Podcasts about threat intelligence

CISA directs agencies to “patch smarter, not harder.” The House fails to extend FISA. Europol pulls over AudiA6. GitHub announces npm security updates. Anthropic rejects Fable 5 jailbreak claims. CISA gives feds three days to patch a critical Ivanti Sentry vulnerability. Google confirms ShinyHunters exploited a critical Oracle PeopleSoft vulnerability. FancyBear shifts part of its infrastructure to compromised edge devices. Pundits push for CyberCorps scholarship budgets. Our guest is Dr. Renée Burton, VP of Threat Intelligence at Infoblox, to discuss scams targeting the World Cup. Amazon drivers sweat through a software update.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Dr. Renée Burton, VP of Threat Intelligence at Infoblox, to discuss the World Cup and fans possibly getting caught out if they use SuperBox to view it. Selected Reading CISA directive orders agencies to prioritize vulnerability patching in a new way (CyberScoop) House votes against extending controversial wiretapping law set to lapse Friday (The Washington Post) Ransomware gangs cut off from EUR 336 million ‘AudiA6' crypto laundering pipeline - Europol analysis links the criminal service to over 15 international cybercrime investigations (Europol) GitHub to Update npm to Thwart Software Supply Chain Attacks (Infosecurity Magazine) Anthropic Disputes Fable 5 AI Jailbreak (SecurityWeek) CISA orders feds to patch actively exploited Ivanti flaw by Sunday (Bleeping Computer) Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters (SecurityWeek) GRU-Linked APT28 Uses MooBot Botnet and Compromised EdgeRouters for Cyber Operations (GB Hackers) CyberCorps is adapting to AI. The budget isn't keeping up. (CyberScoop) Software Update Automatically Turns off Amazon Delivery Drivers' AC During Dangerous Summer Heat (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Your AI chatbot just recommended a software download. You clicked it...along with a GPU cryptominer running silently in the background.Darnley breaks down Microsoft Defender Experts' latest findings on a sophisticated cryptojacking campaign that evolved beyond traditional SEO poisoning into AI search result poisoning, a new delivery technique that turns your trusted AI tools into malware recommendation engines. In this episode, we cover how the attack works from ZIP download to process hollowed miner, why high end GPU owners are deliberately targeted, and the six concrete steps every listener can take today to stop trusting links blindly; whether they come from Google, ChatGPT, or anything in between.The tools are getting smarter. So should we... Listen now. Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

Madeline Sedgwick — Cyber Threat Analyst at Palo Alto Networks and a DUUUUVALLL lifer No Password Required Season 7: Episode 5 – Madeline Sedgwick   Madeline Sedgwick is a  Cyber threat Researcher and Threat Analyst at Palo Alto Networks Unit 42, specializing in nation-state cyber activity, covert infrastructure, and cyber intelligence analysis. Before entering the private sector, she spent six years in the U.S. Navy as an intelligence specialist, helping support some of the earliest cyber operations under United States Cyber Command. In this episode, Madeline shares her journey from joining the Navy to becoming one of the first certified cyber targeteers supporting offensive cyber operations. She discusses the realities of tracking covert threat actor infrastructure, why defenders must understand adversary behavior beyond alerts and signatures, and how intelligence analysis helps uncover the bigger picture behind cyber campaigns. 
Jack Clabby and co-host Sarina Gandy talk with Madeline about fusion analysis, cyber warfare, leadership, and the challenges of translating highly technical investigations into actionable insights for government and industry leaders. She also reflects on the importance of humility in leadership, mentoring, and learning to navigate high-pressure situations with confidence and curiosity. 
In the Lifestyle Polygraph, Madeline debates cybersecurity in the Star Wars universe, explains her Weird Al Yankovic Dragon Con costume, reflects on her time playing bass in a metal band, and proudly shares why Jacksonville, Florida, will always be home.   Follow Madeline on Linked in: https://www.linkedin.com/in/mesedgwick/ Chapters:  02:10 Intro-Madeline Sedgwick  09:00 The Role of Cybersecurity in National Security 12:08 Understanding Covert Networks and Threat Intelligence 14:52 Fusion Analysis in Cybersecurity 18:04 The Importance of Distinguishing Threats 20:52 Challenges in Cybersecurity Response 23:58 Briefing Decision Makers on Cyber Threats 27:52 Understanding Adversary Intent and Risk Communication 30:12 Leadership Lessons from the Navy 34:33 The Importance of Mentorship in Career Development 37:30 The Lifestyle Polygraph: A Fun Twist on Cybersecurity 41:04 Embracing Creativity and Personal Expression 45:50 Pride in Roots: The Jacksonville Connection

Agentic AI was the theme that pulled away from the pack at RSAC Conference 2026. Tony Anscombe of ESET makes the case that once AI shifts from being directed by humans to operating with its own objectives and logic, the security surface changes with it, and organizations are being forced to rethink what they protect and how. At the show, ESET announced two products that meet that moment head on. The ESET AI Skills Checker is a free-to-use tool coming to market. ESET AI Protection looks inside AI sessions on the endpoint, flagging sensitive data leakage, malicious links returned by AI systems, and suspicious behavior, and surfacing it all inside normal cybersecurity operations for investigation, blocking, or detection. Tony closes with a reminder worth keeping. His first RSA was in 1998, and the technology he worked on then (sandboxing, dynamic code, remote windowing, encryption, authentication) mirrors a lot of what walks the RSAC Conference floor today. The packaging evolves, the core principles do not. Build forward, but do not lose sight of what the past already proved. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Tony Anscombe, Chief Security Evangelist, ESET LinkedIn: https://www.linkedin.com/in/tonyanscombe/ RESOURCES Learn more about ESET: https://www.eset.com ESET AI Skills Checker and ESET AI Protection: https://www.eset.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Tony Anscombe, ESET, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, agentic AI, AI security, RSAC Conference 2026, threat intelligence, MDR, EDR, endpoint security, AI Skills Checker, AI Protection, cybersecurity community, multifactor authentication, cybersecurity evolution Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of Unspoken Security, host AJ Nash sits down with Dan O'Day, Senior Consulting Director at Unit 42 by Palo Alto Networks. Dan shares key findings from the 2026 Global Incident Response Report, built from over 750 real-world cyber incidents, covering four major threat trends reshaping the security landscape.Dan breaks down how AI is compressing attack timelines at a dramatic rate. The fastest incidents now move from access to full impact in just 72 minutes, down from 285 minutes the year prior. Attackers are no longer breaking in. They are logging in, using stolen credentials, tokens, and API keys to move laterally and avoid detection. Identity is now the dominant attack surface, playing a material role in nearly 90% of Unit 42's investigations.The conversation closes on a note of cautious optimism. Dan argues that over 90% of breaches stem from preventable gaps, meaning security is solvable. He outlines three priorities for defenders: empowering the SOC to act at machine speed, treating identity as the new perimeter, and securing the entire software supply chain from the first line of code to cloud runtime.Download the Unit 42 Global Incident Response Report 2026 here: https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report?utm_source=linkedin&utm_medium=social&utm_campaign=na&utm_content=pa001134 Send us Fan MailSupport the show

Today’s headline news for Canadian IT solution providers: Acronis has launched Cyber Frame, a new hyperconverged infrastructure (HCI) and infrastructure-as-a-service (IaaS) platform built specifically for managed service providers. The platform allows MSPs to build and deliver infrastructure services with native integration into Acronis’ cyber protection and remote monitoring and management (RMM) tools. Acronis says it is designed to give service providers an alternative to legacy virtualization and hyperscaler cost pressures, offering better margin control and options for both fully hosted and partner-hosted deployments. Citrix has introduced Citrix Platform Flex, a new persona-based secure access model intended to help organizations move away from static, one-size-fits-all IT delivery. The new platform is built to align IT resources more closely with evolving business needs, delivering secure access, managed services, and observability with more flexible and predictable pricing. It acknowledges that different worker profiles require vastly different access parameters in a modern hybrid environment. Upwind has launched its new AI Agentic Pack, adding agent-driven capabilities to its cloud security platform. The tools are designed to help security teams investigate threats, validate active exposures, and prioritize remediation, leaning into the growing industry trend of using autonomous agents to compress the window between threat discovery and response. Nerdio vice president of MSP sales Will Ominsky warned in a Redmond Channel Partner interview today that MSPs who figure out how to monetize AI by the end of 2026 will grab massive market share. He noted that partners who only experiment with AI internally—without building client-facing, revenue-generating AI practices—will be left behind in the coming wave of SMB adoption. Boomi and Red Hat have announced a strategic collaboration to deliver an integrated stack for deploying agentic AI at scale. The partnership combines Boomi’s Agentstudio with Red Hat AI, providing organizations with a framework to orchestrate AI workflows securely without losing control of their data governance or allowing cloud consumption costs to spiral. The U.S. Department of Homeland Security is reportedly scrutinizing Instructure after a massive ransomware attack disrupted its Canvas online learning platform. The breach highlights the growing vulnerability of critical SaaS infrastructure and the widespread supply chain impact when platforms are targeted during peak usage periods, such as university finals week. Canadian cybersecurity provider Plurilock has announced CAD $1.13 million in new critical services contracts. The wins reflect continued momentum for the AI-native security firm as it expands its footprint across both public and private sector environments, capitalizing on the growing need for identity-centric security. [powerpresss] Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Thursday, May 14, 2026, and here’s what’s happening in the channel today. Acronis has launched Cyber Frame, a new hyperconverged infrastructure and infrastructure-as-a-service platform built specifically for managed service providers. The launch comes at a critical time for the channel, as many service providers are actively seeking alternatives to legacy virtualization platforms following recent industry shakeups and pricing model changes. Cyber Frame allows MSPs to build and deliver infrastructure services with native, seamless integration into Acronis’ existing cyber protection and remote monitoring and management tools. Rather than dealing with the unpredictable costs of hyperscale public clouds or the complexity of managing disparate vendor stacks, MSPs can use Cyber Frame to consolidate their service delivery. Acronis says the platform is designed to give service providers significantly better margin control and simplified management. It offers flexible deployment options, allowing partners to choose between a fully hosted model managed by Acronis, or a partner-hosted deployment running on the MSP’s own hardware in their local data center. By combining compute, storage, networking, and security into a single unified platform, Acronis is positioning Cyber Frame as a way for MSPs to scale their infrastructure offerings profitably while maintaining the tight security posture that modern SMB clients demand. Citrix has introduced Citrix Platform Flex, a new persona-based secure access model intended to help organizations move away from static, one-size-fits-all IT delivery. In today’s hybrid work environment, the access requirements for a call center employee, a traveling executive, and a remote software engineer are vastly different. Citrix built Platform Flex to recognize these distinctions, allowing IT teams to align resources, security controls, and application delivery specifically to the varying needs of different worker profiles. The new platform delivers secure application access, managed services, and comprehensive observability under a model designed for more flexible and predictable pricing. By shifting away from rigid licensing structures that often force companies to over-provision resources for basic users, Citrix aims to help enterprises optimize their cloud and infrastructure spending. Platform Flex also incorporates advanced analytics and security policies that adapt in real-time based on user behavior and location. For channel partners, this persona-driven approach provides a clear framework to help enterprise customers rationalize their IT investments, simplify the management of distributed workforces, and ensure that security protocols do not impede productivity for end users who require high-performance access to specialized applications. Upwind has launched its new AI Agentic Pack, adding autonomous, agent-driven capabilities to its cloud security platform. As cloud environments grow increasingly complex and security operations centers face unprecedented alert fatigue, the cybersecurity industry is rapidly shifting toward agentic AI to help manage the load. Upwind’s new tools are specifically designed to help security teams autonomously investigate threats, validate whether theoretical vulnerabilities are actually exposed to active exploitation, and prioritize remediation efforts based on real-world risk. Instead of simply generating more alerts for human analysts to sift through, the Agentic Pack leverages artificial intelligence to actively investigate the root cause of an incident, map the attack path across cloud infrastructure, and propose actionable fixes. This launch leans heavily into the growing necessity of using autonomous agents to drastically compress the window between threat discovery and response. With malicious actors utilizing AI to accelerate their attacks, defenders require matching speed to counter them. For managed security service providers, Upwind’s agentic capabilities offer a pathway to scale their operations, handle a higher volume of telemetry without adding headcount, and provide faster threat containment for their clients. In brief: Nerdio vice president of MSP sales Will Ominsky warned in a Redmond Channel Partner interview today that MSPs who figure out how to monetize AI by the end of 2026 will grab massive market share.  Boomi and Red Hat have announced a strategic collaboration to deliver an integrated stack for deploying agentic AI at scale.  The U.S. Department of Homeland Security is reportedly scrutinizing Instructure after a massive ransomware attack disrupted its Canvas online learning platform.  And Canadian cybersecurity provider Plurilock has announced 1.13 million dollars in new critical services contracts.  Later today on in the channel, we’re talking eCrime Reports and Threat Intelligence with Camerous Tousley and Pedro Kertzman of ESET. And if you missed it yesterday, check out my conversation with Auvik’s Steve Petryschuk on the gap between MSPs’ expectation around AI, and the reality they have realized to date. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.

