ShadowTalk: Powered by ReliaQuest

40 Episodes
Subscribe

By: ReliaQuest

Want to hear what industry experts really think about the cyber threats they face? ShadowTalk is a weekly cybersecurity podcast, made by practitioners for practitioners, featuring analytical insights on the latest cybersecurity news and threat research.Threat Intelligence Analyst John Dilgen brings extensive expertise in cyber threat intelligence and incident response, specializing in researching threats impacting ReliaQuest customers. John and his guests provide practical perspectives on the week’s top cybersecurity news and share knowledge and best practices to help businesses mitigate the most pertinent cyber threats.  With over 1,000 customers worldwide and 1,200 teammates across six global operating centers, ReliaQuest delivers secu...

✂️ Clip this podcast
How Hackers Are Using AI Right Now: Faster Attacks, Smarter Malware, and a New Arms Race
Last Wednesday at 6:00 PM

AI is not replacing threat actors, instead it is making them faster, cheaper, and harder to stop. From AI powered phishing campaigns generating thousands of pages simultaneously, to a newly discovered macOS implant called Gaslight that injects fabricated system error messages into AI powered triage pipelines, the arms race between attackers and defenders is accelerating. The question is not whether AI is being used against your organization. It is whether your defenses are keeping pace.

Join hosts Brandon and John as they discuss:

How threat actors are leveraging AI across social engineering and malicious code generationThe...


Klue, Kali365, OAuth: When the Front Door Is a Trusted Integration
06/24/2026

In the Klue compromises threat actors walked in through a trusted integration, using legitimate credentials to quietly siphon Salesforce CRM data at scale. The challenge isn't just responding to Klue. It's recognizing that every OAuth-connected integration in your environment is part of your attack surface.

Join hosts Alexandra and John as they discuss:

How compromised Klue integrations were leveraged to exfiltrate Salesforce CRM dataAttribution and what it signals about the evolving data extortion landscapeHow Oauth token and device code theft is growing

 Two questions your organization should be asking right now:

How m...


ShinyHunters' Expanding Toolkit: Oracle PeopleSoft Zero-Day Exploitation and the BreachForums Defense Gaps
06/17/2026

ShinyHunters dominated headlines this week: a zero-day, a BreachForums listing, and unverified claims all hitting at once. The problem isn't just keeping up with the volume. It's knowing which of it is real, which is noise, and what your team actually needs to act on.

Join hosts Tehman and John as they discuss:

ShinyHunters zero-day exploitation of CVE-2026-35273Why a BreachForums listing extends the threat well beyond the initial compromiseWhat proactive, resource-development-stage detection looks like in practice

 Two questions your organization should be asking right now:

Is your Oracle PeopleSoft Environment M...


China-Linked Cyber Espionage: How OP-512 Exploited Legacy IIS Servers and Evaded Detection
06/10/2026

Your team built defenses around known China-linked clusters. The file hashes are tracked. The behavioral patterns are documented. What those weren't built to catch is a new cluster that studied those exact defenses and engineered around them. A China-linked attacker compromised an internet-facing IIS server, maintained access for over 75 days, and came back on fresh infrastructure.

With four China-linked clusters converging on the same legacy IIS stack in twelve months, defenders building detection programs around yesterday's cluster are already behind the next one.

Join hosts Alex and John as they discuss:

How OP-512 engineered...


SonicWall, MFA Bypass, IABs: Why Patched Devices Are Still Handing Attackers Initial Access
06/03/2026

Your team patches the device. The firmware version matches the advisory. The ticket closes. The device comes off the remediation queue. What your workflow never tracked is that the advisory also required six manual LDAP configuration steps — and without them, the authentication bypass still works. An initial access broker authenticated through the VPN, reached a domain-joined file server, and was gone in under 40 minutes. Your dashboard still showed a clean queue.

