Cybersecurity Headlines: "Department of No"

Episode: Brightspeed Investigates Breach, Prompt Injection Woes
Date: January 12, 2026
Host: Rich Stroffolino
Panelists: Jonna Till Johnson (CEO, Nemeritis), Jason Shockey (CISO, Sendler FSB), David Spark (CISO Series)

Episode Overview

This episode of the "Department of No" dives into the week's critical cybersecurity stories with expert commentary and practical takeaways. The panel weighs in on major vulnerabilities (MongoDB "MongoBleed", N8N's "Nightmare"), Microsoft’s MFA rollout, evolving phishing tactics, a breach at Brightspeed, the persistence of MFA failures, and the scary reality of AI prompt injection. The episode blends insightful, sometimes irreverent expertise with actionable advice for CISOs and security practitioners navigating today’s rapidly shifting risk landscape.

Top Stories and Insights

1. Critical Vulnerabilities: MongoDB “MongoBleed” and N8N Workflow Automation

• MongoDB “MongoBleed” Vulnerability

  • Attackers are exploiting a new critical MongoDB bug (“MongoBleed”) after proof-of-concept code was published.
  • Jonna:

    "It's very binary because if you're using MongoDB, you know, and you better be paying attention to it." (02:24)

  • Jason:

    "Absolutely no more active exploitation. And if you have a potential impact, then you're looking at some likelihood. So yeah, no more." (02:51)

• N8N “Nightmare” Workflow Automation Flaw

  • Max-severity (10.0) vulnerability enabling local server hijack, affecting ~80,000 servers online.
  • Both panelists note the risk is critical for users of the tool, with more diffuse potential impact.
  • Jason:

    "It's know a little more especially with the blast radius that could occur... definitely dig in." (03:43)

  • Jonna:

    "If you're using N8N, you absolutely must know more... The only thing to really pay attention to is the fact that workflow automation can be subject to vulnerabilities." (03:57)

2. Microsoft Enforces MFA for 365 Admins

• MFA Mandate Goes Live February 9th
  • Microsoft to start blocking 365 admin access without MFA.
  • Jonna:

    "Microsoft should have done this a decade ago... at that point you will not be able to log on as an admin without mfa. So get ready for it, pay attention to it." (05:11)

  • Jason:

    "Don't want to get locked out of your admin accounts. Plus... this should have happened a long time ago. So it's welcome." (05:43)

3. Phishing as a Service: Increasing Sophistication

• Phishing Campaigns Utilizing PaaS & Internal Lures
  • Threat actors leverage Tycoon 2FA and other platforms with realistic email themes (voicemails, HR communications, etc.).
  • Jason:

    "DMARC, SPF, DKIM, set those to reject to make sure that they are at the highest levels..." (06:50)

  • Jonna:

    "This is really risky because when something comes internally, most users have a fairly straightforward algorithm for deciding whether or not to trust something... If it looks like it's coming from Rich, I trust it." (07:03)

4. Brightspeed Data Breach: Infrastructure Under Threat

• Breach Claims by Extortion Group Crimson Collective

  • Brightspeed, major US broadband provider, investigates data theft but no confirmation of infrastructure impact.
  • Jonna:

    "This to me is kind of a whole lot of nothing... yet another large company misplaces your data accidentally." (09:18)

  • Jason:

    "Gain wisdom cheaply. So if somebody else has a breach then what can you learn... look at your third party vendor management." (10:14)

  • David Spark:

    "The way cybersecurity leaders are measured is how they respond to an incident... Is this a company I want to work with in that how did they respond to that last breach? Was it a good experience or a bad experience?" (12:41)

• Incident Response Strategies

  • Jonna:

    "The metric of success is how quickly... you contain the breach. That's the median total time to contain." (11:28)

  • Jason:

    "Stop the bleeding, start the breathing, treat for shock... then contain that thing, get business back up." (12:00)

• Effective Communication

  • David Spark recounts Andy Ellison’s practice:

    "Communications that would be sent out publicly was written before the meeting... allowed for faster engagement." (13:47)

  • Jonna:

