The ShinyHunters threat group has transformed from a dark-web data broker into one of the most dangerous alliances in modern cybercrime. In this episode of The Cyber Resilience Brief, host Tova Dvorin and Adrian Culley, Offensive Security Engineer at SafeBreach, break down how the group’s merger with Scattered Spider marks a new era of as-a-service cybercrime — one built on social engineering, AI-powered vishing, and the exploitation of trust in SaaS ecosystems like Salesforce and Snowflake. Discover: How AI-enhanced vishing is bypassing even multi-factor authentication (MFA). Why identity and OAuth tokens are now the new security perimeter. How supply-chain exploitation is redefining enterprise risk. What organizations can do using Breach and Attack Simulation (BAS), Continuous Automated Red Teaming (CART), and Adversarial Exposure Validation (AEV) to stay resilient. This is more than a cybercrime story — it’s a blueprint for defending against the next generation of trust-based attacks.

In the finale of our Cybersecurity Awareness Month series, SafeBreach’s Cyber Resilience Brief delivers its most powerful episode yet — The Cyber Resilience Playbook. Join hosts Tova Dvorin and Adrian Culley as they connect the dots between Breach and Attack Simulation (BAS), Adversarial Exposure Validation (AEV), and Continuous Automated Red Teaming (CART) — revealing how these validation layers work together to create a unified framework for cyber resilience. Discover how organizations can: Continuously validate their security controls against real-world threats Prioritize remediation with threat-driven exposure validation Operationalize resilience with automated red teaming Transform cyber awareness into measurable resilience all year long This episode goes beyond compliance and awareness training — it’s a blueprint for security teams to prove and improve their defenses, optimize spend, and keep their organizations resilient against evolving threats.

How can security teams stay truly proactive in a world where adversaries never stop?In this episode of The Cyber Resilience Brief, hosts Tova Dvorin and Adrian Culley explore Continuous Automated Red Teaming (CART) — the next evolution in proactive security validation. They break down how CART extends beyond traditional red teaming and breach simulation, combining automation and intelligence to deliver 24/7, real-time attack validation. Learn how CART helps organizations: Continuously test and optimize their security controls Detect misconfigurations and vulnerabilities before adversaries do Strengthen overall cyber resilience and operational readiness Whether you’re a CISO, SOC leader, or security engineer, this conversation offers practical insights into how CART and AEV can work together to create a truly continuous defense strategy.Read more about CART on our blog. 

In this episode of The Cyber Resilience Brief, host Tova Dvorin and SafeBreach offensive security expert Adrian Culley unpack BrickStorm — a highly sophisticated espionage operation attributed to China-nexus group UNC5221. With an average dwell time of 393 days, this campaign redefines stealth and persistence in cyber warfare. Discover how attackers are “living off the blind spot” by exploiting critical infrastructure gaps in VPNs, VMware vCenter servers, and ESXi hosts — areas traditional security tools can’t see. Adrian breaks down their use of Go-based malware, delayed activation, and a genius offline credential theft technique that clones virtual machines to exfiltrate data undetected. The episode also explores the strategic implications of this new evolution in supply chain attacks, where adversaries steal today to weaponize tomorrow, and how organizations can defend themselves through proactive security testing, Breach and Attack Simulation (BAS), and Continuous Automated Red Teaming (CART). Key topics: UNC5221’s long-term espionage and data exfiltration tactics How attackers evade EDR and traditional defenses Why BrickStorm represents the “next level” in nation-state cyber operations How BAS and CART expose and close blind spots before attackers do

In episode 2 of our special 4-part Cybersecurity Awareness Month series, The Cyber Resilience Brief hosts Tova Dvorin and Adrian Culley dive deep into Adversary Exposure Validation (AEV) — the next evolution of Breach and Attack Simulation (BAS) and Continuous Threat Exposure Management (CTEM). Learn how AEV helps organizations move beyond endless vulnerability lists to validate exposures that real adversaries exploit, prioritize based on active threat intelligence, and shift from reactive defense to continuous cyber readiness. Featuring insights on SafeBreach’s attack library, MITRE ATT&CK mapping, and why “patch and proceed is dead,” this episode reveals how AEV empowers security teams to focus on risk-driven validation that truly strengthens cyber resilience.