With initial access brokers operating on disciplined, sub-hour timelines and patch-management workflows built around a single completion step, defenders are closing tickets on devices that are st...


Device Code, OAuth, PhaaS: How Session Token Theft is Breaking the Phishing Playbook
05/27/2026

Your user clicked a link, landed on a real Microsoft login page, typed their password, completed MFA, and walked away thinking nothing happened. Somewhere across the internet, an attacker's device just received an authenticated session token. The password is irrelevant. The MFA prompt already fired and passed. With PhaaS platforms now converging on token-theft tradecraft and post-compromise automation executing in seconds, defenders are racing a scripted attacker with a manual playbook.

Join hosts Brandon and John as they discuss:

How device code phishing uses real authentication infrastructure to capture valid session tokensHow one campaign hit 35,000+ users...


SQLite, Mistral, OpenAI: How AI Attacks Are Reshaping the Attack Surface
05/20/2026

What happens when an AI agent uncovers a zero-day in hours instead of weeks, and state-backed groups are already operationalizing the same tools? With self-hosted AI infrastructure sprawling outside asset registers and supply chain worms reaching inside AI vendors themselves, defenders need a new operating model.

Join hosts Tehman and John as they discuss: 

How an AI agent surfaced a memory-safety zero-day in SQLiteHow Mini Shai-Hulud reached Mistral AI and OpenAI devicesWhy the intel-to-action chain still runs at multi-day tempo

Two questions your organization should be asking right now:

Do you have v...


Canvas, Trellix, Mini Shai-Hulud: How Defenders Respond When Supply Chain Attacks Become Weekly
05/14/2026

What's driving the surge in weekly supply chain attacks, and why does the real defender problem start after the supplier gets hit? With 275 million records exposed and 8,809 institutions caught in the downstream fallout, organizations need a new playbook.

Join hosts Alexandra and John as they discuss:

How ShinyHunters abused admin sessionsRansomHouse's hypervisor-focused automationHow Mini Shai-Hulud compromised 170+ npm packages

 Two questions your organization should be asking right now:

Do you have visibility into how trusted vendors authenticate, export, and move your data through native platform features?Are your software pipelines protected against poisoned p...


Akira, ShinyHunters, and The Gentlemen: Extortion Lessons From Early 2026
05/06/2026

What factors have driven the top ransomware and extortion groups' success in early 2026? And how should organizations structure their defenses to protect against them?

Join hosts Alexandra and John as they discuss:

How Akira is exploiting unknown assets inherited through M&AWhy ShinyHunters' vishing and SaaS misconfiguration models workHow The Gentlemen grew 588% quarter-over-quarter

 Two questions your organization should be asking right now:

Have you run a full asset discovery sweep on every environment inherited through acquisition in the last few years?Do you have automated containment rules in place for anomalous MFA d...


What Happened to Black Basta's Playbook? The Automated Teams Phishing Threat Hitting Executives
04/29/2026

Black Basta disbanded in February 2025, but their playbook didn't go with them. In March 2026, 77% of observed incidents targeted executives and directors, and attackers moved from first contact to malicious script execution in as little as 12 minutes. The tactic has been automated, refined, and is now running faster than most SOCs can respond.

 Join hosts Alexandra and John as they discuss:

How attackers leverage Microsoft Teams phishing to target high-privilege accounts with alarming speedWhy automation is compressing attack timelines and sharpening target selectionThe controls that can stop it, from help desk verification to automated containment workflows

 ...


Did ShinyHunters Compromise Vercel? Every CISO's Cloud Security Visibility Problem
04/22/2026

89% of organizations that suffered a SaaS breach last year believed they had appropriate visibility. They had the logs — what they lacked was detection on what mattered. The Vercel incident shows exactly how costly that gap can be.

 Join hosts Brandon and John as they discuss:

How a third-party OAuth chain may have exposed Vercel's internal dataWhy SaaS visibility gaps leave organizations exposedThe controls that can break the attack

Resources: https://linktr.ee/ReliaQuestShadowTalk

John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting Rel...


