The Cyber Resilience Brief: A SafeBreach Podcast

October may be Cybersecurity Awareness Month, but as SafeBreach experts Tova Dvorin and Adrian Culley reveal, awareness alone doesn’t stop attackers. In this kickoff episode of our special four-part Cyber Month series, we explore why traditional awareness training and annual penetration tests aren’t enough in today’s rapidly evolving threat landscape.
Adrian and Tova break down:
Why awareness ≠ readiness — and the critical role of validation
How Breach and Attack Simulation (BAS) turns cyber hygiene into measurable resilience
The alarming reality: 30% of security controls fail the first time they’re tested
Why ransomware remains more dangerous than ever
How organizations can continuously test defenses without risking downtime
Whether you’re a CISO, security practitioner, or business leader, this episode uncovers why continuous, automated validation is the only way to prove your defenses work against real-world threats.
Stay tuned for upcoming episodes on Adversary Exposure Validation (AEV), ransomware trends, and the EU Cyber Resilience Act

In this episode of The Cyber Resilience Brief, we expose the tactics of one of today’s most agile and financially motivated threat groups: BianLian. Originally known for double extortion ransomware, BianLian rapidly pivoted to pure data theft and extortion—making them harder to stop and faster to profit.
SafeBreach offensive security engineer Adrian Culley joins host Tova Dvorin to unpack:
How BianLian evolved from ransomware to exfiltration-based extortion.
The TTPs behind their attacks, from compromised RDP credentials to stealthy “living off the land” techniques.
Why traditional defenses struggle to keep pace with their adaptive methods.
How organizations can counter them with Breach and Attack Simulation (BAS), Adversarial Exposure Validation (AEV), and Continuous Automated Red Teaming (CART) to test resilience across the full attack chain.
If you want to understand how adversaries like BianLian stay ahead—and how you can flip the advantage back to defenders—this episode is for you.
💡 Special Note: In honor of Cybersecurity Awareness Month, we’re releasing two episodes each week throughout October 2025—so be sure to subscribe and catch them all!

As the US government shutdown begins, critical questions emerge about how funding instability threatens the nation’s cyber defense. In this urgent episode of The Cyber Resilience Brief, Tova and Adrian unpack the “dual threat” facing CISA: the looming expiration of the Cybersecurity Information Sharing Act of 2015, and deep budget cuts that could decimate its operational capacity.
We explore how these pressures risk crippling CISA’s ability to issue timely, actionable threat alerts—and what that means for CISOs trying to protect their networks today. Beyond CISA, we highlight the domestic agencies and international partners stepping up to fill the gap, from the FBI to the Five Eyes alliance.
This episode is a must-listen for security leaders navigating a moment where US cyber resilience hangs in the balance.Disclaimer: SafeBreach, The Cyber Resilience Brief, and hosts Tova and Adrian do not hold any particular views regarding the US government shutdown. This analysis is provided solely to inform cybersecurity leaders with objective insights.

In this episode of the Cyber Resilience Brief, we dive into detection engineering and one of its most powerful tools: parsers.
SafeBreach experts Jonathan Tillman and Shachaf Raviv share how parsers transform raw logs into actionable insights, enabling organizations to scale detection engineering, customize security validation, and integrate seamlessly across SIEMs and security controls.---
This episode is also a teaser for our upcoming webinar, “Elevate Detection Engineering at Scale”, where we’ll showcase the brand-new Parsers UI, walk through practical use cases, and answer your questions live.
🔗 Register here: safebreach.com/elevate-detection-engineering-at-scale

Step inside the hidden world of the dark web with SafeBreach’s Cyber Resilience Brief. In this episode, Senior Sales Engineer Hudney Piquant shares eye-opening stories from his explorations into hacker forums and ransomware recruitment pipelines.
Discover:
How cybercrime groups like Conti operate more like corporations than chaos-driven collectives.
Why the psychology of hacking—speed, opportunism, and human exploitation—matters as much as technology.
How penetration testing and adversary simulation can help security teams counter evolving tactics.
Why AI is supercharging cybercrime—and how defenders must adapt to keep pace.
Whether you’re a CISO, red team leader, or security practitioner, this episode will reshape how you think about threat intelligence, human risk, and proactive defense.

