ShadowTalk: Powered by ReliaQuest

Your team built defenses around known China-linked clusters. The file hashes are tracked. The behavioral patterns are documented. What those weren't built to catch is a new cluster that studied those exact defenses and engineered around them. A China-linked attacker compromised an internet-facing IIS server, maintained access for over 75 days, and came back on fresh infrastructure.With four China-linked clusters converging on the same legacy IIS stack in twelve months, defenders building detection programs around yesterday's cluster are already behind the next one.Join hosts Alex and John as they discuss:How OP-512 engineered its tooling to evade defensesWhy killing a malicious process is incompleteWhat advantage cross-source correlation providesTwo questions your organization should be asking right now:When your detection sources each generate a separate low-confidence signal from the same host, does anything in your current workflow correlate those signals automatically?Do you have internet-facing IIS servers running end-of-life .NET in your environment, and does your vulnerability-management workflow prioritize correctly?Resources: https://linktr.ee/ReliaQuestShadowTalkAlexandra Moore: Manager of Threat Intelligence at ReliaQuest, where she leads intelligence analysis and customer dissemination to help organizations understand and respond to emerging cyber threats. Prior to this, she established and scaled monitoring across Russian-language cybercriminal platforms at Digital Shadows, building collection and analytical coverage to support digital risk protection capabilities.John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Your team patches the device. The firmware version matches the advisory. The ticket closes. The device comes off the remediation queue. What your workflow never tracked is that the advisory also required six manual LDAP configuration steps — and without them, the authentication bypass still works. An initial access broker authenticated through the VPN, reached a domain-joined file server, and was gone in under 40 minutes. Your dashboard still showed a clean queue.With initial access brokers operating on disciplined, sub-hour timelines and patch-management workflows built around a single completion step, defenders are closing tickets on devices that are still wide open.Join hosts Tehman and John as they discuss:How a firmware update can still leave a device fully exploitableHow initial access brokers progressed their attack in under 40 minutesWhy teams that prioritize from a single vulnerability score alone are behind Two questions your organization should be asking right now:Does your patch-management workflow include a separate item for post-patch manual configuration requirements?When CISA, NVD, and the vendor publish different CVSS scores for the same CVE, does your vulnerability-management policy specify which authority takes precedence — and does it supplement static scoring with a dynamic signal like EPSS? Tune in for expert insights, practical takeaways, and the full threat report: https://linktr.ee/ReliaQuestShadowTalkTehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has spent a majority of my career leading our Incident Response, Security Architecture, and Detection teams. As well has working hand in hand with CISOs to introduce automation allowing for the maturity of their security programs.John Dilgen: John Dilgen is a Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest. 

Your user clicked a link, landed on a real Microsoft login page, typed their password, completed MFA, and walked away thinking nothing happened. Somewhere across the internet, an attacker's device just received an authenticated session token. The password is irrelevant. The MFA prompt already fired and passed. With PhaaS platforms now converging on token-theft tradecraft and post-compromise automation executing in seconds, defenders are racing a scripted attacker with a manual playbook.Join hosts Brandon and John as they discuss:How device code phishing uses real authentication infrastructure to capture valid session tokensHow one campaign hit 35,000+ users across 13,000+ organizations in 26 countriesWhy rogue device registrations complete before the average analyst reads the alert Two questions your organization should be asking right now:Has your Conditional Access policy been reviewed specifically for device code grant flows, not whether CA policies exist, but whether they cover the OAuth flows that session-token theft actually exploits?When a phishing confirmation fires, how many manual steps stand between that alert and full token revocation with rogue device deregistration, and is that response faster than the attacker's automation?Resources: https://linktr.ee/ReliaQuestShadowTalkBrandon Tirado: Director of GreyMatter Operations for ReliaQuest. A skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of adversary motives and the tactics, techniques, and procedures (TTPs) they use to achieve their goals, Brandon enjoys operationalizing his knowledge to make it more difficult for adversaries to operate within the environments of ReliaQuest customers. His managerial and hands-on experience enriches ShadowTalk with practical and strategic viewpoints. John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

What happens when an AI agent uncovers a zero-day in hours instead of weeks, and state-backed groups are already operationalizing the same tools? With self-hosted AI infrastructure sprawling outside asset registers and supply chain worms reaching inside AI vendors themselves, defenders need a new operating model.Join hosts Tehman and John as they discuss: How an AI agent surfaced a memory-safety zero-day in SQLiteHow Mini Shai-Hulud reached Mistral AI and OpenAI devicesWhy the intel-to-action chain still runs at multi-day tempoTwo questions your organization should be asking right now:Do you have visibility into the shadow AI infrastructure, self-hosted models, and inference endpoints sitting unauthenticated on your network?When high-confidence intel lands, what's your median time from "advisory published" to "response action executed"?Resources: https://linktr.ee/ReliaQuestShadowTalkJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Tehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has spent a majority of my career leading our Incident Response, Security Architecture, and Detection teams. As well has working hand in hand with CISOs to introduce automation allowing for the maturity of their security programs.

