Podcast
Microsoft Threat Intelligence Podcast
Hosted by Microsoft · EN
Join us to hear stories from the Microsoft Threat Intelligence community as they navigate the ever-evolving threat landscape - uncovering APTs, cybercrime gangs, malware, vulnerabilities, and other weird and cool tools and tactics in the world of cyber threats. Featuring tales of innovation, teamwork, and cyber espionage, tune in to hear in-depth analyses of Microsoft's influence on the threat landscape and behind the scenes stories from the tireless researchers and analysts that take part. This enthralling and insightful podcast is delivered in a casual, conversational style that transports you to the frontlines of cyber defense.
17episodes
Episodes
Newest firstAll episodes
Supply Chain Attacks: Open Source or Open Door?
3d ago00:38:46Tap to summarizeIn this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Allie Luhrs and Mario Samolis from Microsoft Security to explore the growing threat of open source software supply chain attacks. They discuss how malicious NPM packages, compromised developer ecosystems, AI-generated attacks, and software dependency risks are reshaping modern incident response, while sharing insights from their recent presentation at BlueHat IL 2025. In this episode you’ll learn: How attackers are targeting open source software ecosystems at scale Why AI is accelerating both cyberattacks and threat detection What was uncovered during their BlueHat presentation on modern software supply chain attacks Some questions we ask: What patterns did you uncover in NPM attack campaigns? Should developers rely on dependencies or build everything themselves? Why should organizations pay closer attention to open source security risks? Resources: View Allie Luhrs on LinkedIn View Mario Samolis on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.
Transcribe →Eviltokens: A Conversation with Huntress on an AI‑Enabled Device Code Phishing Campaign
2w ago00:42:25Tap to summarizeIn this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo joins researchers from Huntress to break down the rise of EvilTokens, an AI-powered phishing-as-a-service platform designed to bypass MFA and automate credential theft at scale. Together, they explore how attackers are leveraging legitimate authentication flows, trusted infrastructure, and AI-generated phishing lures to blend malicious activity into normal enterprise traffic. The conversation also examines how modern phishing operations have evolved into highly professionalized cybercrime ecosystems and what defenders must do to adapt their identity security strategies. In this episode you’ll learn: How EvilTokens bypasses MFA using device code phishing Why AI-powered phishing campaigns are harder to detect What makes modern phishing kits highly scalable and automated Some questions we ask: What role does trusted infrastructure play in these attacks? Why are traditional phishing defenses struggling against these tactics? How are modern phishing kits becoming more professionalized? Resources: Watch the LinkedIn live recording Read Huntress’ related research View Lindsay O’Donnell-Welch on LinkedIn View Jamie Levy on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Security Insider Conversations The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.
Transcribe →Russia’s Forest Blizzard Is Abusing Home + Small Office Routers for Cred Theft
May 600:51:37Tap to summarizeThis week on the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo speaks with Danny Adamitis, Distinguished Engineer at Lumen Technologies’ Black Lotus Labs who break down how the Russian state-linked threat actor Forest Blizzard is exploiting home and small office routers to hijack DNS traffic, enabling large-scale surveillance and targeted credential theft. The conversation highlights how this low-cost approach scales globally, why unmanaged routers have become a critical weak point, and how tactics, from brute force to token theft to DNS hijacking continue to evolve. In this episode you’ll learn: How Forest Blizzard exploits home routers to intercept DNS traffic Why unmanaged routers are a major blind spot in modern security How tactics have evolved from brute force to token-based access Some questions we ask: What defines Forest Blizzard and how they operate? How does this impact machine-to-machine or service account security? What are the broader third-party or downstream risks? Resources: View Danny Adamitis on LinkedIn View Sherrod DeGrippo on LinkedIn Justice Department Conducts Court-Authorized Disruption of DNS Hijacking Network Controlled by a Russian Military Intelligence Unit FrostArmada: All thriller, no (malware) filler Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.
Transcribe →The Cybercrime Shift: From Opportunistic Attacks to Marketplace-Driven Ecosystem
Apr 2200:40:28Tap to summarizeIn this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo speaks with Maurice Mason and Jackie Burns-Koven to explore how cybercrime has shifted into a highly organized, marketplace-driven ecosystem. They break down the growing convergence between criminal networks and nation-state actors, highlighting how shared tools, infrastructure, and cryptocurrency have blurred traditional boundaries. The conversation dives into the rise of as-a-service cybercrime models, where access, malware, and infrastructure can be easily bought and sold, lowering barriers to entry and increasing attack volume. They also examine how blockchain intelligence is becoming a critical tool for tracking illicit activity, improving attribution, and disrupting operations. In this episode you’ll learn: How cybercrime has evolved into a scalable, marketplace-driven ecosystem Why initial access brokers are lowering the barrier to entry for attackers How proactive disruption and collaboration can reduce ransomware impact and payments Some questions we ask: What role does crypto intelligence play in prevention and detection? Why are threat actors shifting to alternative cryptocurrencies? How can defenders better protect themselves against these threats? Resources: View Maurice Mason on LinkedIn View Jackie Burns-Koven on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.
