PodcastsTechnologyDISCARDED: Tales From the Threat Research Trenches

DISCARDED: Tales From the Threat Research Trenches

Proofpoint
DISCARDED: Tales From the Threat Research Trenches
Latest episode

107 episodes

  • DISCARDED: Tales From the Threat Research Trenches

    OMITB: Trusting the wrong package.

    07/07/2026 | 38 mins.
    Send us fan mail!
    Hello to all our Cyber Pals! This week, we present a special replay of "Only Malware in the Building," the podcast that our host, Selena Larson, also co-hosts! Enjoy!

    Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Qintel⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.
    Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. This week, our hosts dive into the evolving threat of software supply chain attacks and the growing risks facing the open-source ecosystem. As developers increasingly rely on third-party packages and AI-powered coding tools, attackers are finding new ways to abuse trusted software to reach a wider range of targets. The discussion explores why these attacks are becoming more common, what recent incidents reveal about the state of software security, and what organizations can do to better protect themselves.

    Sources:  ⁠

    Shai-Hulud worm returns stronger and more automated than ever before⁠
    ‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack⁠
    What We Learned: Axios NPM Supply Chain Compromise Emergency Briefing
    Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise
  • DISCARDED: Tales From the Threat Research Trenches

    From Phishing to Court Cases: How Microsoft Fights Back Against Hackers

    23/06/2026 | 52 mins.
    Send us fan mail!
    Hello to all our Cyber Pals!
    Host Selena Larson is joined by Sean Farrell, Assistant General Counsel at Microsoft's Digital Crimes Unit (DCU), to pull back the curtain on how major cyber crime takedowns actually happen and how Microsoft uses civil lawsuits, criminal referrals, and global partnerships to disrupt some of the most damaging cyber crime operations in the world.
    They discuss:
    What DCU does and Sean's path from FBI to AWS to Microsoft
    How civil claims like the CFAA and RICO are used to seize infrastructure
    The Fox Tempest takedown and its ties to Rhysida ransomware
    The global disruption of the Tycoon 2FA phishing-as-a-service operation
    How targets get chosen, and civil vs. criminal action
    Why naming victims changes the public narrative on cyber crime
    Arrests tied to Octo Tempest/Scattered Spider
    The risks of AI-generated sloppiness in legal and threat intel work
    Disrupting cyber crime isn't about ending it for good, it's about raising the cost of doing business until bad actors run out of road.

    Resources Mentioned:

    https://www.microsoft.com/en-us/corporate-responsibility/customer-security-trust/digital-crimes-unit
    https://blogs.microsoft.com/on-the-issues/2026/05/19/disrupting-fox-tempest-a-cybercrime-service/
    https://www.proofpoint.com/us/blog/threat-insight/disruption-targets-tycoon-2fa-popular-aitm-phaas

    For more information about Proofpoint, check out our website.
     

    Subscribe & Follow:
    Stay ahead of emerging threats, and subscribe! Happy hunting!
  • DISCARDED: Tales From the Threat Research Trenches

    Diving Into the DBIR: Vulnerabilities, AI, and Supply Chain

    09/06/2026 | 1h 5 mins.
    Send us fan mail!
    Hello to all our Cyber Pals!
    Host Selena Larson is joined by guest host Sarah Sabotka as they chat with returning guest: Alex Pinto, Associate Director of Threat Intelligence at Verizon Business, and the architect behind the Verizon Data Breach Investigations Report. 
    Alex joins hosts Selena Larson and Sarah Sabatka to break down the most important findings from this year's report — and there's a lot to unpack.
    From vulnerabilities overtaking credential abuse as the leading initial access vector, to the sobering reality that organizations are patching more but getting worse outcomes, this year's DBIR paints a complex picture of a threat landscape under pressure. The team also digs into the rise of pretexting and voice-based social engineering, what the data actually says about GenAI and threat actors (spoiler: mostly reinventing the wheel — for now), and why third-party and supply chain compromises are quietly becoming one of the biggest stories in security.
    They discuss:
    The VERIS framework and why standardization in threat intelligence matters
    Ransomware taxonomy, data extortion, and why classification is still a headache
    Pretexting vs. phishing — and why they require completely different defenses
    Vulnerability exploitation as the new number one initial access vector
    Patching capacity and why outcomes are getting worse despite more effort
    What the DBIR data actually shows about GenAI usage by threat actors
    Third-party and supply chain breaches — up 60% year over year
    Shadow AI and the emerging DLP problem no one's fully ready for
    A sneak peek at Verizon's upcoming cost-of-a-data-breach report
    The DBIR drops once a year — make sure you're getting the most out of it with this breakdown straight from the source, all 121 nutritious, fiber-rich pages of it.

