Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A new breed of ransomware is here — and it’s more dangerous than ever. In this episode of the Cyber Resilience Podcast, we unpack the chilling rise of Warlock ransomware, a campaign tied to Chinese threat actor Storm-2603. Discover how this group is combining nation-state tactics with ransomware-as-a-service operations, blurring the line between espionage and profit—and what it means for critical infrastructure defense.

Did you know that over 30% of all web application vulnerabilities reported each year involve Cross Site Scripting (XSS)? And among them, Stored or Server Side XSS is consistently ranked as one of the most dangerous forms, because a single injected payload can silently impact hundreds or even thousands of users without any interaction.

APIs are the Language of AI. Protecting them is Critical. In this discussion, A10 Networks security experts Jamison Utter and Carlo Alpuerto explore the emerging impact of Agentic AI on the API security landscape. They delve into how AI agents, as new API consumers, are driving an explosion in endpoints and exacerbating existing security issues, pushing API protection higher up the security practitioners' priority list.

The mythical 1+1=3 model in security? It happens when the tools you already own stop working in isolation — and start working as a system. Jay Wilson and Garrett Hamilton dig into why Reach’s platform approach matters: not just enhancing individual controls, but creating compounding value across identity, endpoint, email, and network. When visibility, configuration, and enforcement align, the outcome isn’t incremental — it’s exponential.

Security technology for access control already exists, but success depends on mindset and the willingness to change course when conditions shift. The idea of being audible ready, switching plays at the line based on what appears in front of you, mirrors how security leaders adjust identity strategy and embrace change despite human resistance.

Managers: When your team needs answers, are they coming to you or to AI? Our new report found 27% of employees now trust AI more than their colleagues or managers. In this video, we break down why banning AI creates a trust vacuum that's fundamentally breaking team structures.

Here’s the reality: AI unlocks incredible innovation, but it also introduces real security risk. LLMs are probabilistic, which makes them great for generating code or summarizing data, but unreliable when it comes to enforcing access. Security requires verifiable, rule-based truth. At 1Password, our approach to AI keeps authorization in a secure, auditable flow so you always know who is accessing what, and why.

Get up and running with ggshield, the GitGuardian CLI, in just a few minutes by installing it, authenticating, and running your first secrets scan. This quick-start video shows you how to scan individual files and entire projects, then lock in protection with a pre-commit Git hook to keep secrets out of your commits.

Richard Bejtlich discusses cloud security from a network-centric perspective with Corelight's cloud security researcher, David Burkett. They explore why monitoring network traffic remains essential in cloud environments, despite the presence of native security features offered by cloud providers. David highlights common threats such as container compromises, coin miners, and supply chain attacks, emphasizing the value of traffic visibility for detecting unusual behaviors and breaches.

In this premiere episode of The Cyber Resilience Brief, we dive into the EU’s Digital Operational Resilience Act (DORA) — and why its impact goes far beyond Europe. Host Tova Dvorin is joined by Adrian Culley and David Murray from SafeBreach to break down what means for financial institutions, insurers, and ICT providers worldwide. The session covers: Listen now for actionable insights on evolving from incident response to instant anticipation, staying ahead of attackers, and meeting tomorrow’s regulatory demands today.