What's driving the surge in weekly supply chain attacks, and why does the real defender problem start after the supplier gets hit? With 275 million records exposed and 8,809 institutions caught in the downstream fallout, organizations need a new playbook.Join hosts Alexandra and John as they discuss:How ShinyHunters abused admin sessionsRansomHouse's hypervisor-focused automationHow Mini Shai-Hulud compromised 170+ npm packages Two questions your organization should be asking right now:Do you have visibility into how trusted vendors authenticate, export, and move your data through native platform features?Are your software pipelines protected against poisoned packages and unauthorized publishing activity in real time?Resources: https://linktr.ee/ReliaQuestShadowTalkJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Alexandra Moore: Manager of Threat Intelligence at ReliaQuest, where she leads intelligence analysis and customer dissemination to help organizations understand and respond to emerging cyber threats. Prior to this, she established and scaled monitoring across Russian-language cybercriminal platforms at Digital Shadows, building collection and analytical coverage to support digital risk protection capabilities.

What factors have driven the top ransomware and extortion groups' success in early 2026? And how should organizations structure their defenses to protect against them?Join hosts Alexandra and John as they discuss:How Akira is exploiting unknown assets inherited through M&AWhy ShinyHunters' vishing and SaaS misconfiguration models workHow The Gentlemen grew 588% quarter-over-quarter Two questions your organization should be asking right now:Have you run a full asset discovery sweep on every environment inherited through acquisition in the last few years?Do you have automated containment rules in place for anomalous MFA device enrollment and EDR-killing behavior?Resources: https://linktr.ee/ReliaQuestShadowTalkJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Alexandra Moore: Manager of Threat Intelligence at ReliaQuest, where she leads intelligence analysis and customer dissemination to help organizations understand and respond to emerging cyber threats. Prior to this, she established and scaled monitoring across Russian-language cybercriminal platforms at Digital Shadows, building collection and analytical coverage to support digital risk protection capabilities.

Black Basta disbanded in February 2025, but their playbook didn't go with them. In March 2026, 77% of observed incidents targeted executives and directors, and attackers moved from first contact to malicious script execution in as little as 12 minutes. The tactic has been automated, refined, and is now running faster than most SOCs can respond. Join hosts Alexandra and John as they discuss:How attackers leverage Microsoft Teams phishing to target high-privilege accounts with alarming speedWhy automation is compressing attack timelines and sharpening target selectionThe controls that can stop it, from help desk verification to automated containment workflows Two questions your organization should be asking right now:When IT requests remote access to a senior leader's endpoint, is identity verified through a channel separate from the one the request came from?Do your highest-privilege accounts have dedicated automated containment workflows — or are they the gap in your response playbook?Resources: https://linktr.ee/ReliaQuestShadowTalkJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Alexandra Moore: Manager of Threat Intelligence at ReliaQuest, where she leads intelligence analysis and customer dissemination to help organizations understand and respond to emerging cyber threats. Prior to this, she established and scaled monitoring across Russian-language cybercriminal platforms at Digital Shadows, building collection and analytical coverage to support digital risk protection capabilities.

89% of organizations that suffered a SaaS breach last year believed they had appropriate visibility. They had the logs — what they lacked was detection on what mattered. The Vercel incident shows exactly how costly that gap can be. Join hosts Brandon and John as they discuss:How a third-party OAuth chain may have exposed Vercel's internal dataWhy SaaS visibility gaps leave organizations exposedThe controls that can break the attackResources: https://linktr.ee/ReliaQuestShadowTalkJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Brandon Tirado: Director of GreyMatter Operations for ReliaQuest. Brandon is a skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of adversary motives and the tactics, techniques, and procedures (TTPs) they use to achieve their goals, Brandon enjoys operationalizing his knowledge to make it more difficult for adversaries to operate within the environments of ReliaQuest customers. His managerial and hands-on experience enriches ShadowTalk with practical and strategic viewpoints. 

