Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ep. 38 - The Evolution of Offensive Cybersecurity

"Hope is not a strategy." The roots of hacking go deeper than you think—all the way back to Bletchley Park and the first computers ever built. In the latest episode, Adrian Culley joins Tova Dvorin to trace the evolution of offensive security: from 1970s "phone freakers" to the sophisticated Breach & Attack Simulation (BAS) of today. The Insight: Penetration testing was a vital evolution, but it’s a "photo of a moving target." Modern resilience requires a "cyber training gym"—a continuous, automated sparring partner that validates your defenses against the latest TTPs 24/7/365.

Ep. 48 - Iran's 12 Days of Cyber War: How Missiles Triggered a Global OT Hacking Campaign

June 2025 marked a turning point in cyber warfare. In this episode of The Cyber Resilience Brief, Tova Dvorin and offensive engineer Adrian Cully break down the cyber escalation that followed Operation Rising Lion—what some analysts now describe as Iran’s 12 days of cyber war. As missiles struck Iranian strategic targets, coordinated hacktivist groups like Cyber Avengers and Handala launched psychological operations, mass SMS spoofing campaigns, and attacks targeting operational technology (OT) systems—including Unitronics PLCs used in water and industrial facilities worldwide.

Ep. 47 - APT42 & Iran's AI Social Engineering: Deepfakes, Phishing & Hack-and-Leak

Iran’s APT42 — also known as Charming Kitten or Mint Sandstorm — is redefining social engineering with generative AI, deepfake voice cloning, and long-term phishing campaigns. In this episode of the Cyber Resilience Brief, we break down how Iranian state-sponsored threat actors are using AI-powered phishing, MFA fatigue attacks, credential harvesting, and hack-and-leak operations to target journalists, political campaigns, academics, and enterprise executives.

Ep. 46 - Blueprint Thieves: Inside Iran's Industrial Espionage Machine

In this episode of _The Cyber Resilience Brief_, we break down the modern reality of *Iranian cyber warfare and industrial espionage*. Host Tova Dvorin and offensive security engineer Adrian Culley analyze the tactics, techniques, and procedures (TTPs) of *APT33, OilRig (APT34), and MuddyWater* — three of the most active Iranian state-sponsored threat actors targeting *energy, aviation, manufacturing, government, and critical infrastructure*.

Intelligence Agencies: Proxy Action & 'Plozny Jurak'

In today’s cyber landscape, intelligence services often rely on proxy networks to expand their reach. Through ransomware affiliates, access brokers, and loosely connected cybercriminal ecosystems — sometimes referred to conceptually as “Plozny Jurak” — states can benefit from disruptive or espionage activity without direct attribution. To dive deeper, watch the full podcast, Blueprint Thieves: Inside Iran’s Industrial Espionage Machine, at the links below.

Ep. 45 - Teen Hackers, SIM Swaps & Russian Ransomware

In Part 2 of our Russia cyber threat series, we unpack the Western cybercrime ecosystem powering Russian ransomware operations. We examine *Scattered Spider, LAPSUS$, and Shiny Hunters*, and how social engineering, SIM swapping, MFA bypass, and AI-driven voice spoofing are breaching Fortune 100 companies — without zero-days. Learn how access brokers commoditize breaches, why help desks are prime targets, and what this shift means for CISOs and security teams.

Ep. 42 - Iran's Cyber Shadow War: IRGC, MOIS, and the Battle for Control

*Episode 2 of 6 – Iran’s Cyber Program Explained* In *Iran’s Cyber Shadow War: IRGC, MOIS, and the Battle for Control*, we continue our deep-dive into Iran’s cyber operations by exposing the internal power struggle driving its most dangerous digital attacks.

The New 2026 China Cybersecurity Law Podcast

A new Chinese cybersecurity law just changed the global threat landscape. In this clip, Tova Dvorin and Adrian Culley break down what went into effect on January 20, 2026—and why it’s unprecedented. Under the updated law, vulnerabilities discovered by Chinese citizens or companies must be reported to the state within 48 hours and cannot be disclosed to vendors until approved. The result? A government-first window to exploit zero-days before they’re patched—at global scale.

AI in Cybersecurity: Force Multiplier or Just More Noise? #podcast #aisecurity #aicybersecurity

Is AI actually making security teams safer—or just adding more noise? In this episode of IEN's Security Breach podcast, SafeBreach CTO Itzik Kotler joins Jeff Reinke to break down how attackers are using AI, why alert fatigue keeps getting worse, and what security teams should focus on before chasing the next “shiny object.” This conversation is a grounded take on preparation, detection engineering, and using AI intentionally—not reactively.