Emennet Pasargad is one of the most active and aggressive Iranian cyber threat groups operating today — tied directly to the Islamic Revolutionary Guard Corps (IRGC) Cyber Electronic Command. In this episode of Cyber Resilience Brief, SafeBreach Senior Sales Engineer Adrian Culley breaks down who Emennet Pasargad really is, how they operate through shell companies and phishing campaigns, and why their tactics pose both cybersecurity and geopolitical risks. You’ll learn how this Iranian nation-state group abuses email, malware delivery, and command-and-control infrastructure — and why traditional security awareness training isn’t enough. More importantly, we explore how adversary emulation, continuous control validation, and real-world attack simulation can help organizations identify gaps, harden defenses, and stop IRGC-linked attacks before they cause damage. Key topics include: Who Emennet Pasargad is and their ties to the IRGC Common tactics, techniques, and procedures (TTPs), including phishing and lateral movement The difference between cyber simulation vs. adversary emulation How organizations can proactively defend against Iranian cyber threats Why continuous cyber resilience testing is now a regulatory and business imperative For more information on protective measures against Iranian threat actors, check out our SafeBreach blog post.

Threat-led red teaming is no longer optional in Europe — it’s becoming the foundation of cyber resilience. In this episode of The Cyber Resilience Brief, host Tova Dvorin is joined by Adrian Culley, SafeBreach’s offensive security expert for Europe and the UK, to break down the TIBER-EU framework and why it’s reshaping how financial institutions and critical infrastructure organizations approach cyber defense. Originally developed by the European Central Bank, TIBER-EU (Threat Intelligence-Based Ethical Red Teaming) goes far beyond traditional penetration testing. It simulates real-world adversaries, real attack paths, and real operational pressure — aligning tightly with modern regulations such as DORA, NIS2, and the EU Cyber Resilience Act. In this episode, we cover: What TIBER-EU is and why regulators are embracing intelligence-led red teaming How DORA and TIBER-EU work together to enforce continuous operational resilience Why point-in-time penetration tests are no longer enough The evolving role of Breach & Attack Simulation (BAS) in preparing for TIBER-EU assessments How Adversary Exposure Validation (AEV) reveals real blast radius and business impact Why Continuous Automated Red Teaming (CART) is emerging as the “always-on” complement to regulator-mandated tests Whether you’re a CISO, security architect, red teamer, or risk leader, this episode explains how Europe’s regulatory frameworks are pushing the industry toward continuous, adversary-centric security validation — and why organizations outside the EU should be paying close attention. 🎙️ If cyber resilience is a journey — TIBER-EU defines the terrain.  

In this episode of the Cyber Resilience Brief, hosts Tova Dvorin and Adrian Culley clearly and practically explain some of the most commonly used — and most commonly misunderstood — terms in modern cybersecurity. Together, they break down: What Breach and Attack Simulation (BAS) actually means in practice How Advanced Persistent Threats (APTs) operate — and why persistence matters What Adversarial Exposure Validation (AEV) is (and what it isn’t) How CTEM (Continuous Threat Exposure Management) connects these concepts The difference between attack simulation and adversary emulation This episode focuses on plain-language explanations, real-world context, and why these terms exist in the first place. If you’ve ever heard these acronyms used interchangeably — or wanted a grounded explanation you can actually reuse — this episode is for you.

The Jaguar Land Rover cyberattack has already cost the UK billions — and exposed a critical weakness in modern cybersecurity: supply chain risk. In this episode of The Cyber Resilience Brief, SafeBreach hosts Tova Dvorin and Adrian Culley sit down with Steve Cobb, CISO of SecurityScorecard, to unpack what really happened, why groups like Scattered Spider, ShinyHunters, and Lapsus are becoming more coordinated, and what CISOs must do now to protect against cascading third-party failures. We break down: How the Jaguar Land Rover breach unfolded Why third-party and fourth-party risk is now first-party risk The rise of coordinated cybercrime collectives Why “trust but validate” must be the new supply chain mantra Actionable steps to strengthen resilience and visibility across vendors What the JLR incident means for national security, global operations, and the future of supply chain cybersecurity Whether you're a CISO, resilience leader, threat analyst, or supply chain security professional, this episode delivers essential insights into one of the most significant cyberattacks in UK history.