In this urgent episode of The Cyber Resilience Brief, host Tova Dvorin and Adrian Culley, Offensive Security Engineer at SafeBreach, break down the shocking manifesto released by Scattered Spider — also known as Lapsus$ and ShinyHunters — the same threat group now linked to the Jaguar Land Rover cyberattack that’s suspected to have Russian ties. As geopolitical tensions rise and Russia’s hybrid cyber warfare intensifies, Scattered Spider’s public “declaration of war” marks a chilling shift: from quiet ransomware operations to open intimidation of Western governments and Fortune 500 companies. Tova and Adrian unpack how this group combines social engineering, identity theft, and psychological warfare to paralyze organizations — and how companies can fight back using Breach and Attack Simulation (BAS) and Continuous Automated Red Teaming (CART). Don't forget to check out our earlier episodes as well on Scattered Spider (Ep. 15) and on Adventures in the Dark Web (Ep. 17) for more context for this red-hot topic.  We also published blogs on Scattered Spider and on what it's like to talk to hackers on the Dark Web.

October may be Cybersecurity Awareness Month, but as SafeBreach experts Tova Dvorin and Adrian Culley reveal, awareness alone doesn’t stop attackers. In this kickoff episode of our special four-part Cyber Month series, we explore why traditional awareness training and annual penetration tests aren’t enough in today’s rapidly evolving threat landscape. Adrian and Tova break down: Why awareness ≠ readiness — and the critical role of validation How Breach and Attack Simulation (BAS) turns cyber hygiene into measurable resilience The alarming reality: 30% of security controls fail the first time they’re tested Why ransomware remains more dangerous than ever How organizations can continuously test defenses without risking downtime Whether you’re a CISO, security practitioner, or business leader, this episode uncovers why continuous, automated validation is the only way to prove your defenses work against real-world threats. Stay tuned for upcoming episodes on Adversary Exposure Validation (AEV), ransomware trends, and the EU Cyber Resilience Act

In this episode of The Cyber Resilience Brief, we expose the tactics of one of today’s most agile and financially motivated threat groups: BianLian. Originally known for double extortion ransomware, BianLian rapidly pivoted to pure data theft and extortion—making them harder to stop and faster to profit. SafeBreach offensive security engineer Adrian Culley joins host Tova Dvorin to unpack: How BianLian evolved from ransomware to exfiltration-based extortion. The TTPs behind their attacks, from compromised RDP credentials to stealthy “living off the land” techniques. Why traditional defenses struggle to keep pace with their adaptive methods. How organizations can counter them with Breach and Attack Simulation (BAS), Adversarial Exposure Validation (AEV), and Continuous Automated Red Teaming (CART) to test resilience across the full attack chain. If you want to understand how adversaries like BianLian stay ahead—and how you can flip the advantage back to defenders—this episode is for you. 💡 Special Note: In honor of Cybersecurity Awareness Month, we’re releasing two episodes each week throughout October 2025—so be sure to subscribe and catch them all!

As the US government shutdown begins, critical questions emerge about how funding instability threatens the nation’s cyber defense. In this urgent episode of The Cyber Resilience Brief, Tova and Adrian unpack the “dual threat” facing CISA: the looming expiration of the Cybersecurity Information Sharing Act of 2015, and deep budget cuts that could decimate its operational capacity. We explore how these pressures risk crippling CISA’s ability to issue timely, actionable threat alerts—and what that means for CISOs trying to protect their networks today. Beyond CISA, we highlight the domestic agencies and international partners stepping up to fill the gap, from the FBI to the Five Eyes alliance. This episode is a must-listen for security leaders navigating a moment where US cyber resilience hangs in the balance.Disclaimer: SafeBreach, The Cyber Resilience Brief, and hosts Tova and Adrian do not hold any particular views regarding the US government shutdown. This analysis is provided solely to inform cybersecurity leaders with objective insights.

