Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Your home router isn’t just sitting there. It might already be part of a global cyberattack. In Part 2 of our deep dive into Chinese cyber operations, Tova Dvorin and Adrian Culley unpack the “Typhoon” threat groups—Volt Typhoon, Salt Typhoon, and Flax Typhoon—and how they’re quietly reshaping modern cyber warfare. This isn’t about stealing data. It’s about staying hidden, pre-positioning, and being ready to strike.

The EU Cyber Resilience Act (CRA) is set to transform cybersecurity—from a best practice into a legal requirement. But what does that "actually" mean for security teams, product leaders, and CISOs? In this episode, host Tova Dvorin and cybersecurity expert Adrian Culley break down the CRA in plain terms—and explain why the shift to continuous security validation is unavoidable. You’ll learn: With enforcement deadlines approaching and significant penalties on the horizon, the message is clear: If your security testing isn’t continuous, it’s not CRA-ready.

A new 2026 law in China has weaponized the Chinese tech population by requiring the reporting of software vulnerabilities to the Ministry of State Security within 48 hours. This law has significant implications for cybersecurity and global tech security.

What if the next cyberattack doesn’t steal your data…but quietly prepares to break your infrastructure? In this premiere episode of our series on Chinese threat actors, we uncover how China transformed from noisy, smash-and-grab hackers into the world’s most sophisticated cyber power—one focused not just on espionage, but on pre-positioning inside critical infrastructure. Through a chilling real-world scenario, we explore a new kind of threat: digital landmines—subtle, invisible changes inside power grids, telecommunications networks, and industrial systems that can be triggered at any time.

In this episode of the Cyber Resilience Brief, we shift from chaotic cybercriminals to the calculated world of Russian nation-state threat actors—breaking down the three agencies that dominate Russia’s cyber operations: the GRU, SVR, and FSB. What many organizations mistakenly treat as a single “Russian threat” is actually a complex ecosystem of competing intelligence agencies—each with distinct goals, tactics, and operational philosophies.

Iranian cyber attacks are escalating—shifting from espionage to destructive, large-scale operations. In this episode, we break down what CISOs need to know. Host Tova Dvorin and offensive security expert Adrian Culley analyze the latest Iranian cyber threat activity, including groups like Handala (Void Manticore) and MuddyWater (Mango Sandstorm), and how their tactics are evolving.

This conversation covers the principles of security, the shift of identity as the new perimeter, and the transition from detection-led to trust-led security. It emphasizes the importance of assuming network compromise, focusing on identity, and denying access based on unusual behavior. Takeaways.

The U.S. just made its boldest cybersecurity move in decades. In this episode of the Cyber Resilience Brief, we break down President Trump’s 2026 Cyber Strategy—and why it signals a massive shift from reactive defense to proactive, offensive cybersecurity. What does this mean for CISOs, security leaders, and the private sector? We unpack the strategy’s most critical pillars, including: This isn’t regulation—it’s a call to action. And for organizations that fail to continuously validate their defenses, the risks have never been higher.

Why does continuous testing matter for the Digital Operational Resilience Act (DORA) compliance? Explore how Articles 6, 9, 10, 13, and 16 reinforce the need for continuous testing.

Iranian cyber operations are entering a new era. In this final episode of our Iran cyber series, we explore how Iranian APT groups are evolving — leveraging AI, targeting supply chains, and bypassing the billion-dollar security stacks built to stop them. Hosts Tova Dvorin and Adrian Culley break down the emerging threats shaping 2026, including: The perimeter is gone. Your weakest vendor may now be your biggest risk.