In Episode 33 of The Cyber Resilience Brief, hosts Tova Dvorin and Adrian Culley revisit the BRICKSTORM threat—this time through the lens of the new CISA, NSA, and Canadian Cyber Centre joint advisory. While Episode 24 explored BRICKSTORM’s origin, stealth techniques, and UNC5221’s long-term espionage campaign, this episode focuses on what’s changed, and why BRICKSTORM remains a critical concern for defenders in 2025 and into 2026. Tova and Adrian break down the advisory’s latest findings, including expanded targeting of government and IT sectors, advanced persistence mechanisms, and new insights into how attackers leverage VMware environments to maintain full, covert control of compromised systems. The conversation underscores a central message: these tactics aren’t static. BRICKSTORM is evolving, and organizations must evolve their defenses too. That means shifting from occasional checks to continuous validation, embracing Breach and Attack Simulation (BAS), and operationalizing threat exposure management to match the pace of modern threat actors. What’s New in This Episode Key updates from the CISA/NSA/CCCS advisory on BRICKSTORM Evolving persistence and communication-hiding techniques How attackers continue to exploit VMware and web-facing infrastructure Why high-value organizations remain prime targets The growing need for continuous, proactive security validation How BAS helps validate Zero Trust and uncover blind spots before adversaries do For more information on SafeBreach's BRICKSTORM coverage, click here to read our blog. 

In this episode of The Cyber Resilience Brief, host Tova Dvorin and offensive security expert Adrian Culley expose The Com—the decentralized cybercrime collective behind threat groups like Lapsus$, Scattered Spider (UNC 3944 / Octo Tempest), and ShinyHunters. Together, they break down how this teenage-to-young-adult adversary ecosystem has weaponized vishing, MFA fatigue, SIM-swapping, and cloud exfiltration to breach giants including Microsoft, Okta, Nvidia, MGM Resorts, and more. You’ll learn: How The Com evolved from Lapsus$ chaos into a professionalized extortion machine Why help desks—not firewalls—are their favorite initial access vector Their signature TTPs: vishing, MFA bypass, living-off-the-land, cloud data theft, and ephemeral IOCs How adversarial exposure validation (AEV), BAS, CART, and phishing-resistant MFA (FIDO2/WebAuthn) shut them down Practical resilience steps you can implement today A must-listen for CISOs, security leaders, and anyone tracking modern identity-based cyber threats. Stay safe. Stay safe with SafeBreach.

In this final episode of our November Critical Infrastructure series, The Cyber Resilience Brief host Tova Dvorin and SafeBreach offensive engineer Adrian Culley explore what it truly means to measure resilience — not just talk about it.They break down how the CISA resilience framework (“Know, Assess, Plan, and Continuously Improve”) connects directly to modern validation tools like Breach and Attack Simulation (BAS), Adversary Exposure Validation (AEV), and Continuous Red Teaming (CART). Discover how organizations can move from tabletop exercises to quantifiable, data-driven resilience metrics, bridging the gap between security plans and operational reality. Learn how continuous validation transforms cyber defense from a cost center into a measurable return on security investment (ROSI) — and why resilience should be treated as a living capability that evolves alongside adversaries.

As IT and OT environments converge, critical infrastructure faces an evolving threat landscape where cyberattacks can have real-world, physical consequences. In this episode of The Cyber Resilience Brief, host Tova Dvorin and Adrian Culley, Offensive Cybersecurity Engineer at SafeBreach, explore how Continuous Automated Red Teaming (CART) delivers a unified approach to testing and securing IT/OT boundaries. Learn how continuous validation, segmentation assurance, and evidence-based remediation help organizations protect industrial control systems (ICS) and SCADA environments—without disrupting operations. Discover how to align with CISA’s resilience principles, reduce mean time to remediation (MTTR), and strengthen cyber-physical resilience through continuous, safe validation.

In this episode of The Cyber Resilience Brief, hosts Tova Dvorin and Adrian Culley explore the domino effect of supply chain vulnerabilities within critical infrastructure. Using real-world examples like SolarWinds, MOVEit, and Log4j, they unpack how a single compromised vendor can ripple across entire sectors—and how Adversary Exposure Validation (AEV) can help break that chain. Adrian explains how AEV models third-party attack paths and validates resilience across shared dependencies, while Tova highlights the widening IT/OT gap and why Continuous Automated Red Teaming (CART) is essential to maintaining ongoing protection. Tune in to learn how to move beyond “point-in-time” testing and keep your organization’s defenses resilient in a constantly evolving ecosystem.  