The central structural shift identified is the acceleration and scaling of cyber risks due to artificial intelligence, which turns formerly expert-driven security processes into repeatable, rapid workflows. Major threat intelligence units, including Google's Threat Intelligence group, are now documenting the use of AI in both identifying and weaponizing software vulnerabilities. The landscape is further shaped by the proliferation of AI-generated and AI-assisted online content, contributing to an environment where traditional verification and control mechanisms are less reliable. The episode presents concrete evidence: Google reported criminal hackers leveraging AI models—explicitly noting the use of non-Google technology—to discover a previously unknown zero day, while The Verge and Wired highlighted AI-assisted attempts to bypass multi-factor authentication and the impact of synthetic content even within cybercrime forums. Research covered by 404 Media documented that by mid-2025, a third of newly published websites were AI-influenced. These observed changes drive threat intelligence teams to treat AI as a working hypothesis in live investigations. Additional supporting developments reinforce the broadening security and operational impact. Tools such as Proofpoint's Prism Investigator and OpenAI's Daybreak show the push toward automated threat detection, investigation, and reasoning pipelines, altering expectations from detection to defensible reconstruction and evidence generation. Analysis of supply chain compromises—such as tampered software installers and malware leveraging already-exposed cloud systems—demonstrates how automation reduces defender response windows while increasing operational pressure on providers. Reports from Small Biz Trends and channel Life show significant implementation gaps, with only a minority of small businesses deploying password managers, and a wide disparity between optimism and readiness for AI-powered security. For MSPs and IT leaders, these trends tighten operational accountability. The tradeoff shifts from focusing on technology stacks to delivering concrete evidence of patch application, identity verification, data retention, and audit support. Providers face increasing pressure to standardize verification workflows, reduce patch validation cycles, and make evidence retention a default process. The operational complexity intensifies—either the MSP develops controls to govern automation and evidentiary rigor, or becomes the default risk absorber for ambiguous, fast-moving attack paths shaped by both client and attacker use of automation.   00:00 Zero-Day  04:06 Speed Gap 06:25 Prove It 10:27 Why Do We Care?  Supported by:  Moovila Zero Networks   

Brad and Spencer break down Google Threat Intelligence Group's latest report on how adversaries are weaponizing AI across the entire attack lifecycle.The big takeaway isn't that AI has magically replaced attackers, but that it's making certain workflows faster, more scalable, and more repeatable. More importantly, AI platforms, agent skills, integrations, and dependencies are now becoming targets themselves.Topics covered include:AI for vulnerability discovery and exploit development: Google's first confirmed case of a zero-day exploit developed entirely with AI, including intentional prompts like "You are currently a network security expert specializing in embedded devices"Claude skills weaponization: A distilled knowledge base of over 85,000 real-world vulnerability cases integrated into AI research workflowsAutomation and scaled research: APT45 sending thousands of repetitive prompts to recursively analyze CVEs and validate proof-of-concept exploitsAI-powered obfuscation techniques: Dynamic modification, evasive payload generation, and decoy logic using Gemini API for just-in-time VBScript obfuscationAutonomous attack orchestration: Moving beyond content generation into sophisticated malware command automation, including PromptSpy navigating Android UI for persistenceAI-enhanced reconnaissance: Generating detailed organizational hierarchies and third-party relationships for high-value targets in finance, security, and HR departmentsInformation operations and deepfakes: Taking legitimate journalist videos, editing in fabricated content, and adding AI-generated voiceoversAttacking AI dependencies: TeamPCP (UNC6780) targeting AI environments as initial access vectors, including March 2026 supply chain attacks on Trivy, Checkmarx, and LiteLLMThe Mini Shai-Hulud worm: May 2026 attacks targeting AI infrastructure and dependenciesDefensive fundamentals: Why inventory, zero trust principles, and behavioral monitoring matter more than everBrad and Spencer emphasize that while the threat landscape is evolving rapidly, doubling down on foundational security practices remains the most effective defense strategy.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Parce que… c'est l'épisode 0x2F3! Shameless plug 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2026 - SSTIC 2026 24 et 25 juin 2026 - Troopers 26 et 27 juin 2026 - leHACK 19 septembre 2026 - Bsides Montréal 1 au 3 décembre 2026 - Forum INCYBER - Canada 2026 24 et 25 février 2027 - SéQCure 2027 Description Présentation des invités Dans cet épisode technique de Polysécure, l'animateur reçoit deux analystes de l'équipe TDR (Threat Detection and Research) de Sekoya. Charles Meslay se spécialise en reverse engineering et en analyse de malware, tandis que Félix Aimé se concentre sur l'étude de campagnes liées à des États — cyberespionnage, sabotage — et joue un rôle central dans le développement d'outils internes pour mener les investigations. L'épisode prend appui sur un billet de blog récemment publié par l'équipe portant sur une campagne d'APT28, groupe étatique lié à la Russie, pour élargir la discussion à l'ensemble du tooling utilisé en CTI. Du reverse engineering manuel à l'automatisation Le point de départ concret est l'analyse d'un malware écrit en .NET, attribué à APT28 et découvert début 2025. Initialement, le travail reposait sur des outils classiques comme dnSpy : une interface graphique permettant de décompiler le code, de renommer les fonctions et de comprendre progressivement leur logique. Ce processus, bien que relativement accessible, est extrêmement chronophage — de une à trois semaines par binaire et par analyste. Avec l'émergence des LLM, Charles a d'abord commencé à copier-coller manuellement des portions de code dans ChatGPT pour accélérer l'analyse. Cette pratique l'a conduit à une idée d'automatisation : la création d'un serveur MCP (Model Context Protocol), un protocole permettant à un LLM d'interagir avec des outils externes via une interface de type API. Ce serveur, mis en open source, est en réalité une brique d'un outil plus large développé en interne : Sara. sarA : un orchestrateur d'analyse automatisée Sara est présentée comme le cœur de l'écosystème d'analyse de Sekoya. Son fonctionnement est le suivant : on lui soumet un fichier, le LLM identifie le type de fichier et sélectionne les outils adaptés — qu'il s'agisse de Ghidra, d'IDA Pro ou d'outils maison en ligne de commande — pour procéder à l'analyse. À l'issue du processus, Sara génère un rapport structuré comprenant la description du comportement du binaire, les différentes couches d'obfuscation détectées, des scripts de désobfuscation si nécessaire, et une liste explicite des angles morts de l'analyse, notamment en cas de limitations liées aux tokens ou au nombre de passes effectuées. Le gain est spectaculaire : le temps d'analyse est passé de plusieurs semaines à quelques minutes. Au-delà du gain de vitesse, Sara a également élargi le cercle des analystes capables de contribuer au reverse engineering, y compris ceux qui n'avaient pas de formation approfondie dans ce domaine. Les analystes spécialisés, comme Charles, continuent quant à eux à intervenir sur les cas complexes que l'outil ne résout pas seul. Un écosystème d'outils progressivement construit Félix retrace l'histoire du tooling interne, développé de façon itérative au fil des années. Au départ, l'équipe disposait d'un simple serveur de cache connecté à des API tierces comme VirusTotal, permettant de limiter la consommation de quotas. Ce serveur a ensuite été refondu pour gérer de manière transparente les clés d'API, simplifiant ainsi la vie des développeurs internes. L'équipe a ensuite créé un ensemble d'API maison pour automatiser des tâches courantes : requêtes DNS, récupération de plages d'IP sur des AS, etc. Ces briques ont permis de construire 150 transformes pour Maltego, un logiciel d'analyse permettant d'appliquer des micro-opérations sur des entités (adresses IP, noms de domaine, etc.) afin d'enrichir les investigations. Aujourd'hui, l'équipe envisage de migrer vers Flosint, une solution open source française au fonctionnement similaire. Pour le suivi dans le temps des infrastructures malveillantes, deux outils ont été développés. Tracker interroge des services comme Shodan, Censys ou VirusTotal avec des règles précises pour surveiller en quasi-temps réel des infrastructures ou des malwares. Irma, plus orientée vers le hunting, permet d'initier des investigations à partir d'heuristiques poussées — par exemple, détecter un nom de domaine enregistré chez un registraire douteux qui résout vers un routeur potentiellement compromis en France. L'ergonomie au cœur du développement Un principe philosophique fort ressort de l'échange : l'ergonomie prime sur la complexité technique. Félix insiste sur le fait que les outils en ligne de commande, aussi puissants soient-ils, finissent par être abandonnés si leur utilisation requiert de consulter le manuel à chaque fois. L'objectif est que l'intégralité des outils soit accessible depuis un navigateur web, via des sous-domaines dédiés, avec une interface de recherche permettant de trouver un outil par mot-clé (par exemple, taper « LLM » pour lister tous les outils liés à l'intelligence artificielle). Cette centralisation présente plusieurs avantages : harmonisation des dépendances, déploiement automatisé via des pipelines CI/CD, et adoption effective par l'ensemble de l'équipe. Comme le résument les deux invités, un outil que personne n'utilise ne vaut rien — peu importe ses capacités techniques. L'IA comme accélérateur transversal L'arrivée des LLM a transformé deux autres facettes du travail. D'abord, le prototypage : là où il fallait parfois des semaines pour valider une preuve de concept, quelques heures suffisent aujourd'hui pour déterminer si une idée mérite d'être poursuivie ou abandonnée. Ensuite, la capitalisation du renseignement. L'équipe ingère des rapports publics d'éditeurs tiers, les modélise au format STIX — un standard structuré d'objets liés (campagnes, groupes d'attaquants, indicateurs de compromission) — et enrichit sa base de connaissance. Ce travail, autrefois fastidieux et manuel, est aujourd'hui en grande partie automatisé grâce aux LLM, avec une revue humaine finale. L'analyste se retrouve alors libéré des tâches répétitives pour se concentrer sur ce qui reste hors de portée de l'IA : la création de règles YARA, le développement de trackers d'infrastructure, et l'identification de détails techniques fins qui nécessitent encore un vrai jus de cerveau. Conclusion Cet épisode offre un regard rare et concret sur le quotidien d'une équipe CTI de pointe. Entre automatisation intelligente, philosophie d'ergonomie et intégration progressive de l'IA, Charles et Félix décrivent un métier en pleine mutation — où l'analyste humain reste indispensable, mais se concentre désormais sur ce qu'il fait le mieux. Notes APT28, sarA Is watching you! Collaborateurs Nicolas-Loïc Fortin Charles Meslay Félix Aimé Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm