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts John and Alex, alongside special guest and ReliaQuest CTO Joe Partlow, as they discuss:How Claude Mythos autonomously generated exploitsWhy AI is accelerating CVE volumeDefense strategies organizations need nowJoe Partlow: CTO of ReliaQuest, a leading Information Security provider and is currently involved with new product initiatives along with research and development efforts. Joe has been involved the Information Security field for over 30 years, in both the defensive side and offensive capabilities. Current projects include data ingestion/analytics at scale, DFIR automation and generative AI. He is also a regular speaker and contributor at security conferences, groups and associations. Joe has a degree in Computer Information Systems and holds many industry-specific certificationsJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Alexandra Moore: Manager of Threat Intelligence at ReliaQuest, where she leads intelligence analysis and customer dissemination to help organizations understand and respond to emerging cyber threats. Prior to this, she established and scaled monitoring across Russian-language cybercriminal platforms at Digital Shadows, building collection and analytical coverage to support digital risk protection capabilities.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts John and Tehman as they break down two of the most consequential supply chain attacks of 2026:How DPRK actors socially engineered a NPM maintainerWhy hijacked GitHub versions are a CI/CD wake-up callThe three gaps every security team needs to closeJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Tehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has spent a majority of my career leading our Incident Response, Security Architecture, and Detection teams. As well has working hand in hand with CISOs to introduce automation allowing for the maturity of their security programs.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Alexandra and John, live from Exponent 2026, alongside top security leaders as they discuss:How organizations keep pace with attackersWhy one in four incidents starts with social engineeringHow automated response is helping organizationsChris Thompson: CISO of Caris Life Sciences, a leading, next-generation AI TechBio company and precision medicine pioneer.  Chris is a retired Federal Agent having most recently led the North Texas Cyber Task Force for the FBI and was an operator on the FBI Cyber Action Team.Michael Andreano: Sr. Director of Information Security at Hikma Pharmaceuticals, leading their global information security team.  He has over 30 years experience in the healthcare and hospitality industries with roles of increasing responsibility at Merck, Wyndham Hotels, Olympus, Syneos Health, and now Hikma the past four years.  He also is part of the Evanta C-Suite Information Security Community where he serves as a Governing Body member and active in his local Cloud Security Alliance chapter in Lehigh Valley, Pennsylvania. John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Alexandra Moore: Manager of Threat Intelligence at ReliaQuest, where she leads intelligence analysis and customer dissemination to help organizations understand and respond to emerging cyber threats. Prior to this, she established and scaled monitoring across Russian-language cybercriminal platforms at Digital Shadows, building collection and analytical coverage to support digital risk protection capabilities.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Brandon and John as they discuss:How Handala wiped 200,000 devices by weaponizing a trusted platformWhy your organization doesn't need to be a direct target to be at riskHow AI-enhanced malware is helping attackers get fasterJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Brandon Tirado: Brandon Tirado is the Director of GreyMatter Operations for ReliaQuest. Brandon is a skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of adversary motives and the tactics, techniques, and procedures (TTPs) they use to achieve their goals, Brandon enjoys operationalizing his knowledge to make it more difficult for adversaries to operate within the environments of ReliaQuest customers. His managerial and hands-on experience enriches ShadowTalk with practical and strategic viewpoints. 

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts John and Alex as they discuss:How a Chinese APT maintained access for over a yearWhy North Korean impersonation surged 116%Why attackers exploit the same foundational gapsJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Alexander Capraro: Alexander Capraro is a Cyber Threat Intelligence Analyst at ReliaQuest with over five years of experience in cybersecurity. With his prior experience as a Security Analyst, he specializes in incident response, malware campaign tracking, and OSINT investigations. 

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Tehman and John as they discuss:Why ransomware now prioritizes exfiltration over encryption How attackers can exfiltrate your data in just 6 minutesWhy proactive darkweb monitoring is criticalJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Tehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has spent a majority of my career leading our Incident Response, Security Architecture, and Detection teams. As well has working hand in hand with CISOs to introduce automation allowing for the maturity of their security programs.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Brandon and John as they discuss:How attacker breakout times dropped to as little as 4 minutes Why ClickFix surged 200%Why behavioral detection is criticalJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Brandon Tirado: Director of Threat Research for ReliaQuest. A skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of adversary motives and the tactics, techniques, and procedures (TTPs) they use to achieve their goals, Brandon enjoys operationalizing his knowledge to make it more difficult for adversaries to operate within the environments of ReliaQuest customers. His managerial and hands-on experience enriches ShadowTalk with practical and strategic viewpoints.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts John and Tehman as they discuss:What attackers prefer over custom malwareHow signature-based detection failsProactive governance vs. reactive triageJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Tehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has spent a majority of my career leading our Incident Response, Security Architecture, and Detection teams. As well has working hand in hand with CISOs to introduce automation allowing for the maturity of their security programs.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Brandon and John as they discuss:Why extortion payment rates are the lowest everOrganizations paying ransomware but refusing data extortion demandsWhy defenders need both visibility and speedJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Brandon Tirado: Director of Threat Research for ReliaQuest. A skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of adversary motives and the tactics, techniques, and procedures (TTPs) they use to achieve their goals, Brandon enjoys operationalizing his knowledge to make it more difficult for adversaries to operate within the environments of ReliaQuest customers. His managerial and hands-on experience enriches ShadowTalk with practical and strategic viewpoints.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Brandon and John as they discuss:Why traditional patch cycles can't beat attackers exploiting vulnerabilities in 24 hoursThe shift from reactive patching to predictive intelligence using EPSS and CISA KEVHow to defend against zero-days when patching isn't an optionJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Brandon Tirado: Director of Threat Research for ReliaQuest. A skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of adversary motives and the tactics, techniques, and procedures (TTPs) they use to achieve their goals, Brandon enjoys operationalizing his knowledge to make it more difficult for adversaries to operate within the environments of ReliaQuest customers. His managerial and hands-on experience enriches ShadowTalk with practical and strategic viewpoints.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts John and Tehman as they discuss:Why phishing emails are no longer the top malware delivery methodEmerging social engineering tactics: vishing, copy and paste abuse, and software impersonationHow campaigns have evolved from Black Basta to ShinyHuntersJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Tehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has spent a majority of my career leading our Incident Response, Security Architecture, and Detection teams. As well has working hand in hand with CISOs to introduce automation allowing for the maturity of their security programs.

