Podcast Episodes
Back to SearchKlue, Kali365, OAuth: When the Front Door Is a Trusted Integration
In the Klue compromises threat actors walked in through a trusted integration, using legitimate credentials to quietly siphon Salesforce CRM data at …
6 hours ago
ShinyHunters' Expanding Toolkit: Oracle PeopleSoft Zero-Day Exploitation and the BreachForums Defense Gaps
ShinyHunters dominated headlines this week: a zero-day, a BreachForums listing, and unverified claims all hitting at once. The problem isn't just kee…
1 week ago
China-Linked Cyber Espionage: How OP-512 Exploited Legacy IIS Servers and Evaded Detection
Your team built defenses around known China-linked clusters. The file hashes are tracked. The behavioral patterns are documented. What those weren't …
2 weeks ago
SonicWall, MFA Bypass, IABs: Why Patched Devices Are Still Handing Attackers Initial Access
Your team patches the device. The firmware version matches the advisory. The ticket closes. The device comes off the remediation queue. What your wor…
3 weeks ago
Device Code, OAuth, PhaaS: How Session Token Theft is Breaking the Phishing Playbook
Your user clicked a link, landed on a real Microsoft login page, typed their password, completed MFA, and walked away thinking nothing happened. Some…
4 weeks ago
SQLite, Mistral, OpenAI: How AI Attacks Are Reshaping the Attack Surface
What happens when an AI agent uncovers a zero-day in hours instead of weeks, and state-backed groups are already operationalizing the same tools? Wit…
1 month ago
Canvas, Trellix, Mini Shai-Hulud: How Defenders Respond When Supply Chain Attacks Become Weekly
What's driving the surge in weekly supply chain attacks, and why does the real defender problem start after the supplier gets hit? With 275 million r…
1 month, 1 week ago
Akira, ShinyHunters, and The Gentlemen: Extortion Lessons From Early 2026
What factors have driven the top ransomware and extortion groups' success in early 2026? And how should organizations structure their defenses to pro…
1 month, 2 weeks ago
What Happened to Black Basta's Playbook? The Automated Teams Phishing Threat Hitting Executives
Black Basta disbanded in February 2025, but their playbook didn't go with them. In March 2026, 77% of observed incidents targeted executives and dire…
1 month, 3 weeks ago
Did ShinyHunters Compromise Vercel? Every CISO's Cloud Security Visibility Problem
89% of organizations that suffered a SaaS breach last year believed they had appropriate visibility. They had the logs — what they lacked was detecti…
2 months ago