In this episode of The Cyber Resilience Brief, host Tova Dvorin and SafeBreach offensive security engineer Adrian Culley explore the high-stakes world of critical infrastructure cybersecurity. November marks Critical Infrastructure Security and Resilience Month, and the discussion dives deep into why continuous validation — not periodic testing — is essential for protecting energy, water, finance, and healthcare systems from nation-state threats. Learn how Breach and Attack Simulation (BAS) can safely test IT/OT boundaries, validate segmentation controls, and transform compliance efforts from “check-the-box” to “prove-the-box.” Discover how SafeBreach empowers critical infrastructure organizations to achieve resilient, safe, and measurable security efficacy without disrupting operations.

The ShinyHunters threat group has transformed from a dark-web data broker into one of the most dangerous alliances in modern cybercrime. In this episode of The Cyber Resilience Brief, host Tova Dvorin and Adrian Culley, Offensive Security Engineer at SafeBreach, break down how the group’s merger with Scattered Spider marks a new era of as-a-service cybercrime — one built on social engineering, AI-powered vishing, and the exploitation of trust in SaaS ecosystems like Salesforce and Snowflake. Discover: How AI-enhanced vishing is bypassing even multi-factor authentication (MFA). Why identity and OAuth tokens are now the new security perimeter. How supply-chain exploitation is redefining enterprise risk. What organizations can do using Breach and Attack Simulation (BAS), Continuous Automated Red Teaming (CART), and Adversarial Exposure Validation (AEV) to stay resilient. This is more than a cybercrime story — it’s a blueprint for defending against the next generation of trust-based attacks.

In the finale of our Cybersecurity Awareness Month series, SafeBreach’s Cyber Resilience Brief delivers its most powerful episode yet — The Cyber Resilience Playbook. Join hosts Tova Dvorin and Adrian Culley as they connect the dots between Breach and Attack Simulation (BAS), Adversarial Exposure Validation (AEV), and Continuous Automated Red Teaming (CART) — revealing how these validation layers work together to create a unified framework for cyber resilience. Discover how organizations can: Continuously validate their security controls against real-world threats Prioritize remediation with threat-driven exposure validation Operationalize resilience with automated red teaming Transform cyber awareness into measurable resilience all year long This episode goes beyond compliance and awareness training — it’s a blueprint for security teams to prove and improve their defenses, optimize spend, and keep their organizations resilient against evolving threats.

How can security teams stay truly proactive in a world where adversaries never stop?In this episode of The Cyber Resilience Brief, hosts Tova Dvorin and Adrian Culley explore Continuous Automated Red Teaming (CART) — the next evolution in proactive security validation. They break down how CART extends beyond traditional red teaming and breach simulation, combining automation and intelligence to deliver 24/7, real-time attack validation. Learn how CART helps organizations: Continuously test and optimize their security controls Detect misconfigurations and vulnerabilities before adversaries do Strengthen overall cyber resilience and operational readiness Whether you’re a CISO, SOC leader, or security engineer, this conversation offers practical insights into how CART and AEV can work together to create a truly continuous defense strategy.Read more about CART on our blog. 

In this episode of The Cyber Resilience Brief, host Tova Dvorin and SafeBreach offensive security expert Adrian Culley unpack BrickStorm — a highly sophisticated espionage operation attributed to China-nexus group UNC5221. With an average dwell time of 393 days, this campaign redefines stealth and persistence in cyber warfare. Discover how attackers are “living off the blind spot” by exploiting critical infrastructure gaps in VPNs, VMware vCenter servers, and ESXi hosts — areas traditional security tools can’t see. Adrian breaks down their use of Go-based malware, delayed activation, and a genius offline credential theft technique that clones virtual machines to exfiltrate data undetected. The episode also explores the strategic implications of this new evolution in supply chain attacks, where adversaries steal today to weaponize tomorrow, and how organizations can defend themselves through proactive security testing, Breach and Attack Simulation (BAS), and Continuous Automated Red Teaming (CART). Key topics: UNC5221’s long-term espionage and data exfiltration tactics How attackers evade EDR and traditional defenses Why BrickStorm represents the “next level” in nation-state cyber operations How BAS and CART expose and close blind spots before attackers do

In episode 2 of our special 4-part Cybersecurity Awareness Month series, The Cyber Resilience Brief hosts Tova Dvorin and Adrian Culley dive deep into Adversary Exposure Validation (AEV) — the next evolution of Breach and Attack Simulation (BAS) and Continuous Threat Exposure Management (CTEM). Learn how AEV helps organizations move beyond endless vulnerability lists to validate exposures that real adversaries exploit, prioritize based on active threat intelligence, and shift from reactive defense to continuous cyber readiness. Featuring insights on SafeBreach’s attack library, MITRE ATT&CK mapping, and why “patch and proceed is dead,” this episode reveals how AEV empowers security teams to focus on risk-driven validation that truly strengthens cyber resilience.