Resources: https://linktr.ee/ReliaQuestShadowTalkJohn and Tehman as they discuss:How AI is enabling large-scale, high-speed attacksNation-states weaponizing AI for attack automationThe rise of sophisticated AI-generated malwareJohn Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Tehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has spent a majority of my career leading our Incident Response, Security Architecture, and Detection teams. As well has working hand in hand with CISOs to introduce automation allowing for the maturity of their security programs.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Brandon and John as they discuss:How supply-chain attacks evolvedCampaigns targeting NPM package maintainersActionable defense strategiesBrandon Tirado: Director of Threat Research for ReliaQuest. A skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of adversary motives and the tactics, techniques, and procedures (TTPs) they use to achieve their goals, Brandon enjoys operationalizing his knowledge to make it more difficult for adversaries to operate within the environments of ReliaQuest customers. His managerial and hands-on experience enriches ShadowTalk with practical and strategic viewpoints.John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Brandon and Tehman as they discuss:The resurgence of LockBit 5.0 and its December 2025 surge in named organizationsHow top ransomware groups like Qilin, Akira, and Clop dominated in 2025.Actionable defense strategies for organizations to proactively combat ransomware in 2026Brandon Tirado: Director of Threat Research for ReliaQuest. Brandon is a skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of adversary motives and the tactics, techniques, and procedures (TTPs) they use to achieve their goals, Brandon enjoys operationalizing his knowledge to make it more difficult for adversaries to operate within the environments of ReliaQuest customers. His managerial and hands-on experience enriches ShadowTalk with practical and strategic viewpoints.Tehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has spent a majority of my career leading our Incident Response, Security Architecture, and Detection teams. As well has working hand in hand with CISOs to introduce automation allowing for the maturity of their security programs.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin host John and intelligence analyst Ivan as they discuss:React2Shell Exploits Flood the Internet as Attacks Continue (1:06)ClickFix Style Attack Leveraging Grok and ChatGPT for Malware Delivery (7:39)New ConsentFix Attack Hijacking Microsoft Accounts via Azure CLI (13:50)Holiday Season Attack Risks: Phishing, Ransomware, and Defense Recommendations (18:22)John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Ivan Righi: Threat Intelligence Analyst at ReliaQuest, specializing in technical cyber threat research. Since joining ReliaQuest in June 2019, Ivan has focused on data breach investigations, automations, threat actor profiling, and reverse engineering threat campaigns. He holds a Master of Science degree in Cybersecurity and a GIAC Reverse Engineering Malware (GREM) certification, bringing technical expertise and actionable insights.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin host John along with systems security engineer Corey and intelligence analyst Hayden as they discuss:Chinese Threat Groups Exploiting the React2Shell Vulnerability (1:18)CISA Issues Alert on Persistent Brickstorm Backdoor Attacks (9:05)ShadyPanda Hackers Turn Millions of Browsers into Weapons (13:36)Storm-0249’s Shift to Targeted EDR Exploitation (20:09)John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Corey Carter: Systems Security Engineer at ReliaQuest. A Florida native and former infantryman in the United States Marines, Corey holds a bachelor's degree in computer science with a specialization in information assurance. His experience as a detection researcher, security analyst, and threat hunter at ReliaQuest, combined with his military background, equips him with a unique perspective on cybersecurity challenges.Hayden Evans: Cyber Threat Intelligence Analyst at ReliaQuest. He has experience in the F3EAD lifecycle and analyzing adversaries' TTPs to operationalize this information. He is also experienced with intrusion response, OSINT investigations, and offensive security.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin host John and intelligence analysts Alex and Hayden as they discuss:Scattered Lapsus$ Hunters Targeting Zendesk (1:14)Microsoft Teams Guest Access Phishing Bypass (3:37)Dark AI Tools Enhancing Threat Actors (6:08)Silver Fox’s Campaign: Chinese APT Spotlight (10:05)John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Alexander Capraro: Cyber Threat Intelligence Analyst at ReliaQuest with over five years of experience in cybersecurity. With his prior experience as a Security Analyst, he specializes in incident response, malware campaign tracking, and OSINT investigations. Hayden Evans: Cyber Threat Intelligence Analyst at ReliaQuest. He has experience in the F3EAD lifecycle and analyzing adversaries' TTPs to operationalize this information. He is also experienced with intrusion response, OSINT investigations, and offensive security.