In this episode of Unspoken Security, host A.J. Nash sits down with Cynthia Kaiser, SVP at Halcyon's Ransomware Research Center. They explore how ransomware grew from a niche crime into a business, and why security teams now face faster attacks, extortion, and a threat landscape that blurs crime and state activity.Cynthia traces the shift from early encryption schemes to double and triple extortion, then explains how professional crews use access brokers, deepfakes, and AI-assisted phishing to move in hours, not weeks. She also breaks down how Russian-speaking groups, Iranian actors, and state-linked operations use cybercrime for profit, cover, and pressure.She argues that defenders still need the basics: harden identity, patch fast, assume breach, and build response plans that include PR. Cynthia closes with a blunt point: ransomware and fraud are not side issues. They hit hospitals, businesses, and families every day in ways nation-state threats often do not.Send us Fan MailSupport the show

Send us Fan MailWhat happens when cybersecurity meets fatherhood, leadership, and real-life decision making?

In episode 185 of Cybersecurity Where You Are, Sean Atkinson sits down with Brian Calkin, Chief Technology and Innovation Officer at the Center for Internet Security® (CIS®); Theodore "TJ" Sayers, Senior Director of Threat Intelligence at CIS; and Kyle Leonard, Cyber Threat Intelligence Analyst at CIS. Together, they use a risk perspective to discuss artificial intelligence (AI) prompt injection and how to defend against it.Here are some highlights from our episode:00:49. A definition of AI prompt injection for businesses and executives02:16. Brian on his role of guiding AI implementation at CIS03:12. Understanding the urgency surrounding AI prompt injection as a security risk05:32. Signals and trends indicative of threat actors attempting to weaponize prompt injection07:10. How AI prompt injection differs from traditional input validation vulnerabilities11:13. Early indicators that cyber threat intelligence (CTI) teams can monitor15:00. The need to treat AI as a new identity in any enterprise implementation strategy17:10. Understanding the difference: AI safety vs. AI security20:36. Foundational, practical AI security that extends across all sectors24:55. How CIS manages risk and supports the opportunity around the use of AI28:25. The long-term promise of AI-driven vulnerability discovery grounded in fundamentals34:48. Recommendations for piercing through the marketing hype surrounding AIResourcesPrompt Injections: The Inherent Threat to Generative AINew CIS Report Warns Prompt Injection Attacks Pose Growing Risk to Generative AIEpisode 182: Striking a Balance on an AI Adoption JourneyEpisode 120: How Contextual Awareness Drives AI GovernanceMythos AI: What Actually Matters for Cybersecurity LeadersApplying the CIS Controls to Real‑World AI EnvironmentsAn Examination of Generative AI and Physical Threat PlanningAI Playbooks for SLTT Cybersecurity LeadersIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Interview with Jim Spignardo What does it take to build AI workflows that work? Why do so many fail? Jim isn't a typical ESW guest. I think it's essential for security folks to regularly step outside the security bubble and understand other perspectives and mindsets. That's what we're doing today with Jim. He specializes in building custom AI architecture and workflows for his clients. We discuss the state of AI in the enterprise and why so many of these efforts fail. We'll discuss the elements of AI success and whether security plays a role in helping AI efforts succeed or contribute to failures. Segment Resources: https://www.proarch.com/ Cowork vs Cowork - Why Microsoft 365 Copilot Cowork Is the One Built for Enterprise RSAC Exec Interviews, Part 1 Trends Revealed in Fortinet's FortiGuard Labs 2026 Global Threat Landscape Report Fortinet's Global Director of Threat Intelligence and Adversarial AI Research explores the trends revealed in the latest Global Threat Landscape Report from FortiGuard Labs, including a surge in AI-enabled cybercrime. As AI optimizes and accelerates attack techniques, here's how cyber defenders should respond. This segment is sponsored by Fortinet . Visit https://securityweekly.com/fortinetrsac to learn more about them! X-PHY Delivers Hardware-Enforced Security for the Age of AI Agents Camellia Chan, CEO and Co-Founder of X-PHY, discusses how Model Context Protocol (MCP) is making it easier for AI agents to plug into enterprise apps and operate with elevated permissions—creating new opportunities for attacks and data exfiltration. She explains how X-PHY's hardware-enforced monitoring and detection sit beyond the OS trust boundary to enforce immutable limits on what agents can do and stop threats before data is lost, so organizations can adopt agentic AI with confidence. Security leaders looking to deploy AI agents safely can request a demo or briefing with X-PHY at https://securityweekly.com/xphyrsac. RSAC Exec Interviews, Part 2 Introducing Legion Investigator: Goal-Oriented AI Investigations Traditional security playbooks often fail because they cannot capture the fluid, context-dependent reasoning required when a routine investigation hits a non-scripted "judgment point." Legion Investigator addresses this gap by employing goal-oriented AI agents that move beyond rigid scripts to interpret findings and execute complex, multi-step investigations based on your team's unique environment and expertise. By bridging the divide between automated execution and human-level reasoning, the platform ensures that every alert (no matter how unpredictable) is handled with the depth and consistency of a senior analyst. This segment is sponsored by Legion Security. Visit https://securityweekly.com/legionrsac to learn more about them! The Missing Layer in Zero Trust: The Security Policy Control Plane Zero Trust has become the dominant security architecture for hybrid and cloud environments, but many organizations are discovering that deploying enforcement technologies alone does not deliver operational control. Firewalls, cloud security groups, and microsegmentation platforms enforce access decisions, yet the policies behind those controls are often fragmented, difficult to validate, and constantly changing. In this conversation, FireMon CEO Jody Brazil discusses why modern security architectures increasingly require a security policy control plane: a layer that continuously validates how policy is enforced across firewalls, cloud networks, and segmentation platforms. The discussion explores why policy drift occurs in real environments, how enforcement systems become difficult to coordinate at scale, and what organizations must do to ensure Zero Trust policies remain consistent as infrastructure evolves. This segment is sponsored by FireMon. Visit https://securityweekly.com/firemonrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-455

Interview with Jim Spignardo What does it take to build AI workflows that work? Why do so many fail? Jim isn't a typical ESW guest. I think it's essential for security folks to regularly step outside the security bubble and understand other perspectives and mindsets. That's what we're doing today with Jim. He specializes in building custom AI architecture and workflows for his clients. We discuss the state of AI in the enterprise and why so many of these efforts fail. We'll discuss the elements of AI success and whether security plays a role in helping AI efforts succeed or contribute to failures. Segment Resources: https://www.proarch.com/ Cowork vs Cowork - Why Microsoft 365 Copilot Cowork Is the One Built for Enterprise RSAC Exec Interviews, Part 1 Trends Revealed in Fortinet's FortiGuard Labs 2026 Global Threat Landscape Report Fortinet's Global Director of Threat Intelligence and Adversarial AI Research explores the trends revealed in the latest Global Threat Landscape Report from FortiGuard Labs, including a surge in AI-enabled cybercrime. As AI optimizes and accelerates attack techniques, here's how cyber defenders should respond. This segment is sponsored by Fortinet . Visit https://securityweekly.com/fortinetrsac to learn more about them! X-PHY Delivers Hardware-Enforced Security for the Age of AI Agents Camellia Chan, CEO and Co-Founder of X-PHY, discusses how Model Context Protocol (MCP) is making it easier for AI agents to plug into enterprise apps and operate with elevated permissions—creating new opportunities for attacks and data exfiltration. She explains how X-PHY's hardware-enforced monitoring and detection sit beyond the OS trust boundary to enforce immutable limits on what agents can do and stop threats before data is lost, so organizations can adopt agentic AI with confidence. Security leaders looking to deploy AI agents safely can request a demo or briefing with X-PHY at https://securityweekly.com/xphyrsac. RSAC Exec Interviews, Part 2 Introducing Legion Investigator: Goal-Oriented AI Investigations Traditional security playbooks often fail because they cannot capture the fluid, context-dependent reasoning required when a routine investigation hits a non-scripted "judgment point." Legion Investigator addresses this gap by employing goal-oriented AI agents that move beyond rigid scripts to interpret findings and execute complex, multi-step investigations based on your team's unique environment and expertise. By bridging the divide between automated execution and human-level reasoning, the platform ensures that every alert (no matter how unpredictable) is handled with the depth and consistency of a senior analyst. This segment is sponsored by Legion Security. Visit https://securityweekly.com/legionrsac to learn more about them! The Missing Layer in Zero Trust: The Security Policy Control Plane Zero Trust has become the dominant security architecture for hybrid and cloud environments, but many organizations are discovering that deploying enforcement technologies alone does not deliver operational control. Firewalls, cloud security groups, and microsegmentation platforms enforce access decisions, yet the policies behind those controls are often fragmented, difficult to validate, and constantly changing. In this conversation, FireMon CEO Jody Brazil discusses why modern security architectures increasingly require a security policy control plane: a layer that continuously validates how policy is enforced across firewalls, cloud networks, and segmentation platforms. The discussion explores why policy drift occurs in real environments, how enforcement systems become difficult to coordinate at scale, and what organizations must do to ensure Zero Trust policies remain consistent as infrastructure evolves. This segment is sponsored by FireMon. Visit https://securityweekly.com/firemonrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-455

