The Cyber Resilience Brief: A SafeBreach Podcast

Ep. 62 - Zero Trust Breaks Against MCP: Why "Verified" No Longer Means Safe

Most enterprises assume their zero trust architecture covers their AI agents. It doesn't. Hosts Tova Dvorin and Adrian Culley break down why zero trust breaks against the Model Context Protocol (MCP) — and why "verified" no longer means "safe." They unpack trust decay, the WhatsApp and GitHub MCP exploits, rug-pull tool poisoning, CVE-2025-49596, and the rise of "zero standing trust," then close with three moves for CISOs this quarter: inventory your MCP estate, mandate authentication, and validate your controls. #cybersecurity #infosec #CISO #MCP #ZeroTrust #AgenticAI #AISecurity #BAS

Ep. 61 - Blind With Scissors: The NSA's MCP Warning for Every Agentic AI Deployment

The NSA just published a rare advisory on the Model Context Protocol (MCP)—the plumbing under nearly every agentic AI deployment of the last 18 months—and the verdict is stark: optional authentication, no token lifecycle, silent behavior changes, and no logging to catch any of it. Host Tova Dvorin sits down with defensive cybersecurity expert Adrian Culley to unpack the eight risk categories, the WhatsApp and GitHub MCP exploits, and why MCP is now a testable validation surface. #cybersecurity #infosec #CISO #MCP #AgenticAI #NSA #CTEM #BAS

Ep. 60 - The Puppet Masters: Mustang Panda's Long Con Against ASEAN Diplomats

When a tired EU diplomat clicks "connect" on an airport Wi-Fi portal, his briefing — and his government's secrets — end up in Chengdu. Hosts Tova Dvorin and Adrian Culley unpack Mustang Panda (APT27 / Bronze President), the Chinese threat group running the long con against NGOs, ASEAN ministries, and Tibetan and Uyghur activists. Inside: captive-portal Wi-Fi Pineapples that bypass MFA, PlugX side-loading through legitimate apps, and the USB worm that jumps air-gapped military networks. #cybersecurity #infosec #CISO #MustangPanda #APT27 #ChinaAPT #BAS #SafeBreach

Ep. 59 - Russia's Cyber Arsenal Exposed: Defeating the FSB, GRU, and BlackCat Before They Strike

In the finale of our Russian intelligence and proxy threat series, SafeBreach engineer Adrian Culley joins host Tova Dvorin to turn five episodes of analysis into concrete, actionable defense. The threat is real — now here's how you stop it. Adrian and Tova walk through five critical mitigation layers your organization needs to implement today: hardening the human firewall through Continuous Automated Red Teaming (CART), enforcing adaptive MFA that Scattered Spider's session token theft and fatigue attacks can't bypass, locking down cloud and SaaS platforms — Salesforce, Snowflake, Okta — against FSB-linked privilege escalation, validating network segmentation against BlackCat ransomware's exact behavioral signatures, and disrupting intelligence sharing between GRU, SVR, FSB, and their criminal proxy networks by tracking IOC convergence in real time. The central thesis: don't guess, test. Every control your team thinks is working needs to be validated against real adversarial behavior — because if SafeBreach can simulate the bypass, so can they.

Ep. 58 - Double Dragon: How China's APT 41 Works for the State by Day — and Itself by Night

China's cyber shadow has already reached your software. APT 41 — known as Double Dragon — isn't just stealing state secrets. They've pioneered a new generation of supply chain attacks, trojanizing the shared code libraries that thousands of organizations trust without question. And their latest splinter unit, UAT 7290, has been inside North American developer environments for over a year — not triggering anything, just watching, learning, and waiting to strike in a way that looks completely native. In this episode, Tova Dvorin and Adrian Culley expose the group that breaks every rule of traditional espionage: how the MSS built an elite hacker force by letting them run their own criminal enterprise on the side, how APT 41 turned the video gaming industry into a personal ATM worth millions, and why China's 2026 cybersecurity law has given these groups a 48-hour head start on every new exploit.