Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Episode 18 - Live Fire Defense at Locked Shields

In this episode, host Richard Bejtlich sits down with Corelight Senior Sales Engineers Adam Donadeo and Nico Roosenboom to unpack their firsthand experiences at Locked Shields, the world’s largest international live-fire cyber defense exercise. The conversation dives deep into the chaotic, real-world friction of defending a massive virtualized network alongside 4,000 global experts against aggressive red team waves.

DNS Log File Your Guide to Uncovering Hidden Threats

Your firewall says nothing is wrong. Your EDR has a few low-confidence alerts. Users aren't reporting outages. But something still feels off. That's the exact situation where a DNS log file stops being “just another log” and turns into one of the most useful artifacts in the environment. Attackers lean on DNS because every network depends on it, it is often treated as background noise, and suspicious lookups can blend into legitimate traffic for a long time.

5 Essential Cybersecurity Defenses for Cloud Email Security

Cloud email has become the center of modern business. Regardless of your organization's industry or size, email connects employees, customers, vendors, executives, financial systems and critical business processes. Unfortunately, attackers know this too. For cybercriminals, compromising an email account is often like finding the master key to a building. Once inside, they may be able to steal information, impersonate employees, redirect payments, spread malware or gain access to other systems.

Cybercriminals Are Targeting the FIFA World Cup 2026

Lead Analysts: Jeewan Singh Jalal and Louis Tiley KnowBe4 ThreatLabs tracked phishing campaign activity from the first week of April through June 22, 2026 — covering the pre-tournament build-up, tournament kickoff and the first twelve days of live match play. Our latest intelligence adds crucial mid-tournament telemetry (June 15-22), a newly identified reply-back campaign track and additional infrastructure intelligence.

It's the speed we're adopting it

AI! It's in everything, everywhere, all at once! It’s reading emails, summarising meetings, drafting documents, and writing code, and it’s no longer just giving us answers. We now also have agents that act on their own, access other systems, and make decisions with little to no human oversight. From a capability standpoint, it’s amazing.

Best Threat Intelligence Platforms and Vendors

A threat intelligence platform (TIP) is the software layer that bridges the gap between raw threat data and your team's security decisions. It aggregates signals from open, deep, and dark web sources, normalizes indicators of compromise (IOCs), enriches them with context like reputation scores and malware family attribution, and maps adversary tactics, techniques, and procedures (TTPs) so analysts can act instead of investigating.