Reimagining Cyber - real world perspectives on cybersecurity

Scattered Spider has become one of the most disruptive cybercrime groups in the world—not because of advanced malware or zero-day exploits, but because of its mastery of social engineering and identity attacks.
In this episode, Tyler Moffitt explores how the group is evolving its tactics. Rather than targeting organizations at random, Scattered Spider appears to be moving industry by industry, reusing successful playbooks across sectors including casinos, retail, insurance, and airlines. Once they understand how one organization handles identity verification, help desk requests, and MFA resets, they can apply those same techniques across an entire industry.
Tyler reveals:
How Scattered Spider rose to prominence through high-profile attacks
Why identity has become the primary attack surface
The shift from software vulnerabilities to business process vulnerabilities
How attackers exploit trust, urgency, and help desk workflows
Why industry-specific attack campaigns are so effective
What organizations of all sizes can do to defend against identity-based threats
The key takeaway: modern attackers don't always need to hack their way in—they can simply convince someone to open the door. As Scattered Spider continues to refine its approach, organizations must rethink not just how they secure systems, but how they verify trust.
Identity is the new perimeter—and Scattered Spider may be proving it better than anyone else.
As featured on Million Podcasts' 
Best 100 Cybersecurity Podcasts  
Top 50 Chief Information Security Officer CISO Podcasts 
Top 70 Security Hacking Podcasts
This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best!
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

ClickFix is a fast-growing social engineering technique appearing in malware campaigns, compromised websites, fake CAPTCHA prompts, and browser verification scams. 
In this episode Tyler Moffitt explains how attackers compromise legitimate sites by exploiting unpatched CMS or plugins, inject malicious JavaScript, and then trick visitors into “verifying” by opening Run/PowerShell and pasting a preloaded command that downloads malware, leading to info stealers and potentially ransomware. 
ClickFix is effective because it leverages trusted brands, bypasses traditional phishing defenses, scales via high-traffic sites, and is increasingly polished through AI. They connect this to the shrinking “patch window,” emphasizing rapid patching, reducing internet exposure, monitoring website integrity, updating user training to avoid pasting commands, and layering defenses like EDR/MDR and DNS filtering.
As featured on Million Podcasts' 
Best 100 Cybersecurity Podcasts  
Top 50 Chief Information Security Officer CISO Podcasts 
Top 70 Security Hacking Podcasts
This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best!
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

The 2026 Verizon DBIR is here — and one finding changes the conversation around cyber risk.
For years, the industry has focused on identity as the primary attack surface. But according to the latest Data Breach Investigations Report, vulnerability exploitation has now overtaken credential abuse as the most common initial access vector in breaches.
In this episode of Reimagining Cyber, Tyler Moffitt breaks down what the report really means for defenders, MSPs, and SMBs. He explores why attackers are moving faster than patch cycles, how AI is accelerating both exploitation and phishing, and why “identity vs. patching” is the wrong debate.
He also unpacks:
Why vulnerability exploitation surged to the top attack vector
How AI is compressing the timeline from disclosure to attack
Why ransomware still dominates breach outcomes
The growing role of third-party and supply-chain risk
Why SMBs struggle most with patch management and visibility
Practical steps organizations should prioritize right now
What MSPs should be telling customers after this year’s DBIR
Key takeaway:
“Identity is the new perimeter, but vulnerability management is still the unlocked window.”
If you work in cybersecurity, IT, risk management, or support SMB environments, this episode delivers practical insight into where attackers are succeeding — and what organizations need to do next.
#CyberSecurity #DBIR #Ransomware #PatchManagement #IdentitySecurity #AI #MSP #CyberRisk #VerizonDBIR #Infosec
As featured on Million Podcasts' 
Best 100 Cybersecurity Podcasts  
Top 50 Chief Information Security Officer CISO Podcasts 
Top 70 Security Hacking Podcasts
This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best!
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

Google says it may have uncovered the first real-world case of threat actors using AI assistance during zero-day exploit development — but is this truly a cybersecurity turning point, or another overhyped AI headline?
In this episode of Reimagining Cyber, Tyler Moffitt unpacks what actually happened, what Google discovered, and why the reality is both less dramatic — and potentially more dangerous — than the headlines suggest.
Tyler looks at how AI is accelerating exploit research, lowering the barrier for mid-tier cybercriminals, and compressing the timeline between vulnerability discovery and active attacks. He explains why this isn’t “Skynet for hackers,” but rather AI acting as a force multiplier that makes attackers faster, cheaper, and more scalable.
The conversation also covers:
How AI-assisted exploit development really works
Why hallucinated code and fake vulnerability references tipped Google off
The growing “AI vs AI” battle between attackers and defenders
Why patching delays remain one of the biggest security risks
How identity security, MFA, and layered defenses still matter most
Whether this moment could become cybersecurity’s next major turning point
If you’ve been wondering whether AI is truly changing the threat landscape — or just accelerating the one we already have — this episode breaks it down clearly and practically.
As featured on Million Podcasts' 
Best 100 Cybersecurity Podcasts  
Top 50 Chief Information Security Officer CISO Podcasts 
Top 70 Security Hacking Podcasts
This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best!
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

In this episode of Reimagining Cyber, host Rob Aragao sits down with MK Palmore to explore why small and medium-sized businesses are becoming prime targets for cyberattacks — and why traditional enterprise security models often fail them.
Drawing on more than three decades of experience across the FBI and Fortune 500 leadership roles, MK shares how SMBs can rethink cybersecurity through a more scalable, cost-effective “fractional CISO” approach. The conversation covers the biggest mistakes growing companies make, why reactive security strategies create long-term risk, and how organizations can build security maturity without enterprise-sized budgets.
Rob and MK also discuss:
Why SMBs are disproportionately impacted by cyber threats
The pitfalls of trying to replicate Fortune 100 security teams
How fractional cybersecurity leadership accelerates growth and resilience
The importance of embedding security early in product development
How AI agents could transform cybersecurity operations and compliance in the years ahead
A practical and forward-looking conversation for business leaders, security practitioners, and growing organizations navigating today’s evolving cyber landscape.
As featured on Million Podcasts' 
Best 100 Cybersecurity Podcasts  
Top 50 Chief Information Security Officer CISO Podcasts 
Top 70 Security Hacking Podcasts
This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best!
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com