Interview with Jim Spignardo What does it take to build AI workflows that work? Why do so many fail? Jim isn't a typical ESW guest. I think it's essential for security folks to regularly step outside the security bubble and understand other perspectives and mindsets. That's what we're doing today with Jim. He specializes in building custom AI architecture and workflows for his clients. We discuss the state of AI in the enterprise and why so many of these efforts fail. We'll discuss the elements of AI success and whether security plays a role in helping AI efforts succeed or contribute to failures. Segment Resources: https://www.proarch.com/ Cowork vs Cowork - Why Microsoft 365 Copilot Cowork Is the One Built for Enterprise RSAC Exec Interviews, Part 1 Trends Revealed in Fortinet's FortiGuard Labs 2026 Global Threat Landscape Report Fortinet's Global Director of Threat Intelligence and Adversarial AI Research explores the trends revealed in the latest Global Threat Landscape Report from FortiGuard Labs, including a surge in AI-enabled cybercrime. As AI optimizes and accelerates attack techniques, here's how cyber defenders should respond. This segment is sponsored by Fortinet . Visit https://securityweekly.com/fortinetrsac to learn more about them! X-PHY Delivers Hardware-Enforced Security for the Age of AI Agents Camellia Chan, CEO and Co-Founder of X-PHY, discusses how Model Context Protocol (MCP) is making it easier for AI agents to plug into enterprise apps and operate with elevated permissions—creating new opportunities for attacks and data exfiltration. She explains how X-PHY's hardware-enforced monitoring and detection sit beyond the OS trust boundary to enforce immutable limits on what agents can do and stop threats before data is lost, so organizations can adopt agentic AI with confidence. Security leaders looking to deploy AI agents safely can request a demo or briefing with X-PHY at https://securityweekly.com/xphyrsac. RSAC Exec Interviews, Part 2 Introducing Legion Investigator: Goal-Oriented AI Investigations Traditional security playbooks often fail because they cannot capture the fluid, context-dependent reasoning required when a routine investigation hits a non-scripted "judgment point." Legion Investigator addresses this gap by employing goal-oriented AI agents that move beyond rigid scripts to interpret findings and execute complex, multi-step investigations based on your team's unique environment and expertise. By bridging the divide between automated execution and human-level reasoning, the platform ensures that every alert (no matter how unpredictable) is handled with the depth and consistency of a senior analyst. This segment is sponsored by Legion Security. Visit https://securityweekly.com/legionrsac to learn more about them! The Missing Layer in Zero Trust: The Security Policy Control Plane Zero Trust has become the dominant security architecture for hybrid and cloud environments, but many organizations are discovering that deploying enforcement technologies alone does not deliver operational control. Firewalls, cloud security groups, and microsegmentation platforms enforce access decisions, yet the policies behind those controls are often fragmented, difficult to validate, and constantly changing. In this conversation, FireMon CEO Jody Brazil discusses why modern security architectures increasingly require a security policy control plane: a layer that continuously validates how policy is enforced across firewalls, cloud networks, and segmentation platforms. The discussion explores why policy drift occurs in real environments, how enforcement systems become difficult to coordinate at scale, and what organizations must do to ensure Zero Trust policies remain consistent as infrastructure evolves. This segment is sponsored by FireMon. Visit https://securityweekly.com/firemonrsac to learn more about them! Show Notes: https://securityweekly.com/esw-455

Interview with Jim Spignardo What does it take to build AI workflows that work? Why do so many fail? Jim isn't a typical ESW guest. I think it's essential for security folks to regularly step outside the security bubble and understand other perspectives and mindsets. That's what we're doing today with Jim. He specializes in building custom AI architecture and workflows for his clients. We discuss the state of AI in the enterprise and why so many of these efforts fail. We'll discuss the elements of AI success and whether security plays a role in helping AI efforts succeed or contribute to failures. Segment Resources: https://www.proarch.com/ Cowork vs Cowork - Why Microsoft 365 Copilot Cowork Is the One Built for Enterprise RSAC Exec Interviews, Part 1 Trends Revealed in Fortinet's FortiGuard Labs 2026 Global Threat Landscape Report Fortinet's Global Director of Threat Intelligence and Adversarial AI Research explores the trends revealed in the latest Global Threat Landscape Report from FortiGuard Labs, including a surge in AI-enabled cybercrime. As AI optimizes and accelerates attack techniques, here's how cyber defenders should respond. This segment is sponsored by Fortinet . Visit https://securityweekly.com/fortinetrsac to learn more about them! X-PHY Delivers Hardware-Enforced Security for the Age of AI Agents Camellia Chan, CEO and Co-Founder of X-PHY, discusses how Model Context Protocol (MCP) is making it easier for AI agents to plug into enterprise apps and operate with elevated permissions—creating new opportunities for attacks and data exfiltration. She explains how X-PHY's hardware-enforced monitoring and detection sit beyond the OS trust boundary to enforce immutable limits on what agents can do and stop threats before data is lost, so organizations can adopt agentic AI with confidence. Security leaders looking to deploy AI agents safely can request a demo or briefing with X-PHY at https://securityweekly.com/xphyrsac. RSAC Exec Interviews, Part 2 Introducing Legion Investigator: Goal-Oriented AI Investigations Traditional security playbooks often fail because they cannot capture the fluid, context-dependent reasoning required when a routine investigation hits a non-scripted "judgment point." Legion Investigator addresses this gap by employing goal-oriented AI agents that move beyond rigid scripts to interpret findings and execute complex, multi-step investigations based on your team's unique environment and expertise. By bridging the divide between automated execution and human-level reasoning, the platform ensures that every alert (no matter how unpredictable) is handled with the depth and consistency of a senior analyst. This segment is sponsored by Legion Security. Visit https://securityweekly.com/legionrsac to learn more about them! The Missing Layer in Zero Trust: The Security Policy Control Plane Zero Trust has become the dominant security architecture for hybrid and cloud environments, but many organizations are discovering that deploying enforcement technologies alone does not deliver operational control. Firewalls, cloud security groups, and microsegmentation platforms enforce access decisions, yet the policies behind those controls are often fragmented, difficult to validate, and constantly changing. In this conversation, FireMon CEO Jody Brazil discusses why modern security architectures increasingly require a security policy control plane: a layer that continuously validates how policy is enforced across firewalls, cloud networks, and segmentation platforms. The discussion explores why policy drift occurs in real environments, how enforcement systems become difficult to coordinate at scale, and what organizations must do to ensure Zero Trust policies remain consistent as infrastructure evolves. This segment is sponsored by FireMon. Visit https://securityweekly.com/firemonrsac to learn more about them! Show Notes: https://securityweekly.com/esw-455

Hablamos con Jaime Blasco (@jaimeblascob) de campañas de Corea del Norte contra el resto del mundo. Jaime es el CEO y cofundador de Nudge Security, con más de 15 años de experiencia en ciberseguridad y uno de los referentes mundiales en Threat Intelligence. Anteriormente fue Chief Scientist en AlienVault y lideró Alien Labs en AT&T Cybersecurity, además de ser cofundador de Open Threat Exchange, una de las mayores comunidades de inteligencia de amenazas del mundo. Con él analizamos cómo Corea del Norte ha evolucionado desde ataques técnicos tradicionales hacia modelos mucho más sofisticados basados en infiltración laboral, ingeniería social y ataques a la cadena de suministro, por qué este enfoque está funcionando tan bien y cómo está cambiando por completo la superficie de ataque de las empresas, terminando con su visión sobre hacia dónde van estas amenazas y qué pueden hacer las organizaciones para prepararse ante un escenario donde el atacante ya no está fuera, sino dentro. ⭐️ SPONSORS ⭐️ ️‍♂️ Flare Flare es una plataforma de inteligencia de amenazas y monitoreo de la Dark Web que te ayuda a estar un paso por delante de los ciber-delincuentes. Puedes solicitar una prueba gratuita como oyente de Tierra de Hackers aquí:  https://try.flare.io/martin-vigo/ REDES SOCIALES - Twitter: https://twitter.com/tierradehackers - Instagram: https://instagram.com/tierradehackers - TikTok: https://tiktok.com/@tierradehackers - LinkedIn: https://linkedin.com/company/tierradehackers - Facebook: https://facebook.com/tierradehackers Únete al canal oficial de Discord para conectar con la comunidad de Tierra de Hackers: https://tierradehackers.com/discord Apóyanos en Patreon y obtén beneficios exclusivos y merchandising: https://patreon.com/tierradehackers Notas, links y referencias del episodio: https://www.tierradehackers.com/episodio-143

In this episode of Unspoken Security, host A.J. Nash sits down with Erin West, Founder at Operation Shamrock. They explore the “scamdemic” and the scams draining wealth at industrial scale. Erin explains why business email compromise, government impersonation, and romance scams work so well: they use fear, trust, urgency, and loneliness.She then breaks down pig butchering, a long con that starts with a stray text and grows into a fake relationship and a fake crypto investment. Victims think they are building love and wealth at the same time. Instead, scammers push them to empty savings, tap retirement accounts, and borrow more.Erin also exposes the system behind the fraud. Many scammers are trafficking victims forced to work inside compounds in Cambodia, Myanmar, and beyond. She argues this is both a financial crime and a human rights crisis, and she calls for stronger reporting, public awareness, and international pressure.Send us Fan MailSupport the show