    "Blame is orthogonal to what you're trying to accomplish... use the NTSB approach... Refrain from casting blame. Just analyze and you'll get better anyhow." (14:46)

5. Persistent MFA Failures

• High-Profile Companies Breached Without MFA
  • Pickett and Associates, Iberia Airline, Sekisui House—all had logins compromised due to missing MFA.
  • Jason:

    "MFA, I think is proper cyber hygiene. If you don't have it, then you're not, you're not clean. So put it in place." (16:38)

  • Jonna:

    "Why would you not do MFA... At some point you just got to suck it up and deal." (16:53)

6. AI, LLMs & Prompt Injection Woes

• Shadow Leak Indirect Prompt Injection via ChatGPT
  • Attack leverages malicious prompt in (e.g.) a Gmail message to get ChatGPT to exfiltrate data.
• CVE-2026-xxxx in Model Context Protocol (MCP)
  • Allows RCE via crafted input; exposes the “glue” of agentic AI to severe risk.
  • Jonna:

    "People don't worry enough about the risks that AI is bringing... here's an example of one that's on the technical side but very real." (18:49)

  • Jason:

    "Governance and guardrails. Do you have the proper policies, charters, and documentation to say, this is how we're going to use AI...? Make sure you have the governance and guardrails in place." (20:06)

  • Jonna:

    "You don't need to just secure the models, you also need to secure the infrastructure across which the models are communicating." (20:32)

  • Rich:

    "[It] reminds me of some of the crypto stories... you would target the bridge between the connection points... that's the weak point." (21:04)

Notable Quotes & Memorable Moments

• On Risk Prioritization:

  "I spend most of my time worrying about what risks to worry about. So it's very meta."
  – Jonna (00:17)

• On Succession Planning:

  "Finding a younger, less hairy me. So helping people with their cybersecurity careers."
  – Jason (00:43)

• On Human Behavior in Phishing:

  "Most users have a fairly straightforward algorithm for deciding whether or not to trust something. If it looks like it's coming from Rich, I trust it."
  – Jonna (07:03)

• On Incident Containment:

  "The metric of success is how quickly... you contain the breach. That's the median total time to contain."
  – Jonna (11:28)

• On Communication During Breach:

  "Communications that would be sent out publicly was written before the meeting... allowed for faster engagement."
  – David Spark (13:47)

• On Blame:

  "Blame is orthogonal to what you're trying to accomplish... use the NTSB approach... Refrain from casting blame."
  – Jonna (14:46)

• On AI Risks:

  "People don't worry enough about the risks that AI is bringing... not just the models, but the infrastructure between them."
  – Jonna (18:49, 20:32)

Closing Advice & Takeaways

• Jason:

  "As a CISO, make sure that you know where you're going, know where your cybersecurity program is going. If you don't know what maturity level you're at or the road that you're taking, any path is going to get you there, and it could be the wrong one... Maybe people should read more." (22:11)

• Jonna:

  "...circle back to this whole concept of median total time to contain. Every time you're doing something in your organization, ask yourself how it's going to help you with that." (22:40)

Key Timestamps

• 00:00-02:24 – Panel intros, MongoDB "MongoBleed" discussed
• 02:59-04:19 – N8N “Nightmare” vulnerability
• 05:11-05:54 – Microsoft MFA enforcement for 365 Admins
• 06:50-07:19 – Phishing as a Service threats; email hygiene
• 09:18-15:33 – Brightspeed breach discussion & incident response advice
• 16:38-17:28 – MFA failures in major companies
• 18:49-21:04 – AI, LLM, and prompt injection vulnerabilities
• 22:11-23:08 – Panel closing advice
• 23:44-end – Where to find the panelists and conclusion

Summary

This episode stresses the importance of foundational practices (enforce MFA, patch, tighten email security), the need for better communication and transparency in incident response, and the urgency of preparing for both present and emerging risks—especially in AI. The panel is pragmatic, candid, and leans into actionable wisdom for those facing the “Department of No” decisions every security leader encounters.

Links to resources, speaker profiles, and referenced stories are available at cisoseries.com