    Resources Mentioned:
    2026 DBIR

    For more information about Proofpoint, check out our website.

    Subscribe & Follow:
    Stay ahead of emerging threats, and subscribe! Happy hunting!
  • DISCARDED: Tales From the Threat Research Trenches

    "Always Intentional": A CISO's Pragmatic Take on the Agentic Era

    27/05/2026 | 46 mins.
    Send us fan mail!
    What does it actually look like to bring AI into a threat intelligence program at one of the internet's most iconic companies?

    Hello to all our Cyber Pals!
    Host Selena Larson is joined by guest host, Sarah Sabotka as they chat with Sean Zadig, Chief Information Security Officer (and "Chief Paranoid") at Yahoo, for a candid conversation about the evolving intersection of AI and cybersecurity.
    Sean shares how Yahoo's security team, the Paranoids, is navigating the agentic AI transformation: from running a company-wide "skill-a-thon" to get every team member building Claude-powered tools, to rethinking legacy infrastructure from the ground up. He also opens up about what keeps him up at night; including the looming threat of AI-powered exploit frameworks like Mythos, the growing signal-to-noise problem in threat intel feeds, and the very real risk of analyst burnout as the pace of the industry accelerates.
    But Sean's outlook is surprisingly optimistic. He argues that defenders have a home-field advantage, that the best code ever written is just 12–18 months away, and that the goal of AI in security shouldn't be doing more with fewer people–it should be building more resilient teams.

    For more information about Proofpoint, check out our website.
     

    Subscribe & Follow:
    Stay ahead of emerging threats, and subscribe! Happy hunting!
  • DISCARDED: Tales From the Threat Research Trenches

    A Device Code Explosion: The New Era of AI-Enabled Phishing

    12/05/2026 | 53 mins.
    Send us fan mail!
    Hello to all our Cyber Sunbeams!
    Host Selena Larson is joined by guest host, Sarah Sabotka as they chat with Jake Gionet to unpack one of the fastest-growing threats in today’s cyber landscape: device code phishing.
    What started as a niche technique used in red team exercises has quickly evolved into a widely adopted method for account takeover—fueled by publicly available phishing kits and accelerated by AI-assisted tooling. The trio breaks down how device code phishing works, why it’s suddenly everywhere, and how attackers are exploiting legitimate authentication flows to bypass traditional defenses.
    They also explore the rise of “phishing-as-a-service” platforms like Evil Tokens, the surprising lack of sophistication behind many campaigns, and how AI is both enabling attackers and exposing their mistakes. Along the way, they dig into real-world examples, threat actor missteps, and the blurry line between innovation and imitation in cybercrime.
    If you’ve been hearing the buzz around device code phishing and want a clear, grounded explanation—without the hype—this episode delivers. Plus, practical insights on what defenders should actually focus on as these techniques continue to evolve.
    Resources Mentioned:
    https://www.proofpoint.com/us/blog/threat-insight/access-granted-phishing-device-code-authorization-account-takeover
    https://www.proofpoint.com/us/blog/threat-insight/access-granted-phishing-device-code-authorization-account-takeover

    For more information about Proofpoint, check out our website.
     
    Subscribe & Follow:
    Stay ahead of emerging threats, and subscribe! Happy hunting!
More Technology podcasts
About DISCARDED: Tales From the Threat Research Trenches
DISCARDED: Tales from the Threat Research Trenches is a podcast for security practitioners, intelligence analysts, and threat hunters looking to learn more about the threat behaviors and attack patterns. Each episode you’ll hear real world insights from our researchers about the latest trends in malware, threat actors, TTPs, and more.Welcome to DISCARDED
Podcast website

Listen to DISCARDED: Tales From the Threat Research Trenches, All-In with Chamath, Jason, Sacks & Friedberg and many other podcasts from around the world with the radio.net app

Get the free radio.net app

  • Stations and podcasts to bookmark
  • Stream via Wi-Fi or Bluetooth
  • Supports Carplay & Android Auto
  • Many other app features
DISCARDED: Tales From the Threat Research Trenches: Podcasts in Family