Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Most security teams obsess over patching CVEs—but even perfect patch compliance won’t keep you safe. In this episode, SafeBreach Co-Founder & CTO Itzik Kotler and VP of Sales Engineering Michael De Groat reveal the real exposures that hide between patches, from misconfigurations and identity gaps to insider threats, social engineering, and zero-days. Hear why attackers exploit more than just known vulnerabilities, and how adopting an assumed-breach mindset with adversarial simulation strengthens real-world resilience.

In this episode of The Cyber Resilience Brief, we explore NIS2, the EU directive shaping cybersecurity for regulated industries. In this episode, learn.

In this episode of The Cyber Resilience Brief, hosts Tova Dvorin and Adrian Culley dive into critical infrastructure security, focusing on the Dragonfly threat. In this episode, learn.

Celebrate Women in Cyber Day with us on this episode of the SafeBreach podcast! We explore the evolving role of women in cybersecurity, diving into the unique challenges and privileges they face in a traditionally male-dominated field. Our guests discuss the power of mentorship, confidence, and community support, while highlighting the importance of tailored training and leadership representation. Tune in to hear inspiring insights on how creating opportunities and connections can help build a more inclusive and diverse cybersecurity landscape.

In this special episode of The Cyber Resilience Brief, Tova Dvorin and Adrian Culley break down CISA Advisory AA25-239—a joint alert from CISA, NSA, FBI, and global cyber partners on the long-running Chinese state-sponsored threat group Salt Typhoon. Salt Typhoon has been quietly infiltrating critical infrastructure for years by exploiting outdated routers, weak credentials, and “living off the land” techniques like PowerShell, WMI, scheduled tasks, and built-in administrative tools—making them nearly invisible.

New year, new threats… Except some aren’t so new; they’ve been years in the making. As the future of financial services evolves from relying on traditional banking to other platforms, securing our future requires practitioners to be more strategic than the threat actors after our assets. Join Aleksandr Yampolskiy and Jeff Lunglhofer for their take on: SecurityScorecard monitors and scores over 12 million companies worldwide.

Here is the truth: To exploit Business Logic Abuse, hackers must understand your application flow holistically. Your individual developers focus on clean code within their one block. The attacker studies the entire blueprint and finds the gaps and missing connections between those blocks. They are committed-spending months on reconnaissance to know your product better than your own team. You must adopt the attacker's mindset in your design stages!

Partnership over Procurement Why true collaboration between vendors and security teams is still rare — not because the intent isn’t there, but because most engagements stop at feature checklists. The alternative is more interesting: build together, solve together, and create solutions that fit how teams actually work rather than how tools assume they work. This mindset drove our work with Insurity — a real example of what happens when a security team engages deeply instead of treating tooling as a finished product.