The security operations center is under pressure from every direction -- rising alert volumes, fragmented data environments, and a skills gap that no amount of hiring fully closes. At RSAC Conference 2026, Monzy Merza of Crogl sat down with Sean Martin and Marco Ciappelli to talk about what the AI-enabled SOC actually looks like when it is working at enterprise scale. Crogl recently published the State of the AI SOC report, a survey of more than 600 organizations. The headline finding: nearly 40% of alerts go completely unattended. Not triaged. Not escalated. Just missed. The report also found that a large share of respondents rank the security of an AI system above its raw capability -- trust before performance. Merza says the goal of the report was part data, part demystification, and part empathy building -- giving security leaders permission to recognize that everyone is dealing with the same problems. Crogl's knowledge engine is built on a foundational premise: data is fragmented in the enterprise, and that is not going to change. Rather than requiring data normalization before analysis, Crogl builds an enterprise semantic knowledge graph that maps relationships across data lakes, SIEMs, and SOAR platforms, wherever the data lives. Analysts no longer need to navigate schemas or query languages. Crogl handles the investigation and surfaces what matters. Merza describes two compressor effects his customers experience. A competency compressor allows any analyst to draw on multiple data lakes at once. A domain knowledge compressor lets Crogl work across alert types -- phishing, endpoint, and beyond -- rather than routing each to a specialist. The result is a team that operates well above its apparent headcount. One customer example: a CISA advisory that would take hours to manually parse can be uploaded into Crogl and assessed across the enterprise footprint -- IOC mapping and detection coverage -- in sub-hours. The same logic extends to compliance, where audit data calls that once required manual query-by-query execution can now be executed by Crogl against a full 500-query data call at once. On the jobs question, Merza takes a clear position: AI will create more security jobs, not fewer. Every new AI deployment is a new attack surface. Every new footprint needs to be defended. The repetitive tier-one work is going away -- but the volume of meaningful security work is expanding and the entry level is rising. The organizations getting ahead of this are already standing up AI review boards and putting security capability at the center of how they evaluate new AI tools. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Monzy Merza, Co-Founder and CEO, Crogl LinkedIn: https://www.linkedin.com/in/monzymerza RESOURCES State of the AI SOC Report (free download): https://www.crogl.com Crogl: https://www.crogl.com AI SOC Summit: https://aisocsummit.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Monzy Merza, Crogl, Sean Martin, Marco Ciappelli, brand spotlight, brand marketing, marketing podcast, brand story, AI SOC, security operations center, SOC automation, AI in cybersecurity, alert fatigue, security data lakes, SIEM integration, enterprise knowledge graph, threat intelligence, CISA advisory, Volt Typhoon, RSAC Conference 2026, RSAC 2026, cybersecurity AI, autonomous investigation, SOC analysts, security workforce, CISO strategy Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

On the RSAC Conference show floor, Tony Anscombe shared how ESET has expanded its threat intelligence offering with ECR reports -- designed to give commercial organizations both machine-readable feeds and human-readable analysis. The reason: threat actors are increasingly hard to attribute, they share tools, run coordinated campaigns, and reinvest profits into more sophisticated operations. Having someone do the research and surface actionable intelligence is no longer a luxury. Anscombe pointed to a telling campaign pattern from last year: threat actors refined attack methods against UK retailers, then rapidly adapted those same techniques against US retailers. The implication is clear -- your business may be unique in its infrastructure, but it is not unique in its sector. Understanding how your sector is being targeted is the foundation of a prevention-first posture. Automation came up as equally non-negotiable. If it takes three days to collect all the information needed to make a determination about an incident, the post-attack phase has already begun. ESET Inspect is designed to flip that equation: when an analyst opens an incident, the forensic analysis is done, the evidence is visualized, and the determination can be made on facts rather than gathered through investigation. Anscombe was careful to draw a line between automation as speed and automation as replacement. ESET's position is that AI should operate alongside human expertise -- trust and verify applies to AI-assisted analysis just as it does to any intelligence feed. Oversight remains essential, even as the tooling gets faster. A preview of upcoming survey data offered one of the more striking moments in the conversation. Roughly 35% of SMBs using MDR are sourcing that service directly from their cyber insurer. Anscombe flagged the monoculture risk: when a large share of businesses in the same sector run identical security stacks, a single point of failure becomes a sector-wide vulnerability. His advice after 30 years in the industry -- different organizations should deliberately choose different platforms to maintain diversity. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Tony Anscombe, Chief Security Evangelist, ESET LinkedIn: https://www.linkedin.com/in/tonyanscombe/ RESOURCES ESET: https://www.eset.com ESET Threat Intelligence: https://www.eset.com/int/business/services/threat-intelligence/ Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Tony Anscombe, ESET, Sean Martin, Marco Ciappelli, brand spotlight, brand marketing, marketing podcast, threat intelligence, cyber resilience, MDR, EDR, XDR, managed detection and response, SMB security, cybersecurity automation, RSAC Conference 2026, prevention-first security, cyber insurance, monoculture risk, ESET Inspect, APT research Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Iranian-linked hackers warn of possible “irreparable” attacks on U.S. water systems. CISA pushes urgent fixes for a critical Citrix flaw. The Dutch Finance Ministry takes systems offline after a breach. Space Force may scrap next-gen GPS control software. Attackers exploit a Fortinet server bug. Lloyds exposes customer transaction data. AI and regulation reshape cyber careers. The FTC settles with a dating app over data sharing. Sam Rubin, SVP, Palo Alto Networks Unit 42 Consulting and Threat Intelligence, discusses Iran's shift to identity weaponization. Wikipedia wrestles with a wayward writer. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We will be sharing a series of interviews we held at RSAC 2026 over the next few weeks. Sam Rubin, SVP, Palo Alto Networks Unit 42 Consulting and Threat Intelligence, discussing Iran's shift to identity weaponization. If you enjoyed this conversation, tune in here to listen to the full conversation. Selected Reading Iranian Cyberthreats Test US Infrastructure Defenses (BankInfo Security) CISA tells federal agencies to patch Citrix NetScaler bug by Thursday (The Record) Dutch Ministry of Finance takes treasury systems offline amid cyber incident investigation (Security Affairs) After 16 years and $8 billion, the military's new GPS software still doesn't work (Ars Technica) Exploitation of Critical Fortinet FortiClient EMS Flaw Begins (SecurityWeek) Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers (Infosecurity Magazine) SANS Research: The Cybersecurity Talent Shortage Narrative Is Wrong. The Real Crisis Is Skills, and AI Just Rewrote the List. (Yahoo Finance) FTC Takes Action Against Match and OkCupid for Deceiving Users by Sharing Personal Data with Third Party (FTC) Business Briefing (N2K Pro)  An AI Agent Was Banned From Creating Wikipedia Articles, Then Wrote Angry Blogs About Being Banned (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Hewlett Packard Enterprise has been rethinking what it means to secure an enterprise network -- and the answer they keep arriving at is that security cannot be an afterthought. At RSAC Conference 2026, Mounir Hahad, Head of HPE Threat Labs, sat down with Sean Martin to walk through what that philosophy looks like in practice and what two major announcements at the show mean for security teams. One of those announcements is the HPE AI firewall -- a solution built specifically for organizations trying to govern how employees use generative AI tools without shutting down innovation. Mounir Hahad frames the challenge directly: gen AI has doubled the attack surface, and organizations that fail to act risk both data leakage and a loss of confidence in the technology itself. The AI firewall starts with visibility -- showing which AI services employees are using, what data is moving where, and whether private information is leaking to external services -- and then gives administrators the tools to set and enforce policy. The second announcement is the formal launch of HPE Threat Labs, which brings together threat research capabilities from both Hewlett Packard Enterprise and the former Juniper Networks. The combined team covers both threat analysis and vulnerability analysis -- capabilities that were previously siloed. HPE Threat Labs has published its inaugural In the Wild threat report, drawing on telemetry, honeypots, and open-source intelligence to give CISOs and decision makers a clear view of how cybercrime has industrialized, why attacks are increasingly targeted, and why high-confidence alerts matter more than ever. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Mounir Hahad, Head of HPE Threat Labs, Hewlett Packard Enterprise LinkedIn: https://www.linkedin.com/in/mounirhahad/ RESOURCES HPE Threat Labs: https://www.hpe.com HPE Threat Labs 2026 In the Wild Threat Report: https://www.hpe.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Mounir Hahad, Hewlett Packard Enterprise, HPE, HPE Threat Labs, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, AI firewall, generative AI security, network security, threat intelligence, SASE, cybercrime, RSAC Conference 2026, threat research, enterprise security, AI governance, cybersecurity Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Tony Anscombe has attended RSA Conference since 1998 -- back when it was held at the Fairmont Hotel. That long view informs everything about how ESET approaches threat intelligence. It is not about volume. It is about accuracy, speed, and putting the right signal in front of the right team at the right moment. The ESET eCrime Ecosystem Report comes in two forms: a business-facing summary outlining current risks for leadership, and a long-form technical report for analysts -- complete with IOCs, coding examples, and structured intelligence feeds covering ransomware, crypto scams, malicious email attachments, and infostealer data. These feeds are built to plug directly into SOC workflows and firewall rules, not to create more work for already stretched teams. Tony Anscombe is direct about the quality problem in threat intelligence. Open-source feeds sound appealing -- until you factor in the analyst hours required to clean out the noise. By then, the intelligence is stale. Attacks circle the globe in hours. Near-real-time, verified intelligence is not a premium -- it is the baseline requirement. The threat detection conversation has also moved well past malware. Anscombe walks through how modern attackers often skip the payload entirely -- credential theft gets them in, then slow lateral movement and data exfiltration follow, with ransomware as the final act rather than the first signal. ESET's platform focuses on behavioral anomaly detection across the full environment, with on-site, cloud, and managed deployment options for organizations that cannot or will not go all-in on cloud architecture. At RSAC Conference 2026, ESET will be at booth 5253 in Moscone North. Anscombe has two sessions on the Wednesday agenda: one on supply chain blind spots -- urging security teams to engage directly with the business side to map third-party risk fully -- and a community rant session tackling four things that need to change in cybersecurity, including the cryptocurrency regulation debate. On AI, his message is measured: the real conversation at the show is not about using AI -- it is about securing it. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Tony Anscombe, Chief Security Evangelist, ESET LinkedIn: https://www.linkedin.com/in/tonyanscombe/ RESOURCES ESET website: https://www.eset.com ESET threat research blog (WeLiveSecurity): https://www.welivesecurity.com ESET at RSAC Conference 2026 -- Booth 5253, Moscone North Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Tony Anscombe, ESET, Sean Martin, RSAC Conference 2026, eCrime, threat intelligence, eCrime Ecosystem Report, cybersecurity, endpoint protection, MDR, threat detection, supply chain security, AI security, ransomware, infostealer, brand spotlight, brand marketing, marketing podcast, brand story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