Resources: https://linktr.ee/ReliaQuestShadowTalkDo you really need predictions to tackle cyber threats? Join host Kim along with intelligence analyst John & special guest CISO Rafal Baran as they discuss:New NPM Supply Chain Threat (1:13)China Manipulates AI for Initial Access (4:46)Cloud Gaps Bring IoT Takeover (7:29)2026 Cyber-Threat Predictions (10:57)Rafal Baran: IT security leader and CISO in the global reinsurance space. He focuses on building practical security and privacy programs across multiple jurisdictions, with an emphasis on cloud security and incident readiness. He advises senior leadership on emerging risks and resilience and holds boardroom certification as a Qualified Technology Expert, along with multiple credentials spanning cybersecurity, privacy, and the re/insurance domains. Outside his role, he mentors upcoming security professionals and contributes to the broader cyber community. Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin host Kim, intelligence analyst John, and threat hunter Tristan as they discuss:Fortinet Flaw Enables Admin TakeoverAkira Ransomware Targets Nutanix VMsSmart Redirects Evade Phishing DetectionThreat Hunter Hacks: SEO Hits HardListen on @Listennotes: https://lnns.co/mgbyVjXv7p6Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Tristan Luikey: Threat Hunter at ReliaQuest, specializing in responding to and mitigating active breaches to safeguard customers' networks. In addition to breach response, Tristan conducts comprehensive research into emerging threats and attack techniques, enabling proactive threat hunting to strengthen organizational security.

Resources: https://linktr.ee/ReliaQuestShadowTalkWondering why Gootloader is suddenly back in action? Join host Kim along with intelligence analyst Hayden & Systems Security Engineer Corey as they discuss:Gootloader Returns Using SEO Poisoning (1:27)New Android Spyware LANDFALL (6:33)Curly COMrades Hide in Windows Using Linux VMs (10:57)Sector-by-Sector Cyber Trends Q3 2025 (15:20)Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.Corey Carter: Detection Researcher at ReliaQuest. A Florida native and former infantryman in the United States Marines, Corey holds a bachelor's degree in computer science with a specialization in information assurance. His experience as a Security Analyst and Threat Hunter at ReliaQuest, combined with his military background, equips him with a unique perspective on cybersecurity challenges.Hayden Evans: Cyber Threat Intelligence Analyst at ReliaQuest. He has experience in the F3EAD lifecycle and analyzing adversaries' TTPs to operationalize this information. He is also experienced with intrusion response, OSINT investigations, and offensive security.

Resources: https://linktr.ee/ReliaQuestShadowTalkDid you know 99% of cloud identities are over-privileged, creating the perfect storm for attackers to seamlessly infiltrate your environment? Join host Kim along with intelligence analysts John & Alex as they discuss: Chinese Nation-State Campaigns and Geopolitics (1:12)Malicious NPM Packages (7:20)TruffleNet Attacks on AWS (10:53)The Danger of Over-Privileged Cloud Identities (15:36)Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Alexander Capraro: Alexander Capraro is a Cyber Threat Intelligence Analyst at ReliaQuest with over five years of experience in cybersecurity. With his prior experience as a Security Analyst, he specializes in incident response, malware campaign tracking, and OSINT investigations.  

Resources: https://linktr.ee/ReliaQuestShadowTalkPicture this: You close a $50M acquisition on Friday and by Monday, attackers are in your network. Sound far-fetched? It's not. Join host Kim along with intelligence analyst John & Threat Hunter Leo as they discuss:Attackers Exploit WSUS Flaw (1:15)Qilin Deploys Cross-Platform Attacks (4:21)Lazarus Group Reignites Operation DreamJob (9:05)Threat Hunter Hacks: Active Cyber Threats in M&A (15:19)Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Leo Dawson: Leo Dawson is a Threat Hunter on the ReliaQuest Threat Research Team. With a deep background in Experimental Physics and Artificial Intelligence, Leo brings a unique interdisciplinary perspective to cybersecurity. He is driven by a passion for leveraging these skills to proactively track, analyze, and understand threat actor campaigns while gaining deeper insights into their evolving tactics and behaviors. 

Resources: https://linktr.ee/ReliaQuestShadowTalkWondering what makes ransomware operations successful? Join host Kim along with intelligence analyst John & former FBI Special Agent Keith Mularski as they discuss:Year-Long F5 Breach (2:42)North Korean Attacker Adopts EtherHiding (7:53)Phishing Attacks Target LastPass (12:11)Fighting Ransomware Automation: A CISO's Guide (17:19)Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Keith Mularski is the Chief Global Ambassador at Qintel, where he leads global engagement and represents the company’s intelligence mission across governments, industry, and cybersecurity communities worldwide. Before joining Qintel, Keith led the Cyber Threat Management group at Ernst & Young, advising Fortune 100 companies on proactive defense and intelligence strategies. He also served more than 20 years as an FBI Special Agent, leading groundbreaking cybercrime investigations and pioneering collaboration between law enforcement and the private sector. His undercover work has been featured in the books Kingpin and DarkMarket. Keith is also co-host of the podcast Only Malware in the Building, where he explores the stories behind cybercrime and threat intelligence.