What Claude Mythos Means for Organizations
04/15/2026

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts John and Alex, alongside special guest and ReliaQuest CTO Joe Partlow, as they discuss:

How Claude Mythos autonomously generated exploitsWhy AI is accelerating CVE volumeDefense strategies organizations need now

Joe Partlow: CTO of ReliaQuest, a leading Information Security provider and is currently involved with new product initiatives along with research and development efforts. Joe has been involved the Information Security field for over 30 years, in both the defensive side and offensive capabilities. Current projects include data ingestion/analytics at scale, DFIR automation and generative...


Axios and Trivy — Supply Chain Gaps Organizations Must Fix
04/08/2026

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts John and Tehman as they break down two of the most consequential supply chain attacks of 2026:

How DPRK actors socially engineered a NPM maintainerWhy hijacked GitHub versions are a CI/CD wake-up callThe three gaps every security team needs to close

John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Tehman Tariq: Sr. Manager...


Faster, Smarter, and Already Escalated — What It Takes to Defend Against the Modern Threat Landscape
04/01/2026

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts Alexandra and John, live from Exponent 2026, alongside top security leaders as they discuss:

How organizations keep pace with attackersWhy one in four incidents starts with social engineeringHow automated response is helping organizations

Chris Thompson: CISO of Caris Life Sciences, a leading, next-generation AI TechBio company and precision medicine pioneer.  Chris is a retired Federal Agent having most recently led the North Texas Cyber Task Force for the FBI and was an operator on the FBI Cyber Action Team.

Michael Andreano: Sr...


The Invisible Attack Surface: Iran-Aligned Threat Actors and Corporate Blind Spots
03/25/2026

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts Brandon and John as they discuss:

How Handala wiped 200,000 devices by weaponizing a trusted platformWhy your organization doesn't need to be a direct target to be at riskHow AI-enhanced malware is helping attackers get faster

John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Brandon Tirado: Brandon Tirado is the Director of GreyMatter Operations for ReliaQuest...


The 2026 Annual Threat Report Breakdown, Part 3: The Long Game — Nation-State Threats & What's Coming in 2026
03/18/2026

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts John and Alex as they discuss:

How a Chinese APT maintained access for over a yearWhy North Korean impersonation surged 116%Why attackers exploit the same foundational gaps

John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Alexander Capraro: Alexander Capraro is a Cyber Threat Intelligence Analyst at ReliaQuest with over five years of experience in cybersecurity...


The 2026 Annual Threat Report Breakdown, Part 2 — Once They're In: Post-Compromise Tactics, Ransomware & Exfiltration
03/11/2026

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts Tehman and John as they discuss:

Why ransomware now prioritizes exfiltration over encryption How attackers can exfiltrate your data in just 6 minutesWhy proactive darkweb monitoring is critical

John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Tehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has spent a majority of my career leading our Incident R...


The 2026 Annual Threat Report Breakdown, Part 1 — How AI Contributes to Attacker Speed, and the Malware That's Winning
03/04/2026

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts Brandon and John as they discuss:

How attacker breakout times dropped to as little as 4 minutes Why ClickFix surged 200%Why behavioral detection is critical

John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Brandon Tirado: Director of Threat Research for ReliaQuest. A skilled cyber defense professional with a unique combination of management and hands-on experience. With a...


Malware Isn't Required—How Ransomware Groups Turn Legitimate RMMs Into a Weapon
02/25/2026

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts John and Tehman as they discuss:

What attackers prefer over custom malwareHow signature-based detection failsProactive governance vs. reactive triage

John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Tehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has spent a majority of my career leading our Incident Response, Security Architecture, and Detection teams. As well...