In this urgent episode of The Cyber Resilience Brief, host Tova Dvorin and SafeBreach’s Adrian Culley analyze the brand-new CISA AR25-261A report detailing malicious listeners in Ivanti Endpoint Manager Mobile (EPMM). We break down how attackers are exploiting CVE-2025-4427 and CVE-2025-4428, using sophisticated base64-encoded payload delivery to evade detection and establish persistent backdoors.
Listeners will learn:
How state-sponsored threat groups are targeting multiple industries—including finance, healthcare, retail, education, manufacturing, and energy.
The malware techniques involved, from malicious loaders to reassembled encoded chunks.
The critical role of Indicators of Compromise (IOCs), YARA rules, and Sigma rules in proactive defense.
Why upgrading Ivanti EPMM, treating MDM as critical infrastructure, and deploying phishing-resistant MFA are the top recommendations from CISA.
Finally, we share how SafeBreach Labs has already built the attack simulation—available within three hours of CISA’s release—so partners and customers can test, detect, and remediate this threat immediately.
🔒 Stay ahead of attackers. Learn how to protect your organization against one of today’s most pressing Ivanti EPMM threats.

Scattered Spider — also known as UNC3944, Oktapus, and Muddled Libra — has quickly become one of today’s most notorious cybercriminal groups. From high-profile breaches at MGM Resorts and Caesars Entertainment to attacks on retailers and airlines, their tactics show that the biggest threat isn’t always malware — it’s social engineering.
In this episode of the Cyber Resilience Brief, co-hosts Tova Dvorin and Adrian Culley explore how Scattered Spider operates and what makes them so dangerous. We break down their favorite attack methods, including SIM swapping, MFA push bombing, and IT helpdesk impersonation — and reveal why “they don’t break in, they log in.”
Listeners will learn:
The top TTPs Scattered Spider uses across the kill chain
Why identity and access management is their prime target
How companies can harden defenses against human-centric threats
Why continuous security validation is critical to resilience
If you’re a CISO, security leader, or anyone focused on protecting people, processes, and data, this episode is a must-listen.

The EU’s NIS2 Directive is reshaping the global cybersecurity landscape with sweeping requirements for essential and important entities, strict reporting obligations, and substantial penalties for non-compliance. In this episode of Cyber Resilience Brief, host Tova Dvorin is joined by Adrian Culley, Senior Sales Engineer at SafeBreach and EU/UK regulatory expert, to unpack what NIS2 means for organizations worldwide.
We explore:
How NIS2 builds on DORA and connects to the upcoming Cyber Resilience Act
Key sectors impacted, from critical infrastructure to digital providers
Executive accountability, supply chain security, and audit requirements
Why Breach and Attack Simulation (BAS) is a powerful enabler for NIS2 compliance and continuous cyber resilience
Whether you operate inside the EU or engage with regulated industries abroad, NIS2 compliance is becoming a business-critical issue. Tune in to understand the directive’s global impact—and how to turn regulation into a resilience advantage.For more information on NIS2, check out our blog: NIS2: A Blueprint for Cyber Resilience

In this episode of the Cyber Resilience Brief, co-hosts Tova Dvorin and Adrian Culley dive into the FBI’s recent PSA 25820 alert on Dragonfly (a.k.a. Energetic Bear, Static Tundra) — one of the most persistent, state-sponsored Russian cyber espionage groups targeting critical infrastructure and industrial control systems (ICS).
We break down Dragonfly’s latest tactics, including:
Exploiting unpatched vulnerabilities in legacy systems
Deploying custom malware (SinfulNOC) for long-term persistence
Conducting reconnaissance inside victim networks
Most importantly, we explore how Breach and Attack Simulation (BAS), Adversary Exposure Validation (AEV), and Continuous Red Teaming (CART) can help organizations defend against Dragonfly’s TTPs (tactics, techniques, and procedures) and proactively test defenses against real-world threats.
Whether you’re a CISO, SOC analyst, or security engineer, this episode offers practical, intelligence-led insights to strengthen your cyber resilience strategy.
 

What’s it really like to be a woman in cybersecurity in 2025? In this special International Women in Cyber Day episode, SafeBreach leaders and team members share candid stories of resilience, representation, and mentorship. Hear how they balance career and family, tackle technical challenges, and empower future generations to step into cyber with confidence.