Resources: https://linktr.ee/ReliaQuestShadowTalkHow long could Flax Typhoon nestle silently in your networks? Join host Kim along with intelligence analysts John & Joey as they discuss:Velociraptor Abused in Ransomware Attacks (1:13)New Oracle E-business Suite Flaw (5:19)GitHub CamoLeak AI Attack (7:46)Year-Long Flax Typhoon ArcGIS Campaign  (11:23)Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Joseph Keyes: Cyber Threat Intelligence Analyst at ReliaQuest, specializing in technical cyber threat research. With his prior role as a Cyber Security Analyst, he has gained years of experience in triaging and responding to active threats using GreyMatter's various tools. Joseph is skilled in intrusion response, threat actor profiling, OSINT across the clear and dark web, and analyzing adversarial TTPs.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin host Kim along with Intelligence Analyst John and Threat Detection Engineer Marken as they discuss:Clop's Exploitation of Oracle E-Business Suite (1:09)Scattered Lapsus$ Hunters Return With Salesforce Leaks (5:27)Shutdown Threatens US Intel Sharing and Cyber Defense (10:02)Ransomware and Cyber Extortion in Q3 2025 (15:02)Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Marken Teder: Threat Detection Engineer at ReliaQuest, with a total of 7 years at the company. A native Estonian, he has previously worked as an Incident Response Analyst, Content Developer, and Security Architect. Marken's extensive experience in detection and response brings a robust technical perspective to discussions.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin host Joey along with intelligence analysts Alex and Hayden as they discuss:Brickstorm Backdoor in U.S. Legal and Tech Sectors (1:17)Storm-1849 Targeting Cisco ASA Devices (4:38)Medusa Attempts to Pay Reporter for Initial Access (7:00)Debate Over Government Zero-Day Stockpiling (14:41)Joseph Keyes: Cyber Threat Intelligence Analyst at ReliaQuest, specializing in technical cyber threat research. With his prior role as a Cyber Security Analyst, he has gained years of experience in triaging and responding to active threats using GreyMatter's various tools. Joseph is skilled in intrusion response, threat actor profiling, OSINT across the clear and dark web, and analyzing adversarial TTPs.Hayden Evans: Cyber Threat Intelligence Analyst at ReliaQuest. He has experience in the F3EAD lifecycle and analyzing adversaries' TTPs to operationalize this information. He is also experienced with intrusion response, OSINT investigations, and offensive security. Alexander Capraro: Cyber Threat Intelligence Analyst at ReliaQuest with over five years of experience in cybersecurity. With his prior experience as a Security Analyst, he specializes in incident response, malware analysis and campaign tracking, and OSINT investigations.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin host Kim along with intelligence analysts John and Joey as they discuss:Summer 2025 Attacker Trends (13:41)Self-Replicating 'Shai-hulud' Worm Targeting NPM Packages (1:05)Fortra Critical Patch for GoAnywhere MFT Vulnerability (3:49)Phishing Round Up: File Fix Campaign and Microsoft's RaccoonO365 Takedown (7:12)Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.Joseph Keyes: Cyber Threat Intelligence Analyst at ReliaQuest, specializing in technical cyber threat research. With his prior role as a Cyber Security Analyst, he has gained years of experience in triaging and responding to active threats using GreyMatter's various tools. Joseph is skilled in intrusion response, threat actor profiling, OSINT across the clear and dark web, and analyzing adversarial TTPs. 

Host, Kim, alongside ReliaQuest's Threat Research experts, cut through the noise to bring you the cyber insights that matter most. Get news, research and actionable strategies from industry leaders, to help you stay ahead of attackers.New episodes every Wednesday at 1pm EST.

Resources: https://linktr.ee/ReliaQuestShadowTalkThinking about whether you need more AI in SecOps? Join host Kim along with intelligence analyst Joey & systems security engineer Corey as they discuss:SAP S/4HANA Flaw Exploitation (2:09)AI-Powered Malware Exposes GitHub (4:24)APT28 Outlook Backdoor hits NATO (8:21)ReliaQuest Experts Answer Your Questions (11:55)Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.Joseph Keyes: Cyber Threat Intelligence Analyst at ReliaQuest, specializing in technical cyber threat research. With his prior role as a Cyber Security Analyst, he has gained years of experience in triaging and responding to active threats using GreyMatter's various tools. Joseph is skilled in intrusion response, threat actor profiling, OSINT across the clear and dark web, and analyzing adversarial TTPs. Corey Carter: Detection Researcher at ReliaQuest. A Florida native and former infantryman in the United States Marines, Corey holds a bachelor's degree in computer science with a specialization in information assurance. His experience as a Security Analyst and Threat Hunter at ReliaQuest, combined with his military background, equips him with a unique perspective on cybersecurity challenges.

Resources: https://linktr.ee/ReliaQuestShadowTalkNeed the latest information on Salesloft Drift? Join host Kim along with intelligence analyst John & detection engineer Marken as they discuss:Salesloft Drift Tokens Result in Salesforce Data Theft (1:31)Storm-0501 Shifts Ransomware Attacks to Cloud (6:36)APT29 Microsoft 365 Campaign Disrupted (11:26)Axios, Direct Send Abuse Redefine Phishing (14:19)Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.Marken Teder: Threat Detection Engineer at ReliaQuest, with a total of 7 years at the company. A native Estonian, he has previously worked as an Incident Response Analyst, Content Developer, and Security Architect. Marken's extensive experience in detection and response brings a robust technical perspective to discussions.John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest. 

