Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In this special episode of The Cyber Resilience Brief, Tova Dvorin and Adrian Culley break down CISA Advisory AA25-239—a joint alert from CISA, NSA, FBI, and global cyber partners on the long-running Chinese state-sponsored threat group Salt Typhoon. Salt Typhoon has been quietly infiltrating critical infrastructure for years by exploiting outdated routers, weak credentials, and “living off the land” techniques like PowerShell, WMI, scheduled tasks, and built-in administrative tools—making them nearly invisible.

New year, new threats… Except some aren’t so new; they’ve been years in the making. As the future of financial services evolves from relying on traditional banking to other platforms, securing our future requires practitioners to be more strategic than the threat actors after our assets. Join Aleksandr Yampolskiy and Jeff Lunglhofer for their take on: SecurityScorecard monitors and scores over 12 million companies worldwide.

Here is the truth: To exploit Business Logic Abuse, hackers must understand your application flow holistically. Your individual developers focus on clean code within their one block. The attacker studies the entire blueprint and finds the gaps and missing connections between those blocks. They are committed-spending months on reconnaissance to know your product better than your own team. You must adopt the attacker's mindset in your design stages!

Partnership over Procurement Why true collaboration between vendors and security teams is still rare — not because the intent isn’t there, but because most engagements stop at feature checklists. The alternative is more interesting: build together, solve together, and create solutions that fit how teams actually work rather than how tools assume they work. This mindset drove our work with Insurity — a real example of what happens when a security team engages deeply instead of treating tooling as a finished product.

Cybercriminals and state-driven actors are getting smarter. Rogue devices, like stolen laptops or stealthy rogue routers, are bypassing traditional security measures and hiding in your network’s blind spots. In this discussion, experts Daniel dos Santos, VP of Forescout Research, Rik Ferguson, VP of Security Intelligence and Liran Chen, VP of Systems Engineering dive into.

AI is evolving fast, but are your workflows truly secure? Most teams rely on DLP or redaction tools that strip sensitive data or block it entirely — but that limits your AI's potential. In this video, learn how Protecto’s SaaS Masking & Unmasking APIs help you process sensitive data (PII, PHI, PCI) securely, while staying compliant with GDPR, HIPAA, DPDP. No more trade-offs between data protection and powerful AI.

Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.

For most leadership teams, the question is no longer if they’ll use AI, but how to turn it into measurable business value. Success hinges on the APIs that feed, govern, and scale AI initiatives — and whether your strategy is built for speed, security, and cost efficiency. From accelerating product development to delivering real-time customer experiences, the business case for AI is clear. But without the right API strategy, AI initiatives risk falling short — driving up costs, creating compliance gaps, and limiting ROI.

AI agents aren’t just talking, they’re taking actions. They’re booking transactions, pulling sensitive data, and chaining tools together to get work done. As enterprises embrace these agents, protocols like the Model Context Protocol (MCP) and Agent-to-Agent (A2A) are enabling powerful new capabilities, but also creating invisible ecosystems of API-driven agent activity that traditional security tools can’t see or control.

No Fluff, Just Real-World Threats This isn’t your typical marketing webinar. We cover what Agentic AI actually looks like in production, how MCP servers work to broker instructions, and what kind of new threats are emerging. Agentic AI isn’t coming. It’s already here. Autonomous agents are now operating in production environments, reasoning, remembering, and taking real actions across your systems. They’re not just generating content. They’re triggering workflows, modifying records, and making decisions. And they’re doing it over APIs.