Cyber Threat Intelligence Podcast

Attribution is getting weird. The same ransomware ecosystem that used to leave clear fingerprints is now full of affiliate “job hopping,” shared tooling, rapid rebrands, and deep web noise that can trick even experienced cyber threat intelligence teams.

Pedro Kurtzman sits down with Katya Kandratovich to map what’s changing and what’s stubbornly staying the same. We talk about why ransomware remains a dominant cyber threat, how law enforcement takedowns disrupt infrastructure without ending the business, and why ransomware-as-a-service programs keep professionalizing. Katya explains how affiliates move between groups for better payouts and support, and why that movement blurs profiling, negotiation patterns, and incident expectations.

We also get practical about defense. Katya shares how she treats attribution as a decision-support tool, not a badge you follow blindly, and how to separate credible reporting from rumor when doing deep web monitoring. Then we dig into the intrusion basics that still work at scale: phishing and vishing boosted by AI, stealer logs that include portal context, and zero-days and internet-facing app exposure that won’t go away. We explore “living off the land” tradecraft where attackers abuse legitimate admin and device management tools, plus pressure tactics that target employees directly through calls and emails, sometimes even via personal addresses.

Finally, we zoom out to supply chain attacks, MSP risk, third-party integrations, and developer package threats, and we confront a troubling trend: some groups now openly allow healthcare targeting.

Subscribe for more cyber threat intelligence conversations, share this with your security team, and leave a review so more defenders can find the show.
Send us Fan Mail
Support the show
Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

Think your Mac is the safe corner of the network? Olivia Gallucci joins Pedro Kertzman to dismantle the myth of “secure by default” and show how modern attackers slip past comfort-zone defenses. We dig into the real blind spots on macOS, why unified logging and strict entitlements complicate endpoint visibility, and how Apple’s Endpoint Security API helps—while still leaving gaps clever adversaries can exploit.

Olivia walks us through the rise of living-off-the-land tactics on Mac, often called LOLBins, where trusted tools like osascript, curl, launchctl, bash, and dscl become covert malware helpers. Instead of fixating on blocklists, we explore behavior-based detections that catch suspicious parent-child process chains, stealthy downloads, and persistence via launch agents. We also trace the expanding attack surface created by enterprise adoption of Macs among developers, admins, and executives—users with access, keys, and data worth chasing.

On the supply chain front, we unpack how developers get targeted through poisoned dependencies and compromised package ecosystems, with examples tied to CocoaPods issues and malicious packages pulling command-and-control frameworks. For end users, trojanized apps, shady installers, and macro-laced documents still work, and notarization alone isn’t a silver bullet. Olivia shares pragmatic safeguards: dependency pinning, signed builds, stricter MDM policies, and layered monitoring that blends Apple-native frameworks with network telemetry. To help users help themselves, she highlights Objective-See’s open source tools that flag camera, microphone, and persistence changes in plain language.

If you care about macOS security beyond the brochure, this conversation maps the terrain—what’s visible, what isn’t, and how to build defenses that hold up when trust fails. Subscribe, share with a teammate who uses a Mac at work, and leave a review with the one Mac detection you wish you had today.
Send us Fan Mail
Support the show
Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

The moment a “hacktivist” group starts speaking with a state’s voice, the puzzle of attribution changes. We explore how Russian-speaking cybercrime transformed after 2022, why so many crews began to move in sync with national narratives, and what language, targeting, and coordination can reveal about influence without leaning on weak assumptions. Our guest, analyst Anastasia Sentsova, brings deep regional fluency and years of fieldwork to explain how militarization, culture, and policy shape a pipeline that normalizes digital action and pulls volunteers toward more aggressive operations.

We walk through the rise of coordinated Telegram ecosystems, including bot-driven “cyber squads” that gamify propaganda with ranks, points, and real-world rewards. That may sound harmless, but it builds habits, grows networks, and legitimizes escalation. From there, it’s a short step to DDoS—and increasingly—intrusions that touch critical infrastructure. We also examine the ransomware world’s political boundaries: no-go lists that evolved from domestic targets to BRICS countries, selective law enforcement pressure following diplomatic milestones, and the unspoken bargain that keeps operators productive so long as they toe the line.

Rather than force-fit labels like sponsored or tolerated, we talk about influence as a measurable spectrum. Indicators include state rhetoric in native-language posts, synchronized activity with kinetic events, target selection aligned with policy goals, and public signaling when named individuals “celebrate” sanctions without consequence. For practitioners, we offer concrete ways to avoid Western bias, validate translations, and build multi-source cases with explicit confidence levels. And we look ahead: the proxy model travels, youth pipelines deepen skills, and hybrid operations blur the boundary between hacktivists and APTs.

If this kind of clear-eyed CTI resonates, follow the show, share it with your team, and leave a review so others can find it. Join our LinkedIn group, Cyber Threat Intelligence Podcast, to keep the conversation going and tell us what signals you’re tracking next.
Send us Fan Mail
Support the show
Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

🎙 Season 2 Starts March 3rd

Season 1 was about building foundations.
Season 2 is about raising the bar.

We’re diving deeper into the Cyber, Threats, and Intelligence, with practitioners who live it every day.

FULL Video: https://youtu.be/oa2t9GQl6EU

📅 Premiere: March 3rd
🔔 Subscribe now so you don’t miss it.

The threat landscape evolves.
So should we.

Send us Fan Mail
Support the show
Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

Your assistant wants to learn everything about you, remember it forever, and act on your behalf across apps and devices. That promise is powerful—and risky. We break down a no-nonsense safety plan for adopting an always-on AI assistant without handing over your digital life, drawing on years in cybersecurity and months building a personal assistant that listens, learns, and controls real tools.

We start with the foundation: identity isolation and permission design. Instead of connecting your primary accounts, create fresh Google or iCloud identities and selectively share calendars, folders, and photos into that sandbox. Then layer in separation of duties: let the assistant draft emails, code, and automations, but run reviews through a separate model before deploying anything. You’ll hear concrete workflows that preserve the magic of autonomy while catching mistakes, bad defaults, and excessive permissions.

From there, we get tactical about risk. Scope your first use case tightly and keep IoT devices off the table until you’ve watched the system behave for weeks. If you can, use a dedicated machine; if not, contain the runtime with hardened Docker setups—non-root users, minimal images, restricted networking, and secrets handled correctly. Turn on comprehensive logging and make the assistant explain what it did and why. Most importantly, disable auto-install and auto-update for skills and plugins, review changelogs, and promote updates only after testing. Assume failure, keep backups, and apply least privilege at every step.

We close with a direct ask to security professionals: help shape safer AI by contributing hardened images, documentation, and practical guardrails to open-source projects. The genie isn’t going back; users are adopting these tools today. If you’ve got expertise in containers, threat modeling, or secure defaults, your contribution can cut attack surface for thousands of people overnight. If this resonates, subscribe, share with a friend who’s testing an assistant, and leave a review with the one safeguard you plan to implement next.
Send a text
Support the show
Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!