Ransomware vs. Exfiltration-Only—The Extortion Model Showdown
02/18/2026

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts Brandon and John as they discuss:

Why extortion payment rates are the lowest everOrganizations paying ransomware but refusing data extortion demandsWhy defenders need both visibility and speed

John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Brandon Tirado: Director of Threat Research for ReliaQuest. A skilled cyber defense professional with a unique combination of management and...


Patch Management Is Losing—The Case for Predictive Vulnerability Defense
02/11/2026

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts Brandon and John as they discuss:

Why traditional patch cycles can't beat attackers exploiting vulnerabilities in 24 hoursThe shift from reactive patching to predictive intelligence using EPSS and CISA KEVHow to defend against zero-days when patching isn't an option

John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Brandon Tirado: Director of Threat Research for ReliaQuest. A...


Beyond Phishing Emails—Social Engineering Drives Initial Access
02/04/2026

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts John and Tehman as they discuss:

Why phishing emails are no longer the top malware delivery methodEmerging social engineering tactics: vishing, copy and paste abuse, and software impersonationHow campaigns have evolved from Black Basta to ShinyHunters

John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Tehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has...


Malicious AI—The New Face of Cyber Threats
01/28/2026

Resources: https://linktr.ee/ReliaQuestShadowTalk

John and Tehman as they discuss:

How AI is enabling large-scale, high-speed attacksNation-states weaponizing AI for attack automationThe rise of sophisticated AI-generated malware

John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Tehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has spent a majority of my career leading our Incident Response, Security Architecture, and Detection teams...


Maintainer Compromise: The Next Supply-Chain Attack Vector in 2026
01/21/2026

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts Brandon and John as they discuss:

How supply-chain attacks evolvedCampaigns targeting NPM package maintainersActionable defense strategies

Brandon Tirado: Director of Threat Research for ReliaQuest. A skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of adversary motives and the tactics, techniques, and procedures (TTPs) they use to achieve their goals, Brandon enjoys operationalizing his knowledge to make it more difficult for adversaries to operate within the environments of ReliaQuest customers. His managerial and hands-on experience enriches ShadowTalk with...


Kicking Off 2026 with Ransomware Insights and Defense Strategies
01/14/2026

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join hosts Brandon and Tehman as they discuss:

The resurgence of LockBit 5.0 and its December 2025 surge in named organizationsHow top ransomware groups like Qilin, Akira, and Clop dominated in 2025.Actionable defense strategies for organizations to proactively combat ransomware in 2026

Brandon Tirado: Director of Threat Research for ReliaQuest. Brandon is a skilled cyber defense professional with a unique combination of management and hands-on experience. With a deep understanding of adversary motives and the tactics, techniques, and procedures (TTPs) they use to achieve their goals, Brandon enjoys operationalizing his knowledge...


React2Shell Attacks Evolve, ClickFix Attacks, and Holiday Season Threats
12/17/2025

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host John and intelligence analyst Ivan as they discuss:

React2Shell Exploits Flood the Internet as Attacks Continue (1:06)ClickFix Style Attack Leveraging Grok and ChatGPT for Malware Delivery (7:39)New ConsentFix Attack Hijacking Microsoft Accounts via Azure CLI (13:50)Holiday Season Attack Risks: Phishing, Ransomware, and Defense Recommendations (18:22)

John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Ivan Righi: ...


React2Shell Exploits, CISA’s Brickstorm Warning, ShadyPanda’s Browser Weaponization
12/10/2025

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host John along with systems security engineer Corey and intelligence analyst Hayden as they discuss:

Chinese Threat Groups Exploiting the React2Shell Vulnerability (1:18)CISA Issues Alert on Persistent Brickstorm Backdoor Attacks (9:05)ShadyPanda Hackers Turn Millions of Browsers into Weapons (13:36)Storm-0249’s Shift to Targeted EDR Exploitation (20:09)

John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Corey Carter: Sy...