⬥EPISODE NOTES⬥ The conversation that led to this episode started with a LinkedIn post -- and it quickly surfaced a challenge that security leaders across industries are wrestling with but rarely talk about openly: who is actually responsible for protecting the people inside an organization, not just the systems they use? Roland Cloutier has sat in some of the most demanding security leadership seats in the world -- Global CSO at TikTok/ByteDance, a decade as Global CSO at ADP, and VP and CSO at EMC -- and he now advises CISOs and CSOs through The Business Protection Group. His lens is converged security: the deliberate integration of cyber, physical, privacy, and people-risk under a unified program and leadership model. Roland identifies three patterns that typically bring organizations to him. First, an emergent crisis -- a threat against an executive, a workplace violence incident, a travel security failure -- that suddenly exposes the absence of a coherent protection program. Second, a cost and structure conversation where the CEO is tired of receiving two different risk pictures from two different security leaders and wants a single accountable voice. Third, a board-driven inquiry where general counsel or the CEO is being asked questions about executive resilience and duty of care that nobody inside the organization can confidently answer. What makes this conversation particularly sharp is Roland's framing of convergence not as an org chart exercise, but as a force multiplier. A unified threat intelligence picture -- one that covers cyber, physical, executive, brand, and customer risk simultaneously -- enables cleaner prioritization, better resource allocation, and a fundamentally stronger conversation with the CEO. The alternative, which he has seen firsthand, is four separate threat management platforms reporting independently with no team working across all of them. The episode also pushes into territory that most security programs have not yet mapped: employee protection at scale. Not bodyguards for everyone, but the organizational consciousness to monitor for geographic threats, proactively check in with distributed employees during major events, and build a duty-of-care posture that extends beyond the office walls into people's home lives and total risk environment. For high-risk employees -- those with keys to the kingdom, not just C-suite titles -- that responsibility extends further still. For CISOs and CSOs wondering where to start, Roland offers a practical crawl-walk-run framework: start with shared services rather than full convergence, open the conversation with leadership, surface the gaps the business already knows exist, and build a financial and risk model that makes sense for your specific organization. The goal is a converged security program that treats people -- not just infrastructure -- as an asset worth protecting. ⬥GUEST⬥ Roland Cloutier, Principal at The Business Protection Group | On LinkedIn: https://www.linkedin.com/in/rolandcloutier/ ⬥HOST⬥ Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ ⬥RESOURCES⬥ The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ⬥ADDITIONAL INFORMATION⬥ On ITSPmagazine: https://www.itspmagazine.com/ On YouTube: https://www.youtube.com/@itspmagazine On LinkedIn Newsletter: https://itspm.ag/future-of-cybersecurity Sean Martin's Contact Page: https://www.seanmartin.com/ ⬥KEYWORDS⬥ roland cloutier, the business protection group, sean martin, executive protection, employee protection, converged security, physical security, ciso, cso, duty of care, threat intelligence, workplace violence, security convergence, business resilience, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

⬥EPISODE NOTES⬥ The conversation that led to this episode started with a LinkedIn post -- and it quickly surfaced a challenge that security leaders across industries are wrestling with but rarely talk about openly: who is actually responsible for protecting the people inside an organization, not just the systems they use? Roland Cloutier has sat in some of the most demanding security leadership seats in the world -- Global CSO at TikTok/ByteDance, a decade as Global CSO at ADP, and VP and CSO at EMC -- and he now advises CISOs and CSOs through The Business Protection Group. His lens is converged security: the deliberate integration of cyber, physical, privacy, and people-risk under a unified program and leadership model. Roland identifies three patterns that typically bring organizations to him. First, an emergent crisis -- a threat against an executive, a workplace violence incident, a travel security failure -- that suddenly exposes the absence of a coherent protection program. Second, a cost and structure conversation where the CEO is tired of receiving two different risk pictures from two different security leaders and wants a single accountable voice. Third, a board-driven inquiry where general counsel or the CEO is being asked questions about executive resilience and duty of care that nobody inside the organization can confidently answer. What makes this conversation particularly sharp is Roland's framing of convergence not as an org chart exercise, but as a force multiplier. A unified threat intelligence picture -- one that covers cyber, physical, executive, brand, and customer risk simultaneously -- enables cleaner prioritization, better resource allocation, and a fundamentally stronger conversation with the CEO. The alternative, which he has seen firsthand, is four separate threat management platforms reporting independently with no team working across all of them. The episode also pushes into territory that most security programs have not yet mapped: employee protection at scale. Not bodyguards for everyone, but the organizational consciousness to monitor for geographic threats, proactively check in with distributed employees during major events, and build a duty-of-care posture that extends beyond the office walls into people's home lives and total risk environment. For high-risk employees -- those with keys to the kingdom, not just C-suite titles -- that responsibility extends further still. For CISOs and CSOs wondering where to start, Roland offers a practical crawl-walk-run framework: start with shared services rather than full convergence, open the conversation with leadership, surface the gaps the business already knows exist, and build a financial and risk model that makes sense for your specific organization. The goal is a converged security program that treats people -- not just infrastructure -- as an asset worth protecting. ⬥GUEST⬥ Roland Cloutier, Principal at The Business Protection Group | On LinkedIn: https://www.linkedin.com/in/rolandcloutier/ ⬥HOST⬥ Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/ ⬥RESOURCES⬥ The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/ More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ⬥ADDITIONAL INFORMATION⬥ On ITSPmagazine: https://www.itspmagazine.com/ On YouTube: https://www.youtube.com/@itspmagazine On LinkedIn Newsletter: https://itspm.ag/future-of-cybersecurity Sean Martin's Contact Page: https://www.seanmartin.com/ ⬥KEYWORDS⬥ roland cloutier, the business protection group, sean martin, executive protection, employee protection, converged security, physical security, ciso, cso, duty of care, threat intelligence, workplace violence, security convergence, business resilience, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Madhav Nakar — AI Security Researcher and Documentarian of Spirituality and Play   No Password Required Season 7: Episode 3 - Madhav Nakar   Madhav Nakar is a Security Researcher at BeyondTrust specializing in identity threats, endpoint security, and cloud attack paths. With a background in theoretical mathematics, his current research focuses on analyzing attacker behavior to build practical systems of detection.   In this episode, Madhav shares the pivotal moments that shaped his career, including his first experience witnessing a nation-state attack unfold in real time from his seat in a SOC. He explains how mathematical thinking sharpens security strategy and why strong research is rooted in exploration, not predetermined outcomes.   Jack Clabby of Carlton Fields, joined by co-host Kayley Melton of the Cognitive Security Institute, welcomes Madhav for a conversation on modern cyber defense. From AI-driven attacks and agentic systems to privilege escalation risks in role-based access environments, Madhav breaks down what teams are getting wrong about AI and why defending against AI increasingly requires AI-powered tools.   The conversation turns to Madhav's philosophy of “serious play,” where curiosity, experimentation, and failure fuel better research and resilience. He also shares insights from his spiritual and philosophy project, The Fire of Knowing, exploring consciousness and belief through a neutral lens.   In the Lifestyle Polygraph, Madhav pitches a cybersecurity documentary, debates growth versus comfort, and reflects public dancing experiments.  Follow Madhav Nakar here: https://www.linkedin.com/in/madhav-nakar/ Follow "The Fire of Knowing" on Instagram and Youtube!  CHAPTERS:  00:00 Introduction with Kayley and Jack 08:08 Transition from Theoretical Math to Cybersecurity 16:13 Exploring Spiritual Traditions and Madhav's Documentary 19:48 The Intersection of Art and Science in Content Creation 25:20 The Lifestyle Polygraph: Challenging Perspectives on Security

In this Risky Business sponsor interview, Catalin Cimpanu talks with Alex Orleans, Head of Threat Intelligence at Sublime Security, about the increase in email attacks leveraging Zoom invites and other video conferencing tools. Show notes Key findings from the 2026 Sublime Email Threat Research Report Scammers actively targeting real estate agents with remote access attacks Fake Google Meet invitation, fake Microsoft Store, real malware attack Alex Orleans on LinkedIn

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Greg Schlomer and Vlad H. to discuss new research on Jasper Sleet, a North Korean–aligned threat actor incorporating AI into active operations.  The conversation examines how AI is being integrated across the attack lifecycle — from highly tailored phishing lures and fabricated job applicant personas to accelerating malware development and refining operational workflows. Rather than treating AI as a novelty, Jasper Sleet is using it to increase speed, scale, and adaptability while reducing many of the friction points that once slowed campaigns.  They also explore what this shift means for defenders. As AI compresses iteration cycles and lowers barriers to entry, traditional attribution signals evolve, influence operations become more convincing, and defensive teams must tighten the loop between intelligence, detection, and response. This is less about experimentation and more about the operationalization of AI as part of modern tradecraft.  In this episode you'll learn:       How AI is changing the speed at which cyber operations evolve  Why jailbreaking AI models is often trivial for motivated adversaries   The strategic implications of AI leveling the playing field between threat actors  Some questions we ask:      Is there resistance among experienced malware authors to adopting AI?  Are we seeing fully AI-written malware in the wild?  What stands out about Jasper Sleet's use of AI?    Resources:   View Greg Schloemer on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.  Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Greg Schlomer and Vlad Honyanyy to discuss new research on Jasper Sleet, a North Korean–aligned threat actor incorporating AI into active operations.  The conversation examines how AI is being integrated across the attack lifecycle — from highly tailored phishing lures and fabricated job applicant personas to accelerating malware development and refining operational workflows. Rather than treating AI as a novelty, Jasper Sleet is using it to increase speed, scale, and adaptability while reducing many of the friction points that once slowed campaigns.  They also explore what this shift means for defenders. As AI compresses iteration cycles and lowers barriers to entry, traditional attribution signals evolve, influence operations become more convincing, and defensive teams must tighten the loop between intelligence, detection, and response. This is less about experimentation and more about the operationalization of AI as part of modern tradecraft.  In this episode you'll learn:       How AI is changing the speed at which cyber operations evolve  Why jailbreaking AI models is often trivial for motivated adversaries   The strategic implications of AI leveling the playing field between threat actors  Some questions we ask:      Is there resistance among experienced malware authors to adopting AI?  Are we seeing fully AI-written malware in the wild?  What stands out about Jasper Sleet's use of AI?    Resources:   View Greg Schloemer on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.  Learn more about your ad choices. Visit megaphone.fm/adchoices

