The Cyber Resilience Brief: A SafeBreach Podcast

In this urgent episode of The Cyber Resilience Brief, host Tova Dvorin and SafeBreach’s Adrian Culley analyze the brand-new CISA AR25-261A report detailing malicious listeners in Ivanti Endpoint Manager Mobile (EPMM). We break down how attackers are exploiting CVE-2025-4427 and CVE-2025-4428, using sophisticated base64-encoded payload delivery to evade detection and establish persistent backdoors.
Listeners will learn:
How state-sponsored threat groups are targeting multiple industries—including finance, healthcare, retail, education, manufacturing, and energy.
The malware techniques involved, from malicious loaders to reassembled encoded chunks.
The critical role of Indicators of Compromise (IOCs), YARA rules, and Sigma rules in proactive defense.
Why upgrading Ivanti EPMM, treating MDM as critical infrastructure, and deploying phishing-resistant MFA are the top recommendations from CISA.
Finally, we share how SafeBreach Labs has already built the attack simulation—available within three hours of CISA’s release—so partners and customers can test, detect, and remediate this threat immediately.
🔒 Stay ahead of attackers. Learn how to protect your organization against one of today’s most pressing Ivanti EPMM threats.

Scattered Spider — also known as UNC3944, Oktapus, and Muddled Libra — has quickly become one of today’s most notorious cybercriminal groups. From high-profile breaches at MGM Resorts and Caesars Entertainment to attacks on retailers and airlines, their tactics show that the biggest threat isn’t always malware — it’s social engineering.
In this episode of the Cyber Resilience Brief, co-hosts Tova Dvorin and Adrian Culley explore how Scattered Spider operates and what makes them so dangerous. We break down their favorite attack methods, including SIM swapping, MFA push bombing, and IT helpdesk impersonation — and reveal why “they don’t break in, they log in.”
Listeners will learn:
The top TTPs Scattered Spider uses across the kill chain
Why identity and access management is their prime target
How companies can harden defenses against human-centric threats
Why continuous security validation is critical to resilience
If you’re a CISO, security leader, or anyone focused on protecting people, processes, and data, this episode is a must-listen.

The EU’s NIS2 Directive is reshaping the global cybersecurity landscape with sweeping requirements for essential and important entities, strict reporting obligations, and substantial penalties for non-compliance. In this episode of Cyber Resilience Brief, host Tova Dvorin is joined by Adrian Culley, Senior Sales Engineer at SafeBreach and EU/UK regulatory expert, to unpack what NIS2 means for organizations worldwide.
We explore:
How NIS2 builds on DORA and connects to the upcoming Cyber Resilience Act
Key sectors impacted, from critical infrastructure to digital providers
Executive accountability, supply chain security, and audit requirements
Why Breach and Attack Simulation (BAS) is a powerful enabler for NIS2 compliance and continuous cyber resilience
Whether you operate inside the EU or engage with regulated industries abroad, NIS2 compliance is becoming a business-critical issue. Tune in to understand the directive’s global impact—and how to turn regulation into a resilience advantage.For more information on NIS2, check out our blog: NIS2: A Blueprint for Cyber Resilience

In this episode of the Cyber Resilience Brief, co-hosts Tova Dvorin and Adrian Culley dive into the FBI’s recent PSA 25820 alert on Dragonfly (a.k.a. Energetic Bear, Static Tundra) — one of the most persistent, state-sponsored Russian cyber espionage groups targeting critical infrastructure and industrial control systems (ICS).
We break down Dragonfly’s latest tactics, including:
Exploiting unpatched vulnerabilities in legacy systems
Deploying custom malware (SinfulNOC) for long-term persistence
Conducting reconnaissance inside victim networks
Most importantly, we explore how Breach and Attack Simulation (BAS), Adversary Exposure Validation (AEV), and Continuous Red Teaming (CART) can help organizations defend against Dragonfly’s TTPs (tactics, techniques, and procedures) and proactively test defenses against real-world threats.
Whether you’re a CISO, SOC analyst, or security engineer, this episode offers practical, intelligence-led insights to strengthen your cyber resilience strategy.
 

What’s it really like to be a woman in cybersecurity in 2025? In this special International Women in Cyber Day episode, SafeBreach leaders and team members share candid stories of resilience, representation, and mentorship. Hear how they balance career and family, tackle technical challenges, and empower future generations to step into cyber with confidence.

