The Cyber Resilience Brief: A SafeBreach Podcast

In this special episode of The Cyber Resilience Brief, hosts Tova Dvorin and Adrian Culley unpack the newly released CISA Advisory AA25-239, a joint warning from CISA, NSA, FBI, and international partners on the persistent Chinese state-sponsored threat group known as Salt Typhoon.
Salt Typhoon has been quietly infiltrating critical infrastructure worldwide using outdated routers, weak credentials, and “living off the land” techniques like PowerShell, WMI, and scheduled tasks—often remaining undetected for years. This episode explores:
Key TTPs & IOCs called out in the advisory, including router exploits, credential abuse, and stealthy exfiltration techniques.
Mitigation strategies every organization should implement now: patching, MFA enforcement, segmentation, and proactive monitoring.
How Breach and Attack Simulation (BAS), Adversarial Exposure Validation (AEV), and Continuous Automated Red Teaming (CART) can help organizations proactively defend against advanced, long-term adversaries.
Whether you’re a CISO, security practitioner, or resilience leader, this episode provides actionable intelligence to strengthen your defenses against one of today’s most persistent and dangerous cyber threats.

Most security teams are laser-focused on patching CVEs, but does that guarantee protection? In this episode, SafeBreach Co-Founder & CTO Itzik Kotler and VP of Sales Engineering Michael De Groat unpack the real risks that slip through even the most rigorous vulnerability management programs.
From misconfigurations and overly-permissioned identities to insider threats, social engineering, and zero-days, adversaries are exploiting far more than just published vulnerabilities. Discover why an assumed breach mindset and proactive adversarial simulation are critical for building resilience—long after your systems are fully patched.
Tune in to learn:
Why 100% patch compliance still won’t stop ransomware or data exfiltration
The hidden risks in identity, configuration, and insider threats
How “assumed compromise” thinking shifts organizations from reactive to proactive security
Practical lessons from years of breach and attack simulation across Fortune 500 environments
If you’re a CISO, security leader, or practitioner navigating today’s threat landscape, this episode is a must-listen.
 

In this episode of The Cyber Resilience Brief, host Tova Dvorin and SafeBreach Senior Sales Engineer Adrian Culley dissect the stealthy tactics of Volt Typhoon, a Chinese state-sponsored cyber group targeting critical infrastructure worldwide.
Learn how their “living off the land” techniques bypass traditional defenses, what indicators of compromise to hunt for, and how adversary emulation can proactively expose your gaps.
Packed with real-world threat intelligence and practical defense strategies, this conversation is a must-listen for CISOs, security teams, and critical infrastructure operators seeking to build resilience against nation-state threats.

In this special Black Hat/DEFCON 2025 edition of The Cybersecurity Brief, host Tova Dvorin sits down with SafeBreach Labs researchers Or Yair and Ron Ben-Yizhak to unpack three groundbreaking discoveries shaking up the cybersecurity world.
From abusing Windows RPC for devastating DoS and DDoS attacks, to exploiting Google Gemini through nothing more than a calendar invite, to hijacking RPC endpoints before privileged services even launch — these exploits highlight how creativity, not just technical skill, can redefine the threat landscape.
Tune in for live-demo insights, real-world attack scenarios, and actionable takeaways you can use today to strengthen your defenses.
. . . Curious about the research we reveal in this episode? Learn more in our blogs: Invitation is All You Need: Invoking Gemini for Workspace Agents with a Simple Google Calendar InviteYou Snooze You Lose: RPC-Racer Winning RPC Endpoints Against ServicesWin-DoS Epidemic: A Crash Course in Abusing RPC for Win-DoS & Win-DDoS

What happens after a traditional penetration test? In this episode, host Tova Dvorin is joined by Adrian Culley, Senior Sales Engineer and EU lead at SafeBreach, to explore the critical evolution from legacy pentesting to continuous, automated red teaming (CART) and breach and attack simulation (BAS).
We dive deep into the limitations of point-in-time manual penetration testing and why modern security teams and CISOs need to shift toward proactive risk management and continuous threat exposure management (CTEM). Adrian explains how tools like SafeBreach’s Propagate go beyond simulating known threats to dynamically generate new attack paths—including zero-day exploits—using AI-driven logic, validating your attack surface in real-time.
This episode covers:
The future of penetration testing in cybersecurity
How BAS and CART deliver true cyber resilience
Why automated red teaming is critical for critical live production systems
How attack path validation and blast radius analysis are redefining security strategies
Whether you're a CISO, security leader, or red teamer, this episode will help you understand why continuous security validation is no longer optional—and why legacy penetration testing is no longer enough.
Tune in and find out how to hack yourself—before someone else does.