In this episode of the Cyber Resilience Brief, we dive into detection engineering and one of its most powerful tools: parsers. SafeBreach experts Jonathan Tillman and Shachaf Raviv share how parsers transform raw logs into actionable insights, enabling organizations to scale detection engineering, customize security validation, and integrate seamlessly across SIEMs and security controls.--- This episode is also a teaser for our upcoming webinar, “Elevate Detection Engineering at Scale”, where we’ll showcase the brand-new Parsers UI, walk through practical use cases, and answer your questions live. 🔗 Register here: safebreach.com/elevate-detection-engineering-at-scale

Step inside the hidden world of the dark web with SafeBreach’s Cyber Resilience Brief. In this episode, Senior Sales Engineer Hudney Piquant shares eye-opening stories from his explorations into hacker forums and ransomware recruitment pipelines. Discover: How cybercrime groups like Conti operate more like corporations than chaos-driven collectives. Why the psychology of hacking—speed, opportunism, and human exploitation—matters as much as technology. How penetration testing and adversary simulation can help security teams counter evolving tactics. Why AI is supercharging cybercrime—and how defenders must adapt to keep pace. Whether you’re a CISO, red team leader, or security practitioner, this episode will reshape how you think about threat intelligence, human risk, and proactive defense.

In this urgent episode of The Cyber Resilience Brief, host Tova Dvorin and SafeBreach’s Adrian Culley analyze the brand-new CISA AR25-261A report detailing malicious listeners in Ivanti Endpoint Manager Mobile (EPMM). We break down how attackers are exploiting CVE-2025-4427 and CVE-2025-4428, using sophisticated base64-encoded payload delivery to evade detection and establish persistent backdoors. Listeners will learn: How state-sponsored threat groups are targeting multiple industries—including finance, healthcare, retail, education, manufacturing, and energy. The malware techniques involved, from malicious loaders to reassembled encoded chunks. The critical role of Indicators of Compromise (IOCs), YARA rules, and Sigma rules in proactive defense. Why upgrading Ivanti EPMM, treating MDM as critical infrastructure, and deploying phishing-resistant MFA are the top recommendations from CISA. Finally, we share how SafeBreach Labs has already built the attack simulation—available within three hours of CISA’s release—so partners and customers can test, detect, and remediate this threat immediately. 🔒 Stay ahead of attackers. Learn how to protect your organization against one of today’s most pressing Ivanti EPMM threats.

Scattered Spider — also known as UNC3944, Oktapus, and Muddled Libra — has quickly become one of today’s most notorious cybercriminal groups. From high-profile breaches at MGM Resorts and Caesars Entertainment to attacks on retailers and airlines, their tactics show that the biggest threat isn’t always malware — it’s social engineering. In this episode of the Cyber Resilience Brief, co-hosts Tova Dvorin and Adrian Culley explore how Scattered Spider operates and what makes them so dangerous. We break down their favorite attack methods, including SIM swapping, MFA push bombing, and IT helpdesk impersonation — and reveal why “they don’t break in, they log in.” Listeners will learn: The top TTPs Scattered Spider uses across the kill chain Why identity and access management is their prime target How companies can harden defenses against human-centric threats Why continuous security validation is critical to resilience If you’re a CISO, security leader, or anyone focused on protecting people, processes, and data, this episode is a must-listen.

The EU’s NIS2 Directive is reshaping the global cybersecurity landscape with sweeping requirements for essential and important entities, strict reporting obligations, and substantial penalties for non-compliance. In this episode of Cyber Resilience Brief, host Tova Dvorin is joined by Adrian Culley, Senior Sales Engineer at SafeBreach and EU/UK regulatory expert, to unpack what NIS2 means for organizations worldwide. We explore: How NIS2 builds on DORA and connects to the upcoming Cyber Resilience Act Key sectors impacted, from critical infrastructure to digital providers Executive accountability, supply chain security, and audit requirements Why Breach and Attack Simulation (BAS) is a powerful enabler for NIS2 compliance and continuous cyber resilience Whether you operate inside the EU or engage with regulated industries abroad, NIS2 compliance is becoming a business-critical issue. Tune in to understand the directive’s global impact—and how to turn regulation into a resilience advantage.For more information on NIS2, check out our blog: NIS2: A Blueprint for Cyber Resilience

In this episode of the Cyber Resilience Brief, co-hosts Tova Dvorin and Adrian Culley dive into the FBI’s recent PSA 25820 alert on Dragonfly (a.k.a. Energetic Bear, Static Tundra) — one of the most persistent, state-sponsored Russian cyber espionage groups targeting critical infrastructure and industrial control systems (ICS). We break down Dragonfly’s latest tactics, including: Exploiting unpatched vulnerabilities in legacy systems Deploying custom malware (SinfulNOC) for long-term persistence Conducting reconnaissance inside victim networks Most importantly, we explore how Breach and Attack Simulation (BAS), Adversary Exposure Validation (AEV), and Continuous Red Teaming (CART) can help organizations defend against Dragonfly’s TTPs (tactics, techniques, and procedures) and proactively test defenses against real-world threats. Whether you’re a CISO, SOC analyst, or security engineer, this episode offers practical, intelligence-led insights to strengthen your cyber resilience strategy.  

