ReliaQuest

ShadowTalk: Powered by ReliaQuest

News EN ↓ 481 episodes

Want to hear what industry experts really think about the cyber threats they face? ShadowTalk is a weekly cybersecurity podcast, made by practitioners for practitioners, featuring analytical insights on the latest cybersecurity news and threat research. Threat Intelligence Analyst John Dilgen brings extensive expertise in cyber threat intelligence and incident response, specializing in researching threats impacting ReliaQuest customers. John and his guests provide practical perspectives on the week’s top cybersecurity news and share knowledge and best practices to help businesses mitigate the...

Author

ReliaQuest

Category

News

Podcast website

reliaquest.com

Latest episode

Jul 8, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Inside Conti's Leaked Chats: 300,000 Messages, a Criminal Empire, and the Ransomware Playbook Still Running Today 08.07.2026

When 300,000 internal messages from the world's most prolific ransomware gang were leaked, they exposed more then a shadowy underground network, a full company. HR departments. Conti operated with the structure of a mid-sized software firm, and that changes how defenders need to think about the ransomware landscape today. Join host John and special guest Geoff White , journalist and author of...

How Hackers Are Using AI Right Now: Faster Attacks, Smarter Malware, and a New Arms Race 01.07.2026

AI is not replacing threat actors, instead it is making them faster, cheaper, and harder to stop. From AI powered phishing campaigns generating thousands of pages simultaneously, to a newly discovered macOS implant called Gaslight that injects fabricated system error messages into AI powered triage pipelines, the arms race between attackers and defenders is accelerating. The question is not whethe...

Klue, Kali365, OAuth: When the Front Door Is a Trusted Integration 24.06.2026

In the Klue compromises threat actors walked in through a trusted integration, using legitimate credentials to quietly siphon Salesforce CRM data at scale. The challenge isn't just responding to Klue. It's recognizing that every OAuth-connected integration in your environment is part of your attack surface. Join hosts Alexandra and John as they discuss: How compromised Klue integrations...

ShinyHunters' Expanding Toolkit: Oracle PeopleSoft Zero-Day Exploitation and the BreachForums Defense Gaps 17.06.2026

ShinyHunters dominated headlines this week: a zero-day, a BreachForums listing, and unverified claims all hitting at once. The problem isn't just keeping up with the volume. It's knowing which of it is real, which is noise, and what your team actually needs to act on. Join hosts Tehman and John as they discuss: ShinyHunters zero-day exploitation of CVE-2026-35273 Why a BreachForums listi...

China-Linked Cyber Espionage: How OP-512 Exploited Legacy IIS Servers and Evaded Detection 10.06.2026

Your team built defenses around known China-linked clusters. The file hashes are tracked. The behavioral patterns are documented. What those weren't built to catch is a new cluster that studied those exact defenses and engineered around them. A China-linked attacker compromised an internet-facing IIS server, maintained access for over 75 days, and came back on fresh infrastructure. With four...

SonicWall, MFA Bypass, IABs: Why Patched Devices Are Still Handing Attackers Initial Access 03.06.2026

Your team patches the device. The firmware version matches the advisory. The ticket closes. The device comes off the remediation queue. What your workflow never tracked is that the advisory also required six manual LDAP configuration steps — and without them, the authentication bypass still works. An initial access broker authenticated through the VPN, reached a domain-joined file server, and was...

Device Code, OAuth, PhaaS: How Session Token Theft is Breaking the Phishing Playbook 27.05.2026

Your user clicked a link, landed on a real Microsoft login page, typed their password, completed MFA, and walked away thinking nothing happened. Somewhere across the internet, an attacker's device just received an authenticated session token. The password is irrelevant. The MFA prompt already fired and passed. With PhaaS platforms now converging on token-theft tradecraft and post-compromise a...

SQLite, Mistral, OpenAI: How AI Attacks Are Reshaping the Attack Surface 20.05.2026

What happens when an AI agent uncovers a zero-day in hours instead of weeks, and state-backed groups are already operationalizing the same tools? With self-hosted AI infrastructure sprawling outside asset registers and supply chain worms reaching inside AI vendors themselves, defenders need a new operating model. Join hosts Tehman and John as they discuss:  How an AI agent surfaced a memory-safety...

Canvas, Trellix, Mini Shai-Hulud: How Defenders Respond When Supply Chain Attacks Become Weekly 14.05.2026

What's driving the surge in weekly supply chain attacks, and why does the real defender problem start after the supplier gets hit? With 275 million records exposed and 8,809 institutions caught in the downstream fallout, organizations need a new playbook. Join hosts Alexandra and John as they discuss: How ShinyHunters abused admin sessions RansomHouse's hypervisor-focused automation How...

Akira, ShinyHunters, and The Gentlemen: Extortion Lessons From Early 2026 06.05.2026

What factors have driven the top ransomware and extortion groups' success in early 2026? And how should organizations structure their defenses to protect against them? Join hosts Alexandra and John as they discuss: How Akira is exploiting unknown assets inherited through M&A Why ShinyHunters' vishing and SaaS misconfiguration models work How The Gentlemen grew 588% quarter-over-quart...

What Happened to Black Basta's Playbook? The Automated Teams Phishing Threat Hitting Executives 29.04.2026

Black Basta disbanded in February 2025, but their playbook didn't go with them. In March 2026, 77% of observed incidents targeted executives and directors, and attackers moved from first contact to malicious script execution in as little as 12 minutes. The tactic has been automated, refined, and is now running faster than most SOCs can respond.  Join hosts Alexandra and John as they discuss:...