A new breed of ransomware is on the rise: Warlock. In this episode, host Tova Dvorin and SafeBreach senior sales engineer Adrian Culley dig into the chilling details of the Warlock ransomware campaign and its deployment by Chinese threat actor Storm-2603. Learn how this adversary is combining nation-state level tactics with financially motivated ransomware-as-a-service operations, and what it means for critical infrastructure defense. Discover the key TTPs, IOCs, and how SafeBreach customers can validate their resilience using AEV.

In this episode of the SafeBreach Cyber Resilience Podcast, host Tova Dvorin sits down with Senior Sales Engineer Adrian Culley to dissect one of the most aggressive ransomware threats in circulation today: Interlock.
Backed by a rapidly evolving, financially motivated threat group, Interlock ransomware isn’t just encrypting systems—it’s stealing sensitive data first, then holding victims hostage with a powerful double-extortion model. From major healthcare systems in the U.S. to public schools in Scotland, Interlock is making an outsized impact across sectors.
We unpack:
Why Interlock is not just another ransomware variant
The social engineering tactics like “ClickFix” that are fooling even savvy users
How the dark web’s affiliate model is fueling this operation
The chilling tactics used to bypass defenses and disable recovery
What every organization must do today to test, validate, and close security gaps
And yes—we’re revisiting that childhood wisdom with a modern twist: don’t accept code from strangers. Whether it’s a fake Captcha or a suspicious command prompt, one careless click can be all it takes.

In this urgent Cyber Resilience Brief, host Tova Dvorin is joined by SafeBreach experts Adrian Culley and Tomer Bar to break down CVE-2025-53770, a critical zero-day vulnerability actively exploited in Microsoft SharePoint Server. Known as part of the ToolShell attack chain, this deserialization flaw allows unauthenticated remote code execution and persistence — and it’s already being used in the wild.
We discuss:
What makes this vulnerability so dangerous (hint: there's no patch for SharePoint 2016 yet)
Why Microsoft is advising customers to assume breach
How SafeBreach Labs responded within 24 hours with new BAS coverage
Specific indicators of compromise (IoCs) and mitigation advice
Why this attack demands urgent attention from security teams and CISOs alike
Whether you're a SafeBreach customer or just trying to stay ahead of emerging threats, this episode delivers the critical insights you need — fast.
🔗 For more information on today's CVE, check out our post on the SafeBreach blog. 

AI vs. Cybersecurity: The New Frontline
In this eye-opening episode, host Tova Dvorin sits down with Tomer Bar, VP of Security Research at SafeBreach, and Shelly Zucker, Product Manager at SafeBreach, to unravel the alarming ways AI is transforming the cyber threat landscape—and what it means for defenders.
The conversation kicks off with jaw-dropping findings from Palo Alto Networks: AI-powered ransomware attacks that complete from breach to data theft in just 25 minutes, slashing attack timelines by 100x, and fueling forecasts of $57 billion in damages in 2025 alone. Pair that with an 890% surge in enterprise AI app usage, and it's clear: the attack surface has never been more exposed.
But this episode doesn’t stop at the headlines. Tomer and Shelly reveal how adversaries are leveraging generative AI to lower the bar for cybercrime, creating tailored malware with a simple prompt—no coding expertise required. From spyware that logs keystrokes and steals files to ransomware that evades half of today’s security tools on first try, they break down how traditional defenses are falling dangerously behind.
More importantly, you’ll hear how SafeBreach is turning the tables by building AI-generated malware scenarios—carefully crafted with the same techniques attackers use—so organizations can safely test if their defenses can withstand this new wave of threats.
Plus, get a tantalizing sneak peek at upcoming research that crosses the line from cyberspace to the physical world, showing how AI could manipulate smart homes with a single indirect prompt.
If you’re in cybersecurity, risk, or IT, this is an essential listen to understand why your current detection stack might not be enough—and how to prepare for the AI-enabled future.

In this episode, we break down the latest FBI advisory on Iranian cyber actors — and what it means for your OT, IoT, and critical systems. SafeBreach’s Adrian Culley shares practical steps to validate defenses and lock the stable door before the horse bolts.