In this urgent episode of The Cyber Resilience Brief, host Tova Dvorin and Adrian Culley, Offensive Security Engineer at SafeBreach, break down the shocking manifesto released by Scattered Spider — also known as Lapsus$ and ShinyHunters — the same threat group now linked to the Jaguar Land Rover cyberattack that’s suspected to have Russian ties. As geopolitical tensions rise and Russia’s hybrid cyber warfare intensifies, Scattered Spider’s public “declaration of war” marks a chilling shift: from quiet ransomware operations to open intimidation of Western governments and Fortune 500 companies. Tova and Adrian unpack how this group combines social engineering, identity theft, and psychological warfare to paralyze organizations — and how companies can fight back using Breach and Attack Simulation (BAS) and Continuous Automated Red Teaming (CART). Don't forget to check out our earlier episodes as well on Scattered Spider (Ep. 15) and on Adventures in the Dark Web (Ep. 17) for more context for this red-hot topic.  We also published blogs on Scattered Spider and on what it's like to talk to hackers on the Dark Web.

October may be Cybersecurity Awareness Month, but as SafeBreach experts Tova Dvorin and Adrian Culley reveal, awareness alone doesn’t stop attackers. In this kickoff episode of our special four-part Cyber Month series, we explore why traditional awareness training and annual penetration tests aren’t enough in today’s rapidly evolving threat landscape. Adrian and Tova break down: Why awareness ≠ readiness — and the critical role of validation How Breach and Attack Simulation (BAS) turns cyber hygiene into measurable resilience The alarming reality: 30% of security controls fail the first time they’re tested Why ransomware remains more dangerous than ever How organizations can continuously test defenses without risking downtime Whether you’re a CISO, security practitioner, or business leader, this episode uncovers why continuous, automated validation is the only way to prove your defenses work against real-world threats. Stay tuned for upcoming episodes on Adversary Exposure Validation (AEV), ransomware trends, and the EU Cyber Resilience Act

In this episode of The Cyber Resilience Brief, we expose the tactics of one of today’s most agile and financially motivated threat groups: BianLian. Originally known for double extortion ransomware, BianLian rapidly pivoted to pure data theft and extortion—making them harder to stop and faster to profit. SafeBreach offensive security engineer Adrian Culley joins host Tova Dvorin to unpack: How BianLian evolved from ransomware to exfiltration-based extortion. The TTPs behind their attacks, from compromised RDP credentials to stealthy “living off the land” techniques. Why traditional defenses struggle to keep pace with their adaptive methods. How organizations can counter them with Breach and Attack Simulation (BAS), Adversarial Exposure Validation (AEV), and Continuous Automated Red Teaming (CART) to test resilience across the full attack chain. If you want to understand how adversaries like BianLian stay ahead—and how you can flip the advantage back to defenders—this episode is for you. 💡 Special Note: In honor of Cybersecurity Awareness Month, we’re releasing two episodes each week throughout October 2025—so be sure to subscribe and catch them all!

As the US government shutdown begins, critical questions emerge about how funding instability threatens the nation’s cyber defense. In this urgent episode of The Cyber Resilience Brief, Tova and Adrian unpack the “dual threat” facing CISA: the looming expiration of the Cybersecurity Information Sharing Act of 2015, and deep budget cuts that could decimate its operational capacity. We explore how these pressures risk crippling CISA’s ability to issue timely, actionable threat alerts—and what that means for CISOs trying to protect their networks today. Beyond CISA, we highlight the domestic agencies and international partners stepping up to fill the gap, from the FBI to the Five Eyes alliance. This episode is a must-listen for security leaders navigating a moment where US cyber resilience hangs in the balance.Disclaimer: SafeBreach, The Cyber Resilience Brief, and hosts Tova and Adrian do not hold any particular views regarding the US government shutdown. This analysis is provided solely to inform cybersecurity leaders with objective insights.

In this episode of the Cyber Resilience Brief, we dive into detection engineering and one of its most powerful tools: parsers. SafeBreach experts Jonathan Tillman and Shachaf Raviv share how parsers transform raw logs into actionable insights, enabling organizations to scale detection engineering, customize security validation, and integrate seamlessly across SIEMs and security controls.--- This episode is also a teaser for our upcoming webinar, “Elevate Detection Engineering at Scale”, where we’ll showcase the brand-new Parsers UI, walk through practical use cases, and answer your questions live. 🔗 Register here: safebreach.com/elevate-detection-engineering-at-scale