Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI just handed attackers a new front door — and most security teams don't even know it exists. Model Context Protocol (MCP) is the emerging standard that lets AI agents talk to your tools, your data, and each other. It's also the most significant new attack surface to emerge in years. The NSA noticed. Your adversaries already have.

The NSA just published a rare advisory on the Model Context Protocol (MCP)—the plumbing under nearly every agentic AI deployment of the last 18 months—and the verdict is stark: optional authentication, no token lifecycle, silent behavior changes, and no logging to catch any of it. Host Tova Dvorin sits down with defensive cybersecurity expert Adrian Culley to unpack the eight risk categories, the WhatsApp and GitHub MCP exploits, and why MCP is now a testable validation surface.

When a tired EU diplomat clicks "connect" on an airport Wi-Fi portal, his briefing—and his government's secrets—end up in Chengdu. Hosts Tova Dvorin and Adrian Culley unpack Mustang Panda (APT27 / Bronze President), the Chinese threat group running the long con against NGOs, ASEAN ministries, and Tibetan and Uyghur activists. Inside: captive-portal Wi-Fi Pineapples that bypass MFA, PlugX side-loading through legitimate apps, and the USB worm that jumps air-gapped military networks.

In the finale of our Russian intelligence and proxy threat series, SafeBreach engineer Adrian Culley joins host Tova Dvorin to turn five episodes of analysis into concrete, actionable defense. The threat is real—now here's how you stop it.

China's cyber shadow has already reached your software. APT 41 — known as Double Dragon — isn't just stealing state secrets. They've pioneered a new generation of supply chain attacks, trojanizing the shared code libraries that thousands of organizations trust without question. And their latest splinter unit, UAT 7290, has been inside North American developer environments for over a year — not triggering anything, just watching, learning, and waiting to strike in a way that looks completely native.

In Part 4 of our Russian intelligence series, host Tova Dvorin and Adrian Culley map the proxy bridge between Western teenage hackers and Moscow. BlackCat (ALPHV) ransomware-as-a-service is the operational hinge: Scattered Spider breaks in, BlackCat encrypts, and the FSB watches the dashboard. Hear how the Kremlin earns plausible deniability, why a $115M extortion stream self-funds Russian intelligence, and what MI6's new "hybrid shadow war" warning means for defenders simulating Rust-based ransomware in their own networks.

Are you still stuck on the vulnerability hamster wheel? In this episode of the Cyber Resilience Brief, host Tova Dvorin is joined by SafeBreach VP of Product Koby Bar and offensive security expert Adrian Culley to unpack a major shift in how enterprises approach proactive security — and to announce the launch of SafeBreach Helm, the AI validation layer built for Continuous Threat Exposure Management (CTEM).

(CTEM) Continuous Threat Exposure Management—isn't just another framework. It's a philosophy for finally connecting the parts of your security program that aren't talking to each other. SafeBreach Helm makes it actionable for any organization, no matter where you're starting from.

Your home router isn’t just sitting there. It might already be part of a global cyberattack. In Part 2 of our deep dive into Chinese cyber operations, Tova Dvorin and Adrian Culley unpack the “Typhoon” threat groups—Volt Typhoon, Salt Typhoon, and Flax Typhoon—and how they’re quietly reshaping modern cyber warfare. This isn’t about stealing data. It’s about staying hidden, pre-positioning, and being ready to strike.

China-linked cyber groups have been hijacking everyday home routers—Linksys, Netgear, even small Cisco devices—and turning them into global proxy networks. That means an attacker can: This isn’t theoretical. In 2024–2025, massive botnets made of thousands of home routers were dismantled. The scariest part? Most people had no idea their device was involved.