What’s it really like to be a woman in cybersecurity in 2025? In this special International Women in Cyber Day episode, SafeBreach leaders and team members share candid stories of resilience, representation, and mentorship. Hear how they balance career and family, tackle technical challenges, and empower future generations to step into cyber with confidence.

In this special episode of The Cyber Resilience Brief, hosts Tova Dvorin and Adrian Culley unpack the newly released CISA Advisory AA25-239, a joint warning from CISA, NSA, FBI, and international partners on the persistent Chinese state-sponsored threat group known as Salt Typhoon. Salt Typhoon has been quietly infiltrating critical infrastructure worldwide using outdated routers, weak credentials, and “living off the land” techniques like PowerShell, WMI, and scheduled tasks—often remaining undetected for years. This episode explores: Key TTPs & IOCs called out in the advisory, including router exploits, credential abuse, and stealthy exfiltration techniques. Mitigation strategies every organization should implement now: patching, MFA enforcement, segmentation, and proactive monitoring. How Breach and Attack Simulation (BAS), Adversarial Exposure Validation (AEV), and Continuous Automated Red Teaming (CART) can help organizations proactively defend against advanced, long-term adversaries. Whether you’re a CISO, security practitioner, or resilience leader, this episode provides actionable intelligence to strengthen your defenses against one of today’s most persistent and dangerous cyber threats.

Most security teams are laser-focused on patching CVEs, but does that guarantee protection? In this episode, SafeBreach Co-Founder & CTO Itzik Kotler and VP of Sales Engineering Michael De Groat unpack the real risks that slip through even the most rigorous vulnerability management programs. From misconfigurations and overly-permissioned identities to insider threats, social engineering, and zero-days, adversaries are exploiting far more than just published vulnerabilities. Discover why an assumed breach mindset and proactive adversarial simulation are critical for building resilience—long after your systems are fully patched. Tune in to learn: Why 100% patch compliance still won’t stop ransomware or data exfiltration The hidden risks in identity, configuration, and insider threats How “assumed compromise” thinking shifts organizations from reactive to proactive security Practical lessons from years of breach and attack simulation across Fortune 500 environments If you’re a CISO, security leader, or practitioner navigating today’s threat landscape, this episode is a must-listen.  

In this episode of The Cyber Resilience Brief, host Tova Dvorin and SafeBreach Senior Sales Engineer Adrian Culley dissect the stealthy tactics of Volt Typhoon, a Chinese state-sponsored cyber group targeting critical infrastructure worldwide. Learn how their “living off the land” techniques bypass traditional defenses, what indicators of compromise to hunt for, and how adversary emulation can proactively expose your gaps. Packed with real-world threat intelligence and practical defense strategies, this conversation is a must-listen for CISOs, security teams, and critical infrastructure operators seeking to build resilience against nation-state threats.

In this special Black Hat/DEFCON 2025 edition of The Cybersecurity Brief, host Tova Dvorin sits down with SafeBreach Labs researchers Or Yair and Ron Ben-Yizhak to unpack three groundbreaking discoveries shaking up the cybersecurity world. From abusing Windows RPC for devastating DoS and DDoS attacks, to exploiting Google Gemini through nothing more than a calendar invite, to hijacking RPC endpoints before privileged services even launch — these exploits highlight how creativity, not just technical skill, can redefine the threat landscape. Tune in for live-demo insights, real-world attack scenarios, and actionable takeaways you can use today to strengthen your defenses. . . . Curious about the research we reveal in this episode? Learn more in our blogs: Invitation is All You Need: Invoking Gemini for Workspace Agents with a Simple Google Calendar InviteYou Snooze You Lose: RPC-Racer Winning RPC Endpoints Against ServicesWin-DoS Epidemic: A Crash Course in Abusing RPC for Win-DoS & Win-DDoS