Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In this special episode, host Tova Dvorin sits down with SafeBreach experts Adrian Culley and Tomer Bar to unpack CVE-2025-53770 — a zero-day deserialization flaw in Microsoft SharePoint Server that enables unauthenticated remote code execution and long-term persistence. This isn’t theoretical. It’s actively exploited and tied to the evolving ToolShell attack chain. Here’s what you’ll hear in this episode.

The FBI, NSA, and CISA just issued a warning about Iranian state-backed actors, including the notorious Cyber Avengers, targeting US networks—especially OT, IoT, water, and aviation systems. These groups aren’t hacktivists—they’re highly skilled, sanctioned members of the IRGC. Key takeaways: Stay proactive: run simulations, remediate vulnerabilities, and lock the stable door before the horse bolts.

In this episode of the SafeBreach Cyber Resilience Podcast, host Tova Dvorin and Adrian Culley dive deep into Interlock—one of today’s most aggressive ransomware operations. What you’ll learn: From hospitals to schools, no one’s immune—hear how Interlock is rewriting the ransomware playbook and what your team can do to stay resilient.

A new breed of ransomware is here — and it’s more dangerous than ever. In this episode of the Cyber Resilience Podcast, we unpack the chilling rise of Warlock ransomware, a campaign tied to Chinese threat actor Storm-2603. Discover how this group is combining nation-state tactics with ransomware-as-a-service operations, blurring the line between espionage and profit—and what it means for critical infrastructure defense.

Did you know that over 30% of all web application vulnerabilities reported each year involve Cross Site Scripting (XSS)? And among them, Stored or Server Side XSS is consistently ranked as one of the most dangerous forms, because a single injected payload can silently impact hundreds or even thousands of users without any interaction.

APIs are the Language of AI. Protecting them is Critical. In this discussion, A10 Networks security experts Jamison Utter and Carlo Alpuerto explore the emerging impact of Agentic AI on the API security landscape. They delve into how AI agents, as new API consumers, are driving an explosion in endpoints and exacerbating existing security issues, pushing API protection higher up the security practitioners' priority list.

The mythical 1+1=3 model in security? It happens when the tools you already own stop working in isolation — and start working as a system. Jay Wilson and Garrett Hamilton dig into why Reach’s platform approach matters: not just enhancing individual controls, but creating compounding value across identity, endpoint, email, and network. When visibility, configuration, and enforcement align, the outcome isn’t incremental — it’s exponential.

Security technology for access control already exists, but success depends on mindset and the willingness to change course when conditions shift. The idea of being audible ready, switching plays at the line based on what appears in front of you, mirrors how security leaders adjust identity strategy and embrace change despite human resistance.

Managers: When your team needs answers, are they coming to you or to AI? Our new report found 27% of employees now trust AI more than their colleagues or managers. In this video, we break down why banning AI creates a trust vacuum that's fundamentally breaking team structures.

Here’s the reality: AI unlocks incredible innovation, but it also introduces real security risk. LLMs are probabilistic, which makes them great for generating code or summarizing data, but unreliable when it comes to enforcing access. Security requires verifiable, rule-based truth. At 1Password, our approach to AI keeps authorization in a secure, auditable flow so you always know who is accessing what, and why.