Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The 2025 MITRE ATT&CK Enterprise Evaluations tested detecting malicious living-off-the-land attacks while avoiding false positives on legitimate tools. CrowdStrike delivered 100% detection and protection with zero false positives. Adversaries like Mustang Panda weaponize legitimate tools like PowerShell, WinRAR, and curl.exe while these same tools run legitimately across enterprises daily. You can't block these tools without collapsing operations.

The 2025 MITRE ATT&CK Enterprise Evaluations featured sophisticated cross-domain attacks from Scattered Spider, and CrowdStrike's Charlotte AI proved essential in delivering 100% detection and protection with zero false positives. Charlotte AI accelerated every stage of security operations with Agentic Detection Triage for instant verdicts, Agentic Response that investigates alerts like expert analysts, and command-line analysis in plain language.

AI agents are transforming how leading companies operate, delivering 24/7 customer service, processing thousands of transactions, and driving unprecedented operational efficiency. 53% of organizations are already deploying AI agents for customer-facing tasks, with market leaders running hundreds or thousands of agents to gain a competitive advantage. These agents handle sensitive data, trigger transactions, and make autonomous decisions at machine speed. But the APIs that power them are becoming a vast, overlooked attack surface.

Most security teams obsess over patching CVEs—but even perfect patch compliance won’t keep you safe. In this episode, SafeBreach Co-Founder & CTO Itzik Kotler and VP of Sales Engineering Michael De Groat reveal the real exposures that hide between patches, from misconfigurations and identity gaps to insider threats, social engineering, and zero-days. Hear why attackers exploit more than just known vulnerabilities, and how adopting an assumed-breach mindset with adversarial simulation strengthens real-world resilience.

In this episode of The Cyber Resilience Brief, we explore NIS2, the EU directive shaping cybersecurity for regulated industries. In this episode, learn.

In this episode of The Cyber Resilience Brief, hosts Tova Dvorin and Adrian Culley dive into critical infrastructure security, focusing on the Dragonfly threat. In this episode, learn.

Celebrate Women in Cyber Day with us on this episode of the SafeBreach podcast! We explore the evolving role of women in cybersecurity, diving into the unique challenges and privileges they face in a traditionally male-dominated field. Our guests discuss the power of mentorship, confidence, and community support, while highlighting the importance of tailored training and leadership representation. Tune in to hear inspiring insights on how creating opportunities and connections can help build a more inclusive and diverse cybersecurity landscape.

In this special episode of The Cyber Resilience Brief, Tova Dvorin and Adrian Culley break down CISA Advisory AA25-239—a joint alert from CISA, NSA, FBI, and global cyber partners on the long-running Chinese state-sponsored threat group Salt Typhoon. Salt Typhoon has been quietly infiltrating critical infrastructure for years by exploiting outdated routers, weak credentials, and “living off the land” techniques like PowerShell, WMI, scheduled tasks, and built-in administrative tools—making them nearly invisible.

New year, new threats… Except some aren’t so new; they’ve been years in the making. As the future of financial services evolves from relying on traditional banking to other platforms, securing our future requires practitioners to be more strategic than the threat actors after our assets. Join Aleksandr Yampolskiy and Jeff Lunglhofer for their take on: SecurityScorecard monitors and scores over 12 million companies worldwide.

Here is the truth: To exploit Business Logic Abuse, hackers must understand your application flow holistically. Your individual developers focus on clean code within their one block. The attacker studies the entire blueprint and finds the gaps and missing connections between those blocks. They are committed-spending months on reconnaissance to know your product better than your own team. You must adopt the attacker's mindset in your design stages!