MongoDB records exposed, Apple WebKit patches, Coupang culprit identified

16TB MongoDB database exposes nearly 4.3 billion professional records Apple posts updates after discovery of WebKit flaws Coupang data breach traced to ex-employee Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. Deepfakes aren't science fiction anymore; they're a daily threat. Quick tip: if your voicemail greeting is your real voice, switch it to the default robot voice. A few seconds of audio can be enough to clone you. Adaptive helps teams spot and stop these AI-powered social engineering attacks. Learn more at adaptivesecurity.com. Find the stories behind the headlines at CISOseries.com.    

'DroidLock' malware demands ransom Google fixes secret Chrome 0-day UK fines LastPass over 2022 breach Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. Security training fails when it's generic. Adaptive's platform personalizes training and runs deepfake simulations across email, SMS, voice, and video. And with Adaptive's AI Content Creator, you can drop in a breaking threat or compliance doc and instantly turn it into interactive, multilingual training – no designers, no delays. Learn more at adaptivesecurity.com.  

CEO of retail giant Coupang resigns Pro-Russia hactivists target US infrastructure  Israeli cybersecurity funding hits record Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. In deepfake scams, the tells aren't glitchy video anymore – it's behavior: "Do this right now," or "keep it secret." If you hear urgency and secrecy together, stop and verify through a second channel. Call a known number, start a chat thread, or ask something only the real person would know. Adaptive trains teams against exactly these tactics. adaptivesecurity.com.  

Spain arrest over data records Goodbye, dark Telegram Scammers poison AI search results Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. Picture a "new hire" who interviews well… except they're synthetic: AI video, AI voice, AI backstory. Once they're in, they go after payroll, internal docs, and access. That's the new reality: the attack surface is trust itself. Adaptive fights back with realistic deepfake simulations and training that actually sticks. adaptivesecurity.com.  

Ransomware payments pass $4.5 billion Cybercrime networks orchestrate real-world violence Three arrested over possessing hacking tools Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. Attackers don't need malware anymore; they need trust. Tip: set a simple passphrase for high-risk actions, like wire requests or "urgent" account recovery – especially within finance teams and families. If the caller can't answer it, pause and verify. Adaptive runs deepfake and vishing simulations so employees practice this before it's real. adaptivesecurity.com.  

Link to episode page This week's Department of Know is hosted by Sarah Lane with guests Jason Shockey, CISO, Cenlar FSB, and Mike Lockhart, CISO, Eagleview Thanks to our show sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. AI is rewriting the cybersecurity rulebook, because attackers can now scale persuasion as easily as they scale code. The real target isn't just your systems anymore; it's human trust. If you aren't actively testing your organization against AI-driven phishing, vishing, and deepfakes, you're leaving a gap criminals will exploit. Adaptive runs realistic simulations and delivers tailored, engaging training so teams respond correctly when it counts. Learn more at adaptivesecurity.com. All links and the video of this episode can be found on CISO Series.com    

New wave of VPN login attempts on Palo Alto portals NATO holds its largest-ever cyberdefense exercise Chinese hackers exploiting React2Shell bug Huge thanks to our episode sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. Deepfakes aren't science fiction anymore; they're a daily threat. Quick tip: if your voicemail greeting is your real voice, switch it to the default robot voice. A few seconds of audio can be enough to clone you. Adaptive helps teams spot and stop these AI-powered social engineering attacks. Learn more at adaptivesecurity.com. Find the stories behind the headlines at CISOseries.com.

Predator spyware spotted across several countries Russia blocks FaceTime Draft US cyber strategy set for January release Huge thanks to our episode sponsor, Vanta This message comes from Vanta. What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Get started at Vanta.com/CISO

Record-breaking DDoS attack React bug puts servers at risk RansomHouse attack Huge thanks to our episode sponsor, Vanta This message comes from Vanta. What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Get started at Vanta.com/CISO

Microsoft Defender outage disrupts threats Apple resists India's state-run app order MuddyWater strikes Israel with MuddyViper Huge thanks to our episode sponsor, Vanta This message comes from Vanta. What's your 2 AM security worry? Is it "Do I have the right controls in place?" Or "Are my vendors secure?" Enter Vanta. Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Get started at Vanta.com/CISO