In episode 178 of Cybersecurity Where You Are, Sean Atkinson sits down with Theodore "TJ" Sayers, Senior Director of Threat Intelligence at the Center for Internet Security® (CIS®). Together, they discuss how to mount an appropriate defense to Iranian threat activity observed in February and March 2026.Here are some highlights from our episode:00:58. Iran's historical tit-for-tat style of cyber operations02:50. Regional targets: A primary focus of Iran's state-sponsored threat actors04:05. What the CIS Cyber Threat Intelligence (CTI) team is watching for05:19. Contextualizing a drop in precursor-related threat activity from Iran06:59. Sectors directly and indirectly affected by observed Iranian threat activity09:12. Password spraying, data wipers, and more: Common TTPs of Iranian threat groups11:50. The importance of cybersecurity awareness training in countering TTPs that still work16:07. Advice to SOC managers: How to detect what CIS CTI is expecting the most21:25. NASCIO's Top 10 Priorities as a guide for framing strategic risk of Iran's threat activity26:39. What an effective threat intel team does and does not do29:29. Community defense for U.S. State, Local, Tribal, and Territorial (SLTT) organizationsResourcesMulti-State Information Sharing and Analysis Center®Snap Call: Public Sector Threat Update Amid Conflict in IranHow to Defend Against Iran's Cyber Retaliation PlaybookCloudflare | Traffic in IranEpisode 143: Iran's Growing Multidimensional Threat ActivityEpisode 142: SLTTs and Their Nuanced Cybersecurity NeedsMS-ISAC Guide to DDoS AttacksExploited Protocols: Remote Desktop Protocol (RDP)Commonly Exploited Protocols: Server Message Block (SMB)State CIO Top Ten Policy and Technology Priorities for 2026If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In this special episode of The Gate 15 Interview, Andy Jabbour speaks with experts from the Information Sharing and Analysis Center (ISAC) community on the ongoing war with Iran, implications for critical infrastructure and how the community is responding, and related conversation. Leaders and experts include:Denise Anderson, President and CEO, Health-ISAC and Chairwoman of the National Council of ISACs (NCI)Michael Ball, CEO, E-ISAC, and SVP NERCJonathan Braley, Director of Threat Intelligence, IT-ISACChuck Egli, Director of Security and Resilience Operations, WaterISACAnna Mentzer-Hernández, Cyber Threat Intelligence Senior Analyst, ONE-ISACIn the discussion the panel covers:What has been happening in information sharing, security and resilience since Operation Epic Fury beganCritical infrastructure resilienceWhat the ISACs have been doing, with members, cross-sectorally, and with government and other partnersWhat we're seeing, not seeing, and would like to see from the U.S. Government and CISA at this timePlaying guitar, baking bread and staying sane and not burning out during crisis and incident responseAnd more, including some encouraging closing thoughtsSelected links:National Council of ISACsE-ISACHealth-ISACIT-ISACONE-ISACWaterISAC

As the war in the Middle East intensifies, one risk facing American banks is the possibility of cyber attacks by hackers linked to Iran. There is some historical precedent for this: from late 2011 to mid-2013, nearly 50 financial institutions in the U.S. were attacked repeatedly by a group of hackers aligned with the Iranian government. The attacks disabled bank websites and prevented customers from accessing their accounts. Marketplace's Stephanie Hughes spoke with Rafe Pilling, Director of Threat Intelligence with the cybersecurity firm Sophos about what those attacks looked like and whether banks are better equipped to fend off those attacks now.

Unit 42 is tracking more than 60 active hacktivist groups and Iran-linked threat actors right now. What are they actually doing, what should you believe, and what should you do about it? In this episode of Threat Vector, David Moulton sits down with Justin Moore, Senior Manager of Threat Intelligence Research at Unit 42, and Andy Piazza, Senior Director of Threat Intelligence at Unit 42, to walk through the Unit 42 Iran Threat Brief and what the observed activity means for defenders. You'll learn: - What Unit 42 is actually observing from groups like Handala Hack, FAD Team, and Dark Storm, and what claims remain unverified - Why Iran's reduced internet connectivity changes the threat picture in ways that aren't obvious - What dispersed operators and proxy groups mean for organizations far outside the Middle East - Which defensive actions matter most against the TTPs and IOCs Unit 42 has documented - How to handle hacktivist claims that may be exaggerated or false Justin Moore brings nine years of intelligence officer experience plus senior threat intel roles at Mandiant, Google, and TikTok before joining Unit 42. Andy Piazza has more than 20 years in security operations and threat intelligence, including leading IBM X-Force's global threat intel team. Read the threat brief from Unit 42:  - Escalation of Cyber Risk Related to Iran (March 2026) - Escalation of Cyber Risk Related to Iran (June 2025) This episode is essential listening if you're: a CISO assessing current exposure, a threat analyst tracking Iran-linked groups, or a security leader who needs to explain the actual observed risk to your board. Related Episodes: - Inside the Mind of State-Sponsored Cyberattackers - Frenemies With Benefits - From Policy to Cyber Interference #Cybersecurity #ThreatIntelligence About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

As the war in the Middle East intensifies, one risk facing American banks is the possibility of cyber attacks by hackers linked to Iran. There is some historical precedent for this: from late 2011 to mid-2013, nearly 50 financial institutions in the U.S. were attacked repeatedly by a group of hackers aligned with the Iranian government. The attacks disabled bank websites and prevented customers from accessing their accounts. Marketplace's Stephanie Hughes spoke with Rafe Pilling, Director of Threat Intelligence with the cybersecurity firm Sophos about what those attacks looked like and whether banks are better equipped to fend off those attacks now.

NIST is falling behind on vulnerability scoring — and the gap is growing. In this episode, Peter and Steph break down what that means for IT and security teams relying on CVE data to prioritize patching, and how Automox is solving it.We cover:Why NIST's National Vulnerability Database has a growing backlog and what's causing itHow incomplete vulnerability data creates blind spots in your patch management programAutomox's new partnership with VulnCheck to deliver real-time vulnerability intelligenceWhat KEV (Known Exploitable Vulnerabilities) data is and why your leadership team cares about itExpanding from fewer than 10 third-party apps to 70% coverage across 500+ supported applicationsThe rollout plan from third-party apps to macOS, Windows, and LinuxWhether you're running a mature vulnerability management program or just getting started, this episode lays out how the vulnerability data landscape is shifting and what you can do to stay ahead of real-world threats.

What does it take to go undercover with international cybercriminals — with no backup, no safe house, and no script? In this episode of The Audit, Richard LaTulip, Field CISO at Recorded Future and former U.S. Secret Service agent, pulls back the curtain on three years of undercover operations spanning Thailand, Dubai, Macau, and China. From buying stolen credit card data in bulk to handing cheap government-issued laptops to disappointed hackers, Richard shares the raw, unfiltered reality Hollywood never shows you. Co-hosts Joshua J Schmidt, Eric Brown, Nick Mellem, and Jen Lotze dig into the psychology of social engineering, the stark differences between nation-state and financially motivated threat actors, and why your employees are simultaneously your greatest asset and your biggest vulnerability. Richard breaks down how SolarWinds revealed the patience of nation-state operations, why cultural awareness is a cybersecurity weapon, and how organizations can shift security from a cost center to a value driver. 

In this episode of Unspoken Security, host AJ Nash sits down with Bob Fabien “BZ” Zinga, a cybersecurity executive and Naval Information Warfare Commander in the U.S. Navy Reserve. They explore how performative leadership shows up in security teams, and why values on a wall fail when pressure hits.BZ argues that optics without accountability kills trust. When leaders bend with politics or budgets, engaged employees go quiet. That silence hides risk. He shares how breaches often trace back to human choices, including a W-2 phishing scam that exposed employees' data and changed his own life. He also pushes blameless postmortems and clear escalation paths.From there, the conversation moves to AI. BZ warns that teams can automate bias and outsource judgment. He calls for guardrails, regulation, and human oversight, especially in high-stakes decisions. He closes with a simple standard: speak up for fairness, even when silence would feel safer.Send a textSupport the show

Join the PreparedEx Podcast as we sit down with Scott Wilcox from the Sicuro Group, a global leader in travel risk, duty-of-care programs, and threat intelligence. We discuss how modern travel risk management evolves beyond compliance, how real-time intelligence informs critical decisions, and why duty of care has become a strategic business capability. In this... The post Navigating Risk: Inside the Modern Travel Risk & Threat Intelligence Landscape appeared first on PreparedEx.

In this episode of Unspoken Security, host AJ Nash sits down with Galya Westler, Co-Founder and CEO at HumanBeam. They explore how advances in AI, digital identity, and holographic technology are reshaping the way organizations interact with people—while raising tough questions about privacy, ownership, and trust.Galya shares how her work began in health technology, connecting patients to care during pandemics, and evolved into building secure, lifelike AI avatars for real-world use. She explains why protecting personal likeness and voice matters more than ever, especially as AI tools become more convincing and accessible. Galya stresses the need for consent, encryption, and clear boundaries to keep digital identities safe and organizations accountable.Together, AJ and Galya dig into the risks and rewards of merging human presence with AI. They discuss how thoughtful design and strong security practices can support experts instead of replacing them, and why education and authenticity are key as we build a future where technology and humanity work side by side.Send us a textSupport the show

In this episode of Unspoken Security, host AJ Nash sits down with Eric Yunag, EVP of Product and Services at Convergint. They explore how security integration is changing as organizations face a fast-moving threat landscape and rising expectations from leaders and regulators. Eric explains why today's environment demands a new approach—one that connects hardware, software, and services in a more dynamic, real-time ecosystem.Eric shares how integrators help companies navigate not just the technical, but also the legal and operational complexity of modern security. He describes how shifting to cloud platforms, unifying physical and digital identities, and balancing privacy with business outcomes all add new layers of challenge. The conversation highlights the growing use of AI and “visual intelligence”—using camera data for both security and business insight—as organizations look to do more with their investments.Throughout the discussion, Eric makes the case for trusted, neutral advisors who help organizations build smarter, more connected security systems. He shows how today's integrators are positioned to guide clients through tough choices, benchmark best practices, and unlock value that goes far beyond traditional security.Send us a textSupport the show

In this episode of Unspoken Security, host AJ Nash sits down with Danielle Jablanski from STV to break down the hard truths of operational technology (OT) security. Danielle explains why critical infrastructure - from water and transportation to manufacturing - remains vulnerable, tracing the challenge back to legacy systems, vendor complexity, and the lack of clear, industry-wide standards. She argues that many organizations have poor visibility into their assets and often rely on outdated assumptions about risk and business impact.Danielle calls out the pitfalls of flashy security solutions and emphasizes the need for basic, proven practices like network segmentation and clear asset management. She highlights the disconnect between IT and OT, showing how real-world safety and business operations depend on bridging this gap with honest communication and practical controls. Rather than chasing after hype, Danielle urges leaders to focus on building resilience: knowing what matters, assessing real risks, and strengthening what you can control.Throughout the conversation, Danielle offers a grounded perspective on why OT security demands more than checklists and compliance. She points to the need for shared data, better early warning systems, and a broader base of professionals willing to dig into the complexities - before an incident forces everyone's hand.Send us a textSupport the show

