The Cyber Resilience Brief: A SafeBreach Podcast

A new breed of ransomware is on the rise: Warlock. In this episode, host Tova Dvorin and SafeBreach senior sales engineer Adrian Culley dig into the chilling details of the Warlock ransomware campaign and its deployment by Chinese threat actor Storm-2603. Learn how this adversary is combining nation-state level tactics with financially motivated ransomware-as-a-service operations, and what it means for critical infrastructure defense. Discover the key TTPs, IOCs, and how SafeBreach customers can validate their resilience using AEV.

In this episode of the SafeBreach Cyber Resilience Podcast, host Tova Dvorin sits down with Senior Sales Engineer Adrian Culley to dissect one of the most aggressive ransomware threats in circulation today: Interlock.
Backed by a rapidly evolving, financially motivated threat group, Interlock ransomware isn’t just encrypting systems—it’s stealing sensitive data first, then holding victims hostage with a powerful double-extortion model. From major healthcare systems in the U.S. to public schools in Scotland, Interlock is making an outsized impact across sectors.
We unpack:
Why Interlock is not just another ransomware variant
The social engineering tactics like “ClickFix” that are fooling even savvy users
How the dark web’s affiliate model is fueling this operation
The chilling tactics used to bypass defenses and disable recovery
What every organization must do today to test, validate, and close security gaps
And yes—we’re revisiting that childhood wisdom with a modern twist: don’t accept code from strangers. Whether it’s a fake Captcha or a suspicious command prompt, one careless click can be all it takes.

In this urgent Cyber Resilience Brief, host Tova Dvorin is joined by SafeBreach experts Adrian Culley and Tomer Bar to break down CVE-2025-53770, a critical zero-day vulnerability actively exploited in Microsoft SharePoint Server. Known as part of the ToolShell attack chain, this deserialization flaw allows unauthenticated remote code execution and persistence — and it’s already being used in the wild.
We discuss:
What makes this vulnerability so dangerous (hint: there's no patch for SharePoint 2016 yet)
Why Microsoft is advising customers to assume breach
How SafeBreach Labs responded within 24 hours with new BAS coverage
Specific indicators of compromise (IoCs) and mitigation advice
Why this attack demands urgent attention from security teams and CISOs alike
Whether you're a SafeBreach customer or just trying to stay ahead of emerging threats, this episode delivers the critical insights you need — fast.
🔗 For more information on today's CVE, check out our post on the SafeBreach blog. 

AI vs. Cybersecurity: The New Frontline
In this eye-opening episode, host Tova Dvorin sits down with Tomer Bar, VP of Security Research at SafeBreach, and Shelly Zucker, Product Manager at SafeBreach, to unravel the alarming ways AI is transforming the cyber threat landscape—and what it means for defenders.
The conversation kicks off with jaw-dropping findings from Palo Alto Networks: AI-powered ransomware attacks that complete from breach to data theft in just 25 minutes, slashing attack timelines by 100x, and fueling forecasts of $57 billion in damages in 2025 alone. Pair that with an 890% surge in enterprise AI app usage, and it's clear: the attack surface has never been more exposed.
But this episode doesn’t stop at the headlines. Tomer and Shelly reveal how adversaries are leveraging generative AI to lower the bar for cybercrime, creating tailored malware with a simple prompt—no coding expertise required. From spyware that logs keystrokes and steals files to ransomware that evades half of today’s security tools on first try, they break down how traditional defenses are falling dangerously behind.
More importantly, you’ll hear how SafeBreach is turning the tables by building AI-generated malware scenarios—carefully crafted with the same techniques attackers use—so organizations can safely test if their defenses can withstand this new wave of threats.
Plus, get a tantalizing sneak peek at upcoming research that crosses the line from cyberspace to the physical world, showing how AI could manipulate smart homes with a single indirect prompt.
If you’re in cybersecurity, risk, or IT, this is an essential listen to understand why your current detection stack might not be enough—and how to prepare for the AI-enabled future.

In this episode, we break down the latest FBI advisory on Iranian cyber actors — and what it means for your OT, IoT, and critical systems. SafeBreach’s Adrian Culley shares practical steps to validate defenses and lock the stable door before the horse bolts.

In this premiere episode of The Cyber Resilience Brief, we dive into the EU’s Digital Operational Resilience Act (DORA) — and why its impact goes far beyond Europe. Host Tova Dvorin is joined by Adrian Culley and David Murray from SafeBreach to break down what DORA means for financial institutions, insurers, and ICT providers worldwide.
We explore:
Why resilience — both toughness and rapid recovery — is now the apex of cybersecurity
How DORA is pushing continuous testing and validation on live production systems, not just lab environments
What it means to have a “cyber canary in the coal mine” for early breach detection
The global ripple effect, with similar legislation already emerging in the UK and beyond
Whether or not your business is based in the EU, DORA is reshaping expectations for operational resilience. Tune in for actionable insights on evolving from incident response to instant anticipation, staying ahead of attackers, and meeting tomorrow’s regulatory demands today.Check out Our DORA whitepaper for more information on how SafeBreach helps you meet DORA compliance.