Resources: https://linktr.ee/ReliaQuestShadowTalkCurious about the skills needed for modern cyber attacks? Join host Kim along with intelligence analysts John & Hayden as they discuss:Apple Patches Exploited Zero-Day (1:40)Hackers Abuse Linux Files to Drop Malware (3:50)Silk Typhoon Attacks Cloud Supply Chains (7:21)ReliaQuest Uncovers Cybercriminals' Most Sought After Skills (11:02)Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest. Hayden Evans: Cyber Threat Intelligence Analyst at ReliaQuest. He has experience in the F3EAD lifecycle and analyzing adversaries' TTPs to operationalize this information. He is also experienced with intrusion response, OSINT investigations, and offensive security. 

Resources: https://linktr.ee/ReliaQuestShadowTalkIntrigued by Warlock ransomware's Chinese connection? Join host Kim along with intelligence analysts Joey & John as they discuss:\Warlock Ransomware Attacks Against Telecoms (3:12)New FortiSIEM Flaw Exploited in the Wild (5:19)Man-in-the-Prompt Attack Steals Data from LLMs (8:04)How ReliaQuest Tracks Ransomware Groups and Evolving Cyber Threats (12:36)Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.Joseph Keyes: Cyber Threat Intelligence Analyst at ReliaQuest, specializing in technical cyber threat research. With his prior role as a Cyber Security Analyst, he has gained years of experience in triaging and responding to active threats using GreyMatter's various tools. Joseph is skilled in intrusion response, threat actor profiling, OSINT across the clear and dark web, and analyzing adversarial TTPs. John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest. 

Resources: https://linktr.ee/ReliaQuestShadowTalkWant to know if ShinyHunters and Scattered Spider are really working together? Join host Kim along with detection engineer Marken as they discuss:WinRAR Zero-Day Exploited in RomCom Attacks (1:44)New EDR Killer Popular with Ransomware Groups (4:30)Data Breach Reveal Kimsuky Inner Workings (11:31)ReliaQuest Uncovers Potential ShinyHunters x Scattered Spider Collaboration (15:00)Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.Marken Teder: Threat Detection Engineer at ReliaQuest, with a total of 7 years at the company. A native Estonian, he has previously worked as an Incident Response Analyst, Content Developer, and Security Architect. Marken's extensive experience in detection and response brings a robust technical perspective to discussions.

Akira ransomware group is exploiting potential zero-day vulnerabilities, and digital risk protection (DRP) threats are rapidly evolving. Join host Joey, along with intelligence analysts John and Hayden, as they dive into:Akira Ransomware Exploiting a Potential Zero DayPlague Backdoor Emerges as Silent IntruderEvolving Tactics of North Korean AttackerDRP Threats Surge Amid Organizational GrowthResources: https://linktr.ee/ReliaQuestShadowTalkJoseph Keyes: Joseph Keyes is a Cyber Threat Intelligence Analyst at ReliaQuest, specializing in technical cyber threat research. With his prior role as a Cyber Security Analyst, he has gained years of experience in triaging and responding to active threats using GreyMatter's various tools. Joseph is skilled in intrusion response, threat actor profiling, OSINT across the clear and dark web, and analyzing adversarial TTPs. John Dilgen: John Dilgen is a Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest. Hayden Evans: Hayden Evans is a Cyber Threat Intelligence Analyst at ReliaQuest. He has experience in the F3EAD lifecycle and analyzing adversaries' TTPs to operationalize this information. He is also experienced with intrusion response, OSINT investigations, and offensive security. 

Resources: https://linktr.ee/ReliaQuestShadowTalkCurious how the latest CrushFTP exploit works? Join host Kim along with intelligence analyst Hayden and threat hunter Leo as they discuss:BreachForums Back, XSS Out (1:28)Warlock Ransomware Hits SharePoint (5:28)Fire Ant Stings ESXi (9:39)ReliaQuest Uncovers CrushFTP Attack Chain (13:35Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.Hayden Evans: Cyber Threat Intelligence Analyst at ReliaQuest. He has experience in the F3EAD lifecycle and analyzing adversaries' TTPs to operationalize this information. He is also experienced with intrusion response, OSINT investigations, and offensive security.Leo Dawson: Threat Hunter on the ReliaQuest Threat Research Team. With a deep background in Experimental Physics and Artificial Intelligence, Leo brings a unique interdisciplinary perspective to cybersecurity. He is driven by a passion for leveraging these skills to proactively track, analyze, and understand threat actor campaigns while gaining deeper insights into their evolving tactics and behaviors. 

Resources: https://linktr.ee/ReliaQuestShadowTalkCurious about how cybercriminals use AI? Join host Kim along with detection engineer Marken and intelligence analyst Alex as they discuss:New SharePoint Vulnerability (1:34)LameHug AI-Powered Malware (5:55)UK Bans Ransomware Payments (9:44)AI Tactics Behind the Latest Cyber Threats (14:11)Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.Marken Teder: Threat Detection Engineer at ReliaQuest, with a total of 7 years at the company. A native Estonian, he has previously worked as an Incident Response Analyst, Content Developer, and Security Architect. Marken's extensive experience in detection and response brings a robust technical perspective to discussions.Alexander Capraro: Cyber Threat Intelligence Analyst at ReliaQuest with over five years of experience in cybersecurity. With his prior experience as a Security Analyst, he specializes in incident response, malware analysis and campaign tracking, and OSINT investigations.

Resources: https://linktr.ee/ReliaQuestShadowTalkEver wondered if IOCs are still relevant in a world of polymorphic malware and zero-day exploits? Join host Kim along with intelligence analyst Joey and threat hunter Tristan as they discuss:North American APT Targets China (1:25)Chatbot Exposes Thousands of Job Applications (4:57)New Phishing Campaign Targets VIPs (7:17)How IOCs are Used in Modern Threat Hunting (10:07)Kim Bromley: Kim Bromley is a Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights for ShadowTalk.  Joseph Keyes: Joseph Keyes is a Cyber Threat Intelligence Analyst at ReliaQuest, specializing in technical cyber threat research. With his prior role as a Cyber Security Analyst, he has gained years of experience in triaging and responding to active threats using GreyMatter's various tools. Joseph is skilled in intrusion response, threat actor profiling, OSINT across the clear and dark web, and analyzing adversarial TTPs. Tristan Luikey: Tristan Luikey is a Threat Hunter at ReliaQuest, specializing in responding to and mitigating active breaches to safeguard customers' networks. In addition to breach response, Tristan conducts comprehensive research into emerging threats and attack techniques, enabling proactive threat hunting to strengthen organizational security. 

Resources: https://linktr.ee/ReliaQuestShadowTalkHave you heard of SafePay ransomware? Join host Kim along with intelligence analysts Hayden and John as they discuss:SafePay Targets Ingram Micro (1:16)Updates on Iran-Israel (5:43)North Korea Adopts ClickFix & Attacks Web3 (8:24)Insights from ReliaQuest Customer Incidents (13:14)Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.Hayden Evans: Cyber Threat Intelligence Analyst at ReliaQuest. He has experience in the F3EAD lifecycle and analyzing adversaries' TTPs to operationalize this information. He is also experienced with intrusion response, OSINT investigations, and offensive security.John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin host Kim along with intelligence analysts Ivan and John as they discuss:Citrix Bleed 2Scattered Spider Hits Aviation From ClickFix to FileFixRansomware Threats from Q2Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.Ivan Righi: Threat Intelligence Analyst at ReliaQuest, specializing in technical cyber threat research. Since joining ReliaQuest in June 2019, Ivan has focused on data breach investigations, automations, threat actor profiling, and reverse engineering threat campaigns. He holds a Master of Science degree in Cybersecurity and a GIAC Reverse Engineering Malware (GREM) certification, bringing technical expertise and actionable insights.John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin host Kim along with Intelligence Analyst Hayden and Threat Hunter Leo as they discuss:New Scattered Spider Attack ChainIsrael and Iran Cyber Threat Deep DiveTop Iran-linked Threat Groups & How to MitigateKim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.Hayden Evans: Cyber Threat Intelligence Analyst at ReliaQuest. He has experience in the F3EAD lifecycle and analyzing adversaries' TTPs to operationalize this information. He is also experienced with intrusion response, OSINT investigations, and offensive security.Leo Dawson: Threat Hunter on the ReliaQuest Threat Research Team. With a deep background in Experimental Physics and Artificial Intelligence, Leo brings a unique interdisciplinary perspective to cybersecurity. He is driven by a passion for leveraging these skills to proactively track, analyze, and understand threat actor campaigns while gaining deeper insights into their evolving tactics and behaviors. 

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin host Kim along with intelligence analyst Joey and detection engineer Marken as they discuss:Anubis Ransomware Wiper CapabilityTeamfiltration Pentesting ToolCyber Implications of Israel-Iran ConflictThe Most Up to Date Attacker TrendsKim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.Marken Teder: Threat Detection Engineer at ReliaQuest, with a total of 7 years at the company. A native Estonian, he has previously worked as an Incident Response Analyst, Content Developer, and Security Architect. Marken's extensive experience in detection and response brings a robust technical perspective to discussions.Joseph Keyes: Cyber Threat Intelligence Analyst at ReliaQuest, specializing in technical cyber threat research. With his prior role as a Cyber Security Analyst, he has gained years of experience in triaging and responding to active threats using GreyMatter's various tools. Joseph is skilled in intrusion response, threat actor profiling, OSINT across the clear and dark web, and analyzing adversarial TTPs.

Resources: https://linktr.ee/ReliaQuestShadowTalkJoin host Kim along with intelligence analysts Alex and John as they discuss:The Enduring Legacy of Black BastaQilin's Exploitation of Fortinet FlawsVishing for Salesforce DataAtomic Stealer x ClickFix CampaignKim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.Alexander Capraro: Cyber Threat Intelligence Analyst at ReliaQuest with over five years of experience in cybersecurity. With his prior experience as a Security Analyst, he specializes in incident response, malware analysis and campaign tracking, and OSINT investigations. John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.