In this special episode of The Cyber Resilience Brief, hosts Tova Dvorin and Adrian Culley unpack the newly released CISA Advisory AA25-239, a joint warning from CISA, NSA, FBI, and international partners on the persistent Chinese state-sponsored threat group known as Salt Typhoon.
Salt Typhoon has been quietly infiltrating critical infrastructure worldwide using outdated routers, weak credentials, and “living off the land” techniques like PowerShell, WMI, and scheduled tasks—often remaining undetected for years. This episode explores:
Key TTPs & IOCs called out in the advisory, including router exploits, credential abuse, and stealthy exfiltration techniques.
Mitigation strategies every organization should implement now: patching, MFA enforcement, segmentation, and proactive monitoring.
How Breach and Attack Simulation (BAS), Adversarial Exposure Validation (AEV), and Continuous Automated Red Teaming (CART) can help organizations proactively defend against advanced, long-term adversaries.
Whether you’re a CISO, security practitioner, or resilience leader, this episode provides actionable intelligence to strengthen your defenses against one of today’s most persistent and dangerous cyber threats.

Most security teams are laser-focused on patching CVEs, but does that guarantee protection? In this episode, SafeBreach Co-Founder & CTO Itzik Kotler and VP of Sales Engineering Michael De Groat unpack the real risks that slip through even the most rigorous vulnerability management programs.
From misconfigurations and overly-permissioned identities to insider threats, social engineering, and zero-days, adversaries are exploiting far more than just published vulnerabilities. Discover why an assumed breach mindset and proactive adversarial simulation are critical for building resilience—long after your systems are fully patched.
Tune in to learn:
Why 100% patch compliance still won’t stop ransomware or data exfiltration
The hidden risks in identity, configuration, and insider threats
How “assumed compromise” thinking shifts organizations from reactive to proactive security
Practical lessons from years of breach and attack simulation across Fortune 500 environments
If you’re a CISO, security leader, or practitioner navigating today’s threat landscape, this episode is a must-listen.
 

In this episode of The Cyber Resilience Brief, host Tova Dvorin and SafeBreach Senior Sales Engineer Adrian Culley dissect the stealthy tactics of Volt Typhoon, a Chinese state-sponsored cyber group targeting critical infrastructure worldwide.
Learn how their “living off the land” techniques bypass traditional defenses, what indicators of compromise to hunt for, and how adversary emulation can proactively expose your gaps.
Packed with real-world threat intelligence and practical defense strategies, this conversation is a must-listen for CISOs, security teams, and critical infrastructure operators seeking to build resilience against nation-state threats.

In this special Black Hat/DEFCON 2025 edition of The Cybersecurity Brief, host Tova Dvorin sits down with SafeBreach Labs researchers Or Yair and Ron Ben-Yizhak to unpack three groundbreaking discoveries shaking up the cybersecurity world.
From abusing Windows RPC for devastating DoS and DDoS attacks, to exploiting Google Gemini through nothing more than a calendar invite, to hijacking RPC endpoints before privileged services even launch — these exploits highlight how creativity, not just technical skill, can redefine the threat landscape.
Tune in for live-demo insights, real-world attack scenarios, and actionable takeaways you can use today to strengthen your defenses.
. . . Curious about the research we reveal in this episode? Learn more in our blogs: Invitation is All You Need: Invoking Gemini for Workspace Agents with a Simple Google Calendar InviteYou Snooze You Lose: RPC-Racer Winning RPC Endpoints Against ServicesWin-DoS Epidemic: A Crash Course in Abusing RPC for Win-DoS & Win-DDoS

What happens after a traditional penetration test? In this episode, host Tova Dvorin is joined by Adrian Culley, Senior Sales Engineer and EU lead at SafeBreach, to explore the critical evolution from legacy pentesting to continuous, automated red teaming (CART) and breach and attack simulation (BAS).
We dive deep into the limitations of point-in-time manual penetration testing and why modern security teams and CISOs need to shift toward proactive risk management and continuous threat exposure management (CTEM). Adrian explains how tools like SafeBreach’s Propagate go beyond simulating known threats to dynamically generate new attack paths—including zero-day exploits—using AI-driven logic, validating your attack surface in real-time.
This episode covers:
The future of penetration testing in cybersecurity
How BAS and CART deliver true cyber resilience
Why automated red teaming is critical for critical live production systems
How attack path validation and blast radius analysis are redefining security strategies
Whether you're a CISO, security leader, or red teamer, this episode will help you understand why continuous security validation is no longer optional—and why legacy penetration testing is no longer enough.
Tune in and find out how to hack yourself—before someone else does.