Scattered Lapsus$ Hunters, SilverFox's ValleyRat Campaign, and More
12/03/2025

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host John and intelligence analysts Alex and Hayden as they discuss:

Scattered Lapsus$ Hunters Targeting Zendesk (1:14)Microsoft Teams Guest Access Phishing Bypass (3:37)Dark AI Tools Enhancing Threat Actors (6:08)Silver Fox’s Campaign: Chinese APT Spotlight (10:05)

John Dilgen: Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.

Alexander Capraro: Cyber Threat Intelligence Analyst at ReliaQuest with over five years of ex...


Are Cyber Predictions Worth It? Plus Chinese AI Attacks, IoT Takeovers
11/26/2025

Resources: https://linktr.ee/ReliaQuestShadowTalk

Do you really need predictions to tackle cyber threats? Join host Kim along with intelligence analyst John & special guest CISO Rafal Baran as they discuss:

New NPM Supply Chain Threat (1:13)China Manipulates AI for Initial Access (4:46)Cloud Gaps Bring IoT Takeover (7:29)2026 Cyber-Threat Predictions (10:57)

Rafal Baran: IT security leader and CISO in the global reinsurance space. He focuses on building practical security and privacy programs across multiple jurisdictions, with an emphasis on cloud security and incident readiness. He advises senior leadership on emerging risks and resilience and holds boardroom c...


Fortinet Flaw Exposed and Exploited! Plus, Threat Hunter Hacks: SEO Hits Hard
11/19/2025

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host Kim, intelligence analyst John, and threat hunter Tristan as they discuss:

Fortinet Flaw Enables Admin TakeoverAkira Ransomware Targets Nutanix VMsSmart Redirects Evade Phishing DetectionThreat Hunter Hacks: SEO Hits Hard

Listen on @Listennotes: https://lnns.co/mgbyVjXv7p6

Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, p...


Gootloader's Return, LANDFALL Android Spyware, Sector-by-Sector Cyber Trends
11/12/2025

Resources: https://linktr.ee/ReliaQuestShadowTalk

Wondering why Gootloader is suddenly back in action? Join host Kim along with intelligence analyst Hayden & Systems Security Engineer Corey as they discuss:

Gootloader Returns Using SEO Poisoning (1:27)New Android Spyware LANDFALL (6:33)Curly COMrades Hide in Windows Using Linux VMs (10:57)Sector-by-Sector Cyber Trends Q3 2025 (15:20)

Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement t...


Why Cloud Threats Are Escalating: Identity Risks, Automation Flaws, and Legacy Vulnerabilities, Plus the Latest on Chinese APT Campaigns and NPM Package Abuse
11/05/2025

Resources: https://linktr.ee/ReliaQuestShadowTalk

Did you know 99% of cloud identities are over-privileged, creating the perfect storm for attackers to seamlessly infiltrate your environment? Join host Kim along with intelligence analysts John & Alex as they discuss: 

Chinese Nation-State Campaigns and Geopolitics (1:12)Malicious NPM Packages (7:20)TruffleNet Attacks on AWS (10:53)The Danger of Over-Privileged Cloud Identities (15:36)

Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in th...


Why Cyber Threats Surge 20% During M&A, Plus the Latest on Qilin and Lazarus Group Campaigns
10/29/2025

Resources: https://linktr.ee/ReliaQuestShadowTalk

Picture this: You close a $50M acquisition on Friday and by Monday, attackers are in your network. Sound far-fetched? It's not. Join host Kim along with intelligence analyst John & Threat Hunter Leo as they discuss:

Attackers Exploit WSUS Flaw (1:15)Qilin Deploys Cross-Platform Attacks (4:21)Lazarus Group Reignites Operation DreamJob (9:05)Threat Hunter Hacks: Active Cyber Threats in M&A (15:19)

Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host...


Automate to Defend: A Former FBI Agent's Ransomware Guide for CISOs
10/22/2025

Resources: https://linktr.ee/ReliaQuestShadowTalk

Wondering what makes ransomware operations successful? Join host Kim along with intelligence analyst John & former FBI Special Agent Keith Mularski as they discuss:

Year-Long F5 Breach (2:42)North Korean Attacker Adopts EtherHiding (7:53)Phishing Attacks Target LastPass (12:11)Fighting Ransomware Automation: A CISO's Guide (17:19)

Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique i...


Is Your Software a Secret Backdoor? Flax Typhoon's Latest Campaign Unwrapped
10/15/2025

Resources: https://linktr.ee/ReliaQuestShadowTalk

How long could Flax Typhoon nestle silently in your networks? Join host Kim along with intelligence analysts John & Joey as they discuss:

Velociraptor Abused in Ransomware Attacks (1:13)New Oracle E-business Suite Flaw (5:19)GitHub CamoLeak AI Attack (7:46)Year-Long Flax Typhoon ArcGIS Campaign  (11:23)

Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique in...


Cl0p's Latest Heist: Exploiting Oracle's Critical Vulnerability
10/08/2025

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host Kim along with Intelligence Analyst John and Threat Detection Engineer Marken as they discuss:

Clop's Exploitation of Oracle E-Business Suite (1:09)Scattered Lapsus$ Hunters Return With Salesforce Leaks (5:27)Shutdown Threatens US Intel Sharing and Cyber Defense (10:02)Ransomware and Cyber Extortion in Q3 2025 (15:02)

Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, p...


Should Governments Hoard Zero Days? Analyzing Brickstorm Malware and Storm-1849
10/01/2025

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host Joey along with intelligence analysts Alex and Hayden as they discuss:

Brickstorm Backdoor in U.S. Legal and Tech Sectors (1:17)Storm-1849 Targeting Cisco ASA Devices (4:38)Medusa Attempts to Pay Reporter for Initial Access (7:00)Debate Over Government Zero-Day Stockpiling (14:41)

Joseph Keyes: Cyber Threat Intelligence Analyst at ReliaQuest, specializing in technical cyber threat research. With his prior role as a Cyber Security Analyst, he has gained years of experience in triaging and responding to active threats using GreyMatter's various tools. Joseph is skilled in intrusion response, threat actor...


Attacker Breakout Time Hits 18 Minutes, New Shai-hulud NPM Worm
09/24/2025

Resources: https://linktr.ee/ReliaQuestShadowTalk

Join host Kim along with intelligence analysts John and Joey as they discuss:

Summer 2025 Attacker Trends (13:41)Self-Replicating 'Shai-hulud' Worm Targeting NPM Packages (1:05)Fortra Critical Patch for GoAnywhere MFT Vulnerability (3:49)Phishing Round Up: File Fix Campaign and Microsoft's RaccoonO365 Takedown (7:12)

Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.


Why Zero-Day Vulnerabilities Go Viral, New Akira SEO Campaign
09/17/2025

Resources: https://linktr.ee/ReliaQuestShadowTalk

Want to know exactly why Zero-Day vulnerabilities go viral? Join host Kim along with intelligence analysts John & Alexa:

Top Emerging Ransomware Groups (1:14)Akira's New SEO Campaign (5:32)Why Zero-Day Vulnerabilities Go Viral (9:23)

Kim Bromley: Senior Cyber Threat Intelligence Analyst on the ReliaQuest Threat Research Team. She joined ReliaQuest in June 2020 following a 10-year career in UK law enforcement, and has acted as host since 2024.  Kim brings a wealth of experience in threat intelligence and law enforcement tactics, providing unique insights.

John Dilgen: Cyber Threat Intelligence A...


Welcome to ShadowTalk
09/16/2025

Host, Kim, alongside ReliaQuest's Threat Research experts, cut through the noise to bring you the cyber insights that matter most. 

Get news, research and actionable strategies from industry leaders, to help you stay ahead of attackers.

New episodes every Wednesday at 1pm EST.