Did ShinyHunters Compromise Vercel? Every CISO's Cloud Security Visibility Problem 22.04.2026

89% of organizations that suffered a SaaS breach last year believed they had appropriate visibility. They had the logs — what they lacked was detection on what mattered. The Vercel incident shows exactly how costly that gap can be.  Join hosts Brandon and John as they discuss: How a third-party OAuth chain may have exposed Vercel's internal data Why SaaS visibility gaps leave organizations ex...

What Claude Mythos Means for Organizations 15.04.2026

Resources: https://linktr.ee/ReliaQuestShadowTalk Join hosts John and Alex, alongside special guest and ReliaQuest CTO Joe Partlow, as they discuss: How Claude Mythos autonomously generated exploits Why AI is accelerating CVE volume Defense strategies organizations need now Joe Partlow: CTO of ReliaQuest, a leading Information Security provider and is currently involved with new product initiative...

Axios and Trivy — Supply Chain Gaps Organizations Must Fix 08.04.2026

Resources: https://linktr.ee/ReliaQuestShadowTalk Join hosts John and Tehman as they break down two of the most consequential supply chain attacks of 2026: How DPRK actors socially engineered a NPM maintainer Why hijacked GitHub versions are a CI/CD wake-up call The three gaps every security team needs to close John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in r...

Faster, Smarter, and Already Escalated — What It Takes to Defend Against the Modern Threat Landscape 01.04.2026

Resources: https://linktr.ee/ReliaQuestShadowTalk Join hosts Alexandra and John, live from Exponent 2026, alongside top security leaders as they discuss: How organizations keep pace with attackers Why one in four incidents starts with social engineering How automated response is helping organizations Chris Thompson: CISO of Caris Life Sciences, a leading, next-generation AI TechBio company and pre...

The Invisible Attack Surface: Iran-Aligned Threat Actors and Corporate Blind Spots 25.03.2026

Resources: https://linktr.ee/ReliaQuestShadowTalk Join hosts Brandon and John as they discuss: How Handala wiped 200,000 devices by weaponizing a trusted platform Why your organization doesn't need to be a direct target to be at risk How AI-enhanced malware is helping attackers get faster John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber t...

The 2026 Annual Threat Report Breakdown, Part 3: The Long Game — Nation-State Threats & What's Coming in 2026 18.03.2026

Resources: https://linktr.ee/ReliaQuestShadowTalk Join hosts John and Alex as they discuss: How a Chinese APT maintained access for over a year Why North Korean impersonation surged 116% Why attackers exploit the same foundational gaps John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong techni...

The 2026 Annual Threat Report Breakdown, Part 2 — Once They're In: Post-Compromise Tactics, Ransomware & Exfiltration 11.03.2026

Resources: https://linktr.ee/ReliaQuestShadowTalk Join hosts Tehman and John as they discuss: Why ransomware now prioritizes exfiltration over encryption  How attackers can exfiltrate your data in just 6 minutes Why proactive darkweb monitoring is critical John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers....

The 2026 Annual Threat Report Breakdown, Part 1 — How AI Contributes to Attacker Speed, and the Malware That's Winning 04.03.2026

Resources: https://linktr.ee/ReliaQuestShadowTalk Join hosts Brandon and John as they discuss: How attacker breakout times dropped to as little as 4 minutes  Why ClickFix surged 200% Why behavioral detection is critical John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background,...

Malware Isn't Required—How Ransomware Groups Turn Legitimate RMMs Into a Weapon 25.02.2026

Resources: https://linktr.ee/ReliaQuestShadowTalk Join hosts John and Tehman as they discuss: What attackers prefer over custom malware How signature-based detection fails Proactive governance vs. reactive triage John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he prev...

Ransomware vs. Exfiltration-Only—The Extortion Model Showdown 18.02.2026

Resources: https://linktr.ee/ReliaQuestShadowTalk Join hosts Brandon and John as they discuss: Why extortion payment rates are the lowest ever Organizations paying ransomware but refusing data extortion demands Why defenders need both visibility and speed John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers....

Patch Management Is Losing—The Case for Predictive Vulnerability Defense 11.02.2026

Resources: https://linktr.ee/ReliaQuestShadowTalk Join hosts Brandon and John as they discuss: Why traditional patch cycles can't beat attackers exploiting vulnerabilities in 24 hours The shift from reactive patching to predictive intelligence using EPSS and CISA KEV How to defend against zero-days when patching isn't an option John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest...

Beyond Phishing Emails—Social Engineering Drives Initial Access 04.02.2026

Resources: https://linktr.ee/ReliaQuestShadowTalk Join hosts John and Tehman as they discuss: Why phishing emails are no longer the top malware delivery method Emerging social engineering tactics: vishing, copy and paste abuse, and software impersonation How campaigns have evolved from Black Basta to ShinyHunters John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in...

Malicious AI—The New Face of Cyber Threats 28.01.2026

Resources: https://linktr.ee/ReliaQuestShadowTalk John and Tehman as they discuss: How AI is enabling large-scale, high-speed attacks Nation-states weaponizing AI for attack automation The rise of sophisticated AI-generated malware John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical...

Maintainer Compromise: The Next Supply-Chain Attack Vector in 2026 21.01.2026

Resources: https://linktr.ee/ReliaQuestShadowTalk Join hosts Brandon and John as they discuss: How supply-chain attacks evolved Campaigns targeting NPM package maintainers Actionable defense strategies Brandon Tirado : Director of Threat Research for ReliaQuest. A skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of advers...

Listen to the ShadowTalk: Powered by ReliaQuest podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.