This year, cybercrime got a teenage makeover. Groups like Scattered Lapsus$ Hunters, part of the loose collective ‘The Com’ and filled with young, radicalized hackers, became a top threat. Their aggressive tactics led to high-profile breaches in 2025, including attacks on Marks & Spencer, the Co-op, and Jaguar Land Rover.
Meanwhile, insider attacks exploded: employees secretly working for ransomware gangs, zero-day brokers selling to Russia, and a million-dollar-worth crypto heist at Coinbase.
In 2025 we also saw AI evolve from being a futuristic threat to a threat which can power real malware, with AI tools like Claude helping criminals automate attacks at terrifying speed.
We sat down with Rebecca Taylor, Threat Intelligence Knowledge Manage & Researcher at Sophos and Will Thomas, Senior Threat Intelligence Advisor at Team Cymru, to discuss 2025’s highs and lows in cybersecurity and cybercrime – and to make educated guesses on what to look for in 2026.
Their prediction? That 2026 could bring live deepfake heists (imagine a fake CEO on a video call draining company funds) and nation-states weaponizing insiders for destructive cyberwar.
This episode is sponsored by SailPoint.
All content for Infosecurity Magazine Podcast is the property of Infosecurity Magazine and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
This year, cybercrime got a teenage makeover. Groups like Scattered Lapsus$ Hunters, part of the loose collective ‘The Com’ and filled with young, radicalized hackers, became a top threat. Their aggressive tactics led to high-profile breaches in 2025, including attacks on Marks & Spencer, the Co-op, and Jaguar Land Rover.
Meanwhile, insider attacks exploded: employees secretly working for ransomware gangs, zero-day brokers selling to Russia, and a million-dollar-worth crypto heist at Coinbase.
In 2025 we also saw AI evolve from being a futuristic threat to a threat which can power real malware, with AI tools like Claude helping criminals automate attacks at terrifying speed.
We sat down with Rebecca Taylor, Threat Intelligence Knowledge Manage & Researcher at Sophos and Will Thomas, Senior Threat Intelligence Advisor at Team Cymru, to discuss 2025’s highs and lows in cybersecurity and cybercrime – and to make educated guesses on what to look for in 2026.
Their prediction? That 2026 could bring live deepfake heists (imagine a fake CEO on a video call draining company funds) and nation-states weaponizing insiders for destructive cyberwar.
This episode is sponsored by SailPoint.
ToolShell Deep Dive: The SharePoint Exploit Crisis Uncovered
Infosecurity Magazine Podcast
41 minutes 47 seconds
5 months ago
ToolShell Deep Dive: The SharePoint Exploit Crisis Uncovered
In this special episode of the Infosecurity Magazine podcast, we dive deep into the rapidly evolving story surrounding Microsoft SharePoint On-Premises.
Recent disclosures have revealed a series of vulnerabilities now being exploited in targeted campaigns, with Chinese threat actors at the centre but other threat actors joining in the attacks.
This episode breaks down the complexities of the incident, the ongoing exploitations and the broader implications for security practitioners. Stay updated as this story unfolds and equip yourself with valuable insights to better understand and defend against emerging cyber threats.
Our discussion includes:
Timeline of events surrounding the ToolShell Microsoft SharePoint on-prem vulnerability (02.20)
Interview with Charles Carmakal, CTO at Mandiant, now part of Google Cloud (06.38). Charles details these critical vulnerabilities and steps towards patching and what some orgnaizations may be missing, leaving them vulnerable to compromise.
Interview Lorri Janssen-Anessi, Director of External Cyber Assessments at BlueVoyant. With extensive experience from her time at the NSA and the Department of Homeland Security, Lorri provides an in-depth perspective on the impact these attacks are having and what they mean for organizations today. (17.18)
Sing up to receive Infosecurity Magazine's weekly newsletter here.
Infosecurity Magazine Podcast
This year, cybercrime got a teenage makeover. Groups like Scattered Lapsus$ Hunters, part of the loose collective ‘The Com’ and filled with young, radicalized hackers, became a top threat. Their aggressive tactics led to high-profile breaches in 2025, including attacks on Marks & Spencer, the Co-op, and Jaguar Land Rover.
Meanwhile, insider attacks exploded: employees secretly working for ransomware gangs, zero-day brokers selling to Russia, and a million-dollar-worth crypto heist at Coinbase.
In 2025 we also saw AI evolve from being a futuristic threat to a threat which can power real malware, with AI tools like Claude helping criminals automate attacks at terrifying speed.
We sat down with Rebecca Taylor, Threat Intelligence Knowledge Manage & Researcher at Sophos and Will Thomas, Senior Threat Intelligence Advisor at Team Cymru, to discuss 2025’s highs and lows in cybersecurity and cybercrime – and to make educated guesses on what to look for in 2026.
Their prediction? That 2026 could bring live deepfake heists (imagine a fake CEO on a video call draining company funds) and nation-states weaponizing insiders for destructive cyberwar.
This episode is sponsored by SailPoint.