While our team is out on winter break, please enjoy this episode of The Microsoft Threat Intelligence Podcast from our partners at Microsoft. In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Chloé Messdaghi and Crane Hassold to unpack the key findings of the 2025 Microsoft Digital Defense Report; a comprehensive look at how the cyber threat landscape is accelerating through AI, automation, and industrialized criminal networks.  They explore how nation-state operations and cybercrime have fused into a continuous cycle of attack and adaptation, with actors sharing tooling, infrastructure, and even business models. The conversation also examines AI's growing impact, from deepfakes and influence operations to the defensive promise of AI-powered detection, and how identity compromise has become the front door to most intrusions, accounting for over 99% of observed attacks.  Listeners will gain perspective on:  How AI is shaping both attacker tradecraft and defensive response.  Why identity remains the cornerstone of global cyber risk.  What Microsoft's telemetry—spanning 600 million daily attacks—reveals about emerging threats and evolving defender strategies.  Questions explored:  How are threat actors using AI to scale deception and influence operations?  What does industrialized cybercrime mean for organizations trying to defend at scale?  How can defenders harness AI responsibly without overreliance or exposure?    Resources:   Download the report and executive summary  Register for Microsoft Ignite  View Chloé Messdaghi on LinkedIn  View Crane Hassold on LinkedIn  View Sherrod DeGrippo on LinkedIn   Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  Learn more about your ad choices. Visit megaphone.fm/adchoices

While our team is out on winter break, please enjoy this episode of Career Notes. Threat intelligence analyst at Recorded Future, Charity Wright, shares her story from the army to her career today. Transitioning from the army to cybersecurity was an exciting change for her. During college she was recruited by the U.S. army where she started her journey and learned new skills paving her pathway to threat intelligence where she is now. She shares that she works with a great team of junior analysts who are constantly checking each others' biases which helps keep Charity grounded in her work. Charity spends her days keeping an eye on threats around the world where she says there is never a dull day in her line of work. We thank Charity for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

While our team is out on winter break, please enjoy this episode of Career Notes. Threat intelligence analyst at Recorded Future, Charity Wright, shares her story from the army to her career today. Transitioning from the army to cybersecurity was an exciting change for her. During college she was recruited by the U.S. army where she started her journey and learned new skills paving her pathway to threat intelligence where she is now. She shares that she works with a great team of junior analysts who are constantly checking each others' biases which helps keep Charity grounded in her work. Charity spends her days keeping an eye on threats around the world where she says there is never a dull day in her line of work. We thank Charity for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this encore presentation of Unspoken Security Episode 32 (originally published on 3 April 2025), host AJ Nash sits down with Chris Birch, an intelligence practitioner with nearly 30 years of experience, to discuss the ever-evolving landscape of social engineering. Chris's unique perspective comes from leading teams that actively engage with threat actors, turning the tables on those who typically exploit vulnerabilities.Chris details how social engineering is simply human manipulation, a skill honed from birth. He explains how attackers leverage fear and greed, the fastest and cheapest ways to manipulate individuals. He also dives into how attacks have evolved, highlighting the dangers of increasingly sophisticated tactics like deepfakes and the blurring lines between legal and illegal applications of social engineering.The conversation also explores the crucial role of organizational culture in cybersecurity. Chris emphasizes that awareness, not just education, is key to defense. He advocates for sharing threat intelligence widely within organizations and across industries, empowering everyone to become a sensor against social engineering attempts. Chris also shares a surprising personal fear, offering a lighthearted end to a serious discussion.Send us a textSupport the show

____________Guests:Suzy PallettPresident, Black Hat. Cybersecurity.On LinkedIn: https://www.linkedin.com/in/suzy-pallett-60710132/The Cybersecurity Community Finds Its Footing in Uncertain TimesThere is something almost paradoxical about the cybersecurity industry. It exists because of threats, yet it thrives on trust. It deals in technical complexity, yet its beating heart is fundamentally human: people gathering, sharing knowledge, and collectively deciding that defending each other matters more than protecting proprietary advantage.This tension—and this hope—was on full display at Black Hat Europe 2025 in London, which just wrapped up at the ExCel Centre with attendance growing more than 25 percent over last year. For Suzy Pallett, the newly appointed President of Black Hat, the numbers tell only part of the story."What I've found from this week is the knowledge sharing, the insights, the open source tools that we've shared, the demonstrations that have happened—they've been so instrumental," Pallett shared in a conversation with ITSPmagazine. "Cybersecurity is unlike any other industry I've ever been close to in the strength of that collaboration."Pallett took the helm in September after Steve Wylie stepped down following eleven years leading the brand through significant growth. Her background spans over two decades in global events, most recently with Money20/20, the fintech conference series. But she speaks of Black Hat not as a business to be managed but as a community to be served.The event itself reflected the year's dominant concerns. AI agents and supply chain vulnerabilities emerged as central themes, continuing conversations that dominated Black Hat USA in Las Vegas just months earlier. But Europe brought its own character. Keynotes ranged from Max Meets examining whether ransomware can actually be stopped, to Linus Neumann questioning whether compliance checklists might actually expose organizations to greater risk rather than protecting them."He was saying that the compliance checklists that we're all being stressed with are actually where the vulnerabilities lie," Pallett explained. "How can we work more collaboratively together so that it's not just a compliance checklist that we get?"This is the kind of question that sits at the intersection of technology and policy, technical reality and bureaucratic aspiration. It is also the kind of question that rarely gets asked in vendor halls but deserves space in our collective thinking.Joe Tidy, the BBC journalist behind the EvilCorp podcast, delivered a record-breaking keynote attendance on day two, signaling the growing appetite for cybersecurity stories that reach beyond the practitioner community into broader public consciousness. Louise Marie Harrell spoke on technical capacity and international accountability—a reminder that cyber threats respect no borders and neither can our responses.What makes Black Hat distinct, Pallett noted, is that the conversations happening on the business hall floor are not typical expo fare. "You have the product teams, you have the engineers, you have the developers on those stands, and it's still product conversations and technical conversations."Looking ahead, Pallett's priorities center on listening. Review boards, advisory boards, pastoral programs, scholarships—these are the mechanisms through which she intends to ensure Black Hat remains, in her words, "a platform for them and by them."The cybersecurity industry faces a peculiar burden. What used to happen in twelve years now happens in two days, as Pallett put it. The pace is exhausting. The threats keep evolving. The cat-and-mouse game shows no signs of ending.But perhaps that is precisely why events like this matter. Not because they offer solutions to every problem, but because they remind an industry under constant pressure that it is not alone in the fight. That collaboration is not weakness. That sharing knowledge freely is not naïve—it is strategic.Black Hat Europe 2025 may have ended, but the conversations it sparked will carry forward into 2026 and beyond.____________HOSTS:Sean Martin, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder, ITSPmagazine and Studio C60 | Website: https://www.marcociappelli.comCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

A new executive order targets states' AI regulations, while the White House shifts course on an NSA deputy director pick. The UK fines LastPass over inadequate security measures. Researchers warn of active attacks against Gladinet CentreStack instances. OpenAI outlines future cybersecurity plans. MITRE ranks the top 25 vulnerabilities of 2025. CISA orders U.S. federal agencies to urgently patch a critical GeoServer vulnerability. An anti-piracy coalition shuts down one of India's most popular illegal streaming services. Our guest Mark Lance, Vice President, DFIR & Threat Intelligence, GuidePoint Security, unpacks purple team table top exercises to prepare for AI-generated attacks. Hackers set their sights on DNA. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Mark Lance, Vice President, DFIR & Threat Intelligence, GuidePoint Security, is discussing purple team table top exercises to prepare for AI-generated attacks. Selected Reading Trump Signs Executive Order to Block State AI Regulations (SecurityWeek) Announced pick for No. 2 at NSA won't get the job as another candidate surfaces (The Record) LastPass Data Breach — Insufficient Security Exposed 1.6 Million Users (Forbes) Gladinet CentreStack Flaw Exploited to Hack Organizations (SecurityWeek) OpenAI lays out its plan for major advances in AI cybersecurity features (SC Media) MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities (SecurityWeek) CISA orders feds to patch actively exploited Geoserver flaw (Bleeping Computer) MKVCinemas streaming piracy service with 142M visits shuts down (Bleeping Computer) The Unseen Threat: DNA as Malware (BankInfoSecurity) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Send us a textRecorded live at IT Nation, MJ Shoer (Chief Community Officer, GTIA) breaks down how the newly branded Global Technology Industry Association is delivering practical wins for MSPs. We cover the GTIA ISAO (built with ConnectWise) for actionable threat intelligence, the cybersecurity Trust Mark that validates your internal controls against your chosen framework, and how GTIA's unbiased research can be co-branded for QBRs to boost credibility and close rates. MJ also unpacks workforce strategy with “NowGen”—supporting both youth and mid-career changers—plus global mentorship, learning libraries, and why ConnectWise-sponsored memberships are a fast on-ramp. We close with GTIA's growing foundation work and MJ's personal take on discipline, recovery, and building routines after injury. If you run an MSP and want immediate ROI from a trade association, this one's loaded with specifics you can apply this quarter.Top 3 highlightsClear, fast ROI: GTIA ISAO access, co-brandable research, and ConnectWise-sponsored memberships for partners.Security you can show: the GTIA Cybersecurity Trust Mark validates your practices against your chosen framework.Talent + growth: NowGen pathways, global mentorship, and a learning library spanning soft skills to leadership.  #JoeyPinz #MSPInfluencer #ForzaDash #ITNation #ITN25 #MSP #GTIA #Cybersecurity #ThreatIntelligence #CompTIA #Mentorship #QBR --- Join us for enlightening discussions that spark growth and exploration. Hosted by Joey Pinz, this Discipline Conversations Podcast offers insights and inspiration. 

Dr. Renée Burton, Vice President of Threat Intelligence from Infoblox, is sharing the team's work on "Deniability by Design: DNS-Driven Insights into a Malicious Ad Network." Infoblox returns with new threat actor research uncovering Vane Viper, a Cyprus-based holding company behind PropellerAds—one of the world's largest advertising networks. The report reveals that Vane Viper isn't just being exploited by criminals but operates as a criminal infrastructure itself, built to profit from fraud, malware, and disinformation through offshore entities and complex ownership structures. The findings highlight the growing convergence between adtech, cybercrime, and state-linked influence operations, suggesting that elements of the global digital advertising ecosystem are now functioning as infrastructure for large-scale cyber and disinformation campaigns. The research can be found here: Deniability by Design: DNS-Driven Insights intoa Malicious Ad Network Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Word Notes. Chief Security Strategist and VP of Global Threat Intelligence at FortiGuard Labs, Derek Manky, shares his story from programmer to cybersecurity and how it all came together. Derek started his career teaching programming because he had such a passion for it. When he joined Fortinet, Derek said putting where it "really started putting the rubber to the road and connecting my previous experience with programming and debugging and knowledge of operating systems and all that with real-world applications." Derek advises that it doesn't need to be complicated getting into the cybersecurity field and that there are many avenues to enter the field. He hopes to have made a real dent, or "hopefully a crater" in cyber crime when he ends his career. We thank Derek for sharing his story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices