ShadowTalk: Powered by ReliaQuest
Want to hear what industry experts really think about the cyber threats they face? ShadowTalk is a weekly cybersecurity podcast, made by practitioners for practitioners, featuring analytical insights on the latest cybersecurity news and threat research.
Threat Intelligence Analyst John Dilgen brings extensive expertise in cyber threat intelligence and incident response, specializing in researching threats impacting ReliaQuest customers. John and his guests provide practical perspectives on the week’s top cybersecurity news and share knowledge and best practices to help businesses mitigate the most pertinent cyber threats.
With over 1,000 customers worldwide and 1,200 teammates across six global operating centers, ReliaQuest delivers security outcomes for the most trusted enterprise brands in the world. Learn more at www.reliaquest.com.
Episodes
479 episodes
Klue, Kali365, OAuth: When the Front Door Is a Trusted Integration
In the Klue compromises threat actors walked in through a trusted integration, using legitimate credentials to quietly siphon Salesforce CRM data at scale. The challenge isn't just responding to Klue. It's recognizing that every OAuth-connected...
ShinyHunters' Expanding Toolkit: Oracle PeopleSoft Zero-Day Exploitation and the BreachForums Defense Gaps
ShinyHunters dominated headlines this week: a zero-day, a BreachForums listing, and unverified claims all hitting at once. The problem isn't just keeping up with the volume. It's knowing which of it is real, which is noise, and what your team a...
China-Linked Cyber Espionage: How OP-512 Exploited Legacy IIS Servers and Evaded Detection
Your team built defenses around known China-linked clusters. The file hashes are tracked. The behavioral patterns are documented. What those weren't built to catch is a new cluster that studied those exact defenses and engineered around them. A...
SonicWall, MFA Bypass, IABs: Why Patched Devices Are Still Handing Attackers Initial Access
Your team patches the device. The firmware version matches the advisory. The ticket closes. The device comes off the remediation queue. What your workflow never tracked is that the advisory also required six manual LDAP configuration steps — an...
Device Code, OAuth, PhaaS: How Session Token Theft is Breaking the Phishing Playbook
Your user clicked a link, landed on a real Microsoft login page, typed their password, completed MFA, and walked away thinking nothing happened. Somewhere across the internet, an attacker's device just received an authenticated session token. T...
SQLite, Mistral, OpenAI: How AI Attacks Are Reshaping the Attack Surface
What happens when an AI agent uncovers a zero-day in hours instead of weeks, and state-backed groups are already operationalizing the same tools? With self-hosted AI infrastructure sprawling outside asset registers and supply chain worms reachi...
Canvas, Trellix, Mini Shai-Hulud: How Defenders Respond When Supply Chain Attacks Become Weekly
What's driving the surge in weekly supply chain attacks, and why does the real defender problem start after the supplier gets hit? With 275 million records exposed and 8,809 institutions caught in the downstream fallout, organizations ...
Akira, ShinyHunters, and The Gentlemen: Extortion Lessons From Early 2026
What factors have driven the top ransomware and extortion groups' success in early 2026? And how should organizations structure their defenses to protect against them?Join hosts Alexandra and John as they discuss:How Akira is...
What Happened to Black Basta's Playbook? The Automated Teams Phishing Threat Hitting Executives
Black Basta disbanded in February 2025, but their playbook didn't go with them. In March 2026, 77% of observed incidents targeted executives and directors, and attackers moved from first contact to malicious script execution in as little as 12 ...
Did ShinyHunters Compromise Vercel? Every CISO's Cloud Security Visibility Problem
89% of organizations that suffered a SaaS breach last year believed they had appropriate visibility. They had the logs — what they lacked was detection on what mattered. The Vercel incident shows exactly how costly that gap can be. ...
What Claude Mythos Means for Organizations
Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts John and Alex, alongside special guest and ReliaQuest CTO Joe Partlow, as they discuss:How Claude Mythos ...
Axios and Trivy — Supply Chain Gaps Organizations Must Fix
Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts John and Tehman as they break down two of the most consequential supply chain attacks of 2026:How DPRK ac...
Faster, Smarter, and Already Escalated — What It Takes to Defend Against the Modern Threat Landscape
Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Alexandra and John, live from Exponent 2026, alongside top security leaders as they discuss:How organizat...
The Invisible Attack Surface: Iran-Aligned Threat Actors and Corporate Blind Spots
Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Brandon and John as they discuss:How Handala wiped 200,000 devices by weaponizing a trusted platformWhy...
The 2026 Annual Threat Report Breakdown, Part 3: The Long Game — Nation-State Threats & What's Coming in 2026
Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts John and Alex as they discuss:How a Chinese APT maintained access for over a yearWhy North Korean imper...
The 2026 Annual Threat Report Breakdown, Part 2 — Once They're In: Post-Compromise Tactics, Ransomware & Exfiltration
Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Tehman and John as they discuss:Why ransomware now prioritizes exfiltration over encryption How at...
The 2026 Annual Threat Report Breakdown, Part 1 — How AI Contributes to Attacker Speed, and the Malware That's Winning
Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Brandon and John as they discuss:How attacker breakout times dropped to as little as 4 minutes Why...
Malware Isn't Required—How Ransomware Groups Turn Legitimate RMMs Into a Weapon
Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts John and Tehman as they discuss:What attackers prefer over custom malwareHow signature-based detection ...
Ransomware vs. Exfiltration-Only—The Extortion Model Showdown
Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Brandon and John as they discuss:Why extortion payment rates are the lowest everOrganizations paying ra...
Patch Management Is Losing—The Case for Predictive Vulnerability Defense
Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Brandon and John as they discuss:Why traditional patch cycles can't beat attackers exploiting vulnerabilities in...
Beyond Phishing Emails—Social Engineering Drives Initial Access
Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts John and Tehman as they discuss:Why phishing emails are no longer the top malware delivery methodEmergi...
Malicious AI—The New Face of Cyber Threats
Resources: https://linktr.ee/ReliaQuestShadowTalkJohn and Tehman as they discuss:How AI is enabling large-scale, high-speed attacksNation-states weaponizing AI for...
Maintainer Compromise: The Next Supply-Chain Attack Vector in 2026
Resources: https://linktr.ee/ReliaQuestShadowTalkJoin hosts Brandon and John as they discuss:How supply-chain attacks evolvedCampaigns targeting NPM package mainta...