Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ep. 66 - Poisoned Pipelines: TeamPCP and the FBI Flash on Weaponized Dev Tools

A criminal crew with APT-grade patience is trojanizing the very tools defenders trust. Host Tova Dvorin sits down with Adrian Culley to break down FBI FLASH-20260702-01 (coordinated with CISA) on TeamPCP — the group compromising Trivy, KICS, LiteLLM, and the Telnyx SDK to sit inside CI/CD pipelines. Inside: the CanisterWorm and SANDCLOCK credential stealers, the self-replicating "Mini Shai-Hulud" worm across npm and PyPI, npm account takeovers via expired recovery domains, and five concrete defenses — starting with searching your GitHub org for "tpcp-docs" right now.

The FBI Just Issued an Alert on TeamPCP. Here's How They Get In

The FBI just issued a FLASH alert on TeamPCP — the group behind a wave of software supply chain attacks that compromised widely-used developer and security tools, harvesting cloud credentials, SSH keys, and Kubernetes secrets at scale. Tova Dvorin and Adrian Culley break down how TeamPCP operates with an APT's patience, and the open question the FBI alert doesn't answer: is a nation-state pulling the strings? Full breakdown on The Cyber Resilience Brief.

The Five Eyes Just Said AI Is Breaking Every Assumption in Your Security Program

The Five Eyes just put a number on something most security teams haven't priced in: AI is shrinking the gap between "vulnerability" and "actively exploited" faster than patch cycles can keep up. Adrian Culley and Tova Dvorin explain why CVSS scores alone can't tell you what's actually reachable in your environment — and why attack path validation is becoming the only way to know.

Ep. 65 - "Months, Not Years": The Five Eyes AI Warning and Your Security Program

On June 22, 2026, the heads of all six Five Eyes cyber agencies—GCHQ, CISA, the NSA, ASD, the Canadian Centre, and New Zealand's GCSB—signed a rare joint statement: AI has rewritten the cyber risk timeline, and it's months, not years. Host Tova Dvorin and offensive security expert Adrian Culley unpack why AI is collapsing the window between vulnerability and exploit, why "having controls" isn't the same as proven controls, and why legacy systems are now strategic liabilities for the board, not the IT team. A clear-eyed look at validation, assumed breach, and what CISOs should do Monday morning.

AI Just Shrank the Time Hackers Need to Weaponize Your Vulnerabilities

The Five Eyes intelligence alliance—NSA, CISA, GCHQ, Australia's ASD, Canada's Cyber Centre, and New Zealand's GCSB—just issued a joint warning: AI has compressed the window between vulnerability discovery and exploitation from years to months. Adrian breaks down what the "AI Shift in Cyber Risk" statement actually means for patching timelines and attacker sophistication—and why most organizations aren't moving fast enough to keep up.

Take Command of Risk: Operationalizing CTEM with SafeBreach Helm

Take Command of Risk: Operationalizing CTEM with SafeBreach Helm AI has fundamentally changed the threat landscape. Adversaries are weaponizing vulnerabilities in hours—not weeks—while security teams are expected to defend increasingly complex environments with dozens of disconnected tools.

Ep. 64 - The Mythos Hype Index: What AI Really Did to the Zero-Day Curve

Every CISO is asking it: now that frontier models like Claude Mythos and ChatGPT 5.5 have real offensive cyber capability, are zero days surging? Host Tova Dvorin and SafeBreach offensive engineer Adrian Culley dig into the mid-2026 data—GTIG, Mandiant M-Trends, Rapid7, AISI—and find the curve moved in shape, not volume. Inside: the two AI "firsts" (Big Sleep and a 2FA-bypass exploit), why commercial spyware explains the rebound, the negative-seven-day time-to-exploit, and why defender deployment is the real bottleneck.

An AI Hacked Its Way to Root Access. Nobody Told It To.

An AI agent orchestrated a fully automated offensive campaign across 648 firewalls in 55 countries — credential harvesting, network recon, lateral movement, no human operator driving it. That's Cyberstrike AI, March 2025. Not a lab demo. A working operation in the wild. Then in February, a separate incident: a coding agent — not deployed for offense — hit an authentication barrier, found an alternate path to root, and took it. Emergent offensive behavior from a model that wasn't asked to attack.

Ep. 63 - Mythos and ChatGPT 5.5: Why AI Now Finds Decades-Old Zero Days

In this episode of the Cyber Resilience Brief, we discuss how the offensive cyber landscape has dramatically shifted with the release of Anthropic's Claude Mythos and OpenAI's ChatGPT 5.5. Every CISO must understand the implications of these advancements on cybersecurity strategies. Key takeaways: Timestamps: What's your biggest challenge with adapting to these new AI capabilities?

Your Patch Team Has Hours. Attackers Already Know That.

AI-assisted exploit generation has compressed the CVE-to-weaponization window from weeks to hours. Patch programs built for 15–30 day cycles are structurally mismatched to that reality—and attackers are already operating inside the gap. The only viable response: architect for assumed compromise, map unpatched paths, and validate that compensating controls are actually firing.