Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This week on the podcast, we cover some first-hand research from the WatchGuard Threat Lab on a phishing campaign targeting users of nearly every major VPN vendor. After that, we discuss two recently resolved vulnerabilities in the Fortinet FortiSIEM application, then end with research from Varonis on a new attack flow against Copilot called RePrompt.

MITRE ATT&CK Evaluations attract strong attention across the cybersecurity industry by providing detailed, transparent data on how endpoint security solutions behave under real attack conditions. However, the depth of the results often makes them difficult to interpret and compare meaningfully. Join Field CTO Adam Winston as he decodes WatchGuard’s MITRE ER7 results and learn how to weigh key metrics to determine real-world security effectiveness and efficiency.

“Doing well by doing good” – there’s something to be said for that. Join Aleksandr Yampolskiy (CEO & Co-Founder, SecurityScorecard) and Craig Newmark (Founder, craigslist, Craig Newmark Philanthropies) for this discussion on: SecurityScorecard monitors and scores over 12 million companies worldwide. Find your company's security score for free at SecurityScorecard.com Follow our CEO Dr. Aleksandr Yampolskiy.

Move beyond outdated security models that focus on protecting data infrastructure rather than the data itself. By embedding protection that travels with the data, you create a deterministic environment where data knows its own purpose and enables innovation at scale. Visit Protegrity.com to learn more.

Your biggest cybersecurity risk might not be your laptop, it could be your printer. Most companies overlook it, and hackers know it.

Configuration drift isn’t just “change.” It’s unmanaged change. Let's get practical about how teams should actually measure drift: ⇢ What type of change occurred⇢ How often those changes happen⇢ How critical they are in real context⇢ And—most importantly—how teams respond Volume alone isn’t the metric that matters. If changes pile up without response, alerts get ignored—and drift quietly becomes exposure.

As we slowly settle into the new rhythms of 2026, we are reminded that security starts with people The focus should always be on "bringing people along, not just implementing technology" to help keep our organizations future-ready.

Gold Blade doesn’t send phishing emails. Instead, they weaponize resumes and slip past defenses through legit recruitment sites. Sophos threat researcher Morgan Demboski breaks down their stealthy tactics.

The Asymmetric Threat: Why AI API Traffic is Hard to Predict As AI becomes more integrated into business operations, the way data moves through APIs is changing. In this clip from the A10 Networks webinar, "APIs are the Language of AI: Protecting Them is Critical," experts Jamison Utter and Carlo Alpuerto break down the concept of data asymmetry in AI.

Is your organization treating access reviews as a checkbox exercise — or a business enabler? In the full video, CyberArk’s Deepak Taneja explains why access reviews are becoming a critical pillar of identity security and zero trust — and how automation is reshaping their value across the business. Watch the full interview to learn why a compliance-only mindset creates risk, how organizations are modernizing access reviews, and what it takes to shift from audit task to strategic advantage.