting the move, saying the governments concerns equally apply to all other frontier models.
(BleepingComputer, Axios, The Record, FT)
KPMG pulls report on AI usage due to apparent hallucinations
“Professional services firm KPMG has pulled a report titled, ‘Redefining excellence in the age of agentic AI,’ after numerous organizations said the report’s claims about their AI usage were untrue. The research group GPTZero identified numerous inaccuracies in the report, which had been published in October 2025. These inaccuracies stemmed from AI hallucinations, which suggests the firm used AI to help write a report about AI. Companies such as Swiss multinational investment bank UBS, the UK’s National Health Service, Swiss Federal Railways, and Transport for London “all told the Financial Times that the report’s claims about their AI usage were either untrue or misleading.