Transcribe →Ransomware: From Isolated Attacks to Global Criminal Ecosystem
Apr 800:48:27Tap to summarizeIn this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo speaks with Cynthia Kaiser to unpack the progression of ransomware from isolated attacks into a sophisticated global criminal ecosystem. Drawing on her two decades at the FBI and current role at Halcyon, Cynthia explains how cybercrime has scaled through organized networks, improved tactics, and increasing speed, with some attacks now unfolding in under an hour. The conversation explores how law enforcement strategies have shifted from targeting low-level actors to disrupting entire ecosystems, leading to more impactful takedowns. Cynthia also highlights the real-world consequences of ransomware, including its growing impact on critical infrastructure like hospitals and the potential for loss of life. The episode examines how AI is shaping both attacker and defender capabilities, accelerating phishing and access while also enabling stronger defensive responses. In this episode you’ll learn: How ransomware evolved into a global organized criminal ecosystem Why modern ransomware attacks are faster, more scalable, and harder to stop The real-world impact of ransomware, including risks to critical infrastructure Some questions we ask: How has ransomware shifted into a larger ecosystem over time? What are companies getting wrong about cyber insurance and recovery? Are autonomous AI-driven attacks a real threat yet? Resources: View Cynthia Kaiser on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.
Transcribe →Winter SHIELD: Closing the Security Control Gap
Mar 2500:36:39Tap to summarizeIn this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo speaks with Jarrod Forgues Schlenker of the FBI’s Cyber Division about the pattern's investigators see in cyber incidents and how initiatives like Operation Winter Shield aim to close the gap between knowing what to do and actually implementing it. They discuss the importance of foundational controls like phishing-resistant authentication, secure logging, and strong identity protection, as well as the role threat intelligence and prevention play in strengthening organizational defenses. The conversation highlights how small, practical security improvements can significantly disrupt attackers and help organizations reduce risk before an incident occurs. In this episode you’ll learn: How the FBI identifies recurring patterns in cyber-attacks across investigations Why phishing-resistant authentication and MFA are critical for stopping credential theft What Operation Winter Shield is and how it encourages organizations to move from awareness to action Some questions we ask: Which security control themes in the program stand out to you the most? Why are log retention and protection so critical during investigations? How can threat intelligence programs help organizations strengthen their defenses? Resources: View Jarrod Forgues Schlenker on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.
Transcribe →AI as Tradecraft: How Threat Actors Are Operationalizing AI
Mar 1100:21:46Tap to summarizeIn this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Greg Schlomer and Vlad H. to discuss new research on Jasper Sleet, a North Korean–aligned threat actor incorporating AI into active operations. The conversation examines how AI is being integrated across the attack lifecycle — from highly tailored phishing lures and fabricated job applicant personas to accelerating malware development and refining operational workflows. Rather than treating AI as a novelty, Jasper Sleet is using it to increase speed, scale, and adaptability while reducing many of the friction points that once slowed campaigns. They also explore what this shift means for defenders. As AI compresses iteration cycles and lowers barriers to entry, traditional attribution signals evolve, influence operations become more convincing, and defensive teams must tighten the loop between intelligence, detection, and response. This is less about experimentation and more about the operationalization of AI as part of modern tradecraft. In this episode you’ll learn: How AI is changing the speed at which cyber operations evolve Why jailbreaking AI models is often trivial for motivated adversaries The strategic implications of AI leveling the playing field between threat actors Some questions we ask: Is there resistance among experienced malware authors to adopting AI? Are we seeing fully AI-written malware in the wild? What stands out about Jasper Sleet’s use of AI? Resources: View Greg Schloemer on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.
Transcribe →AI Recommendation Poisoning: When Optimization Becomes Manipulation
Feb 2600:26:00Tap to summarizeIn this episode of the Microsoft Threat Intelligence Podcast, Sherrod DeGrippo speaks with Microsoft security and AI researchers Giorgio Severi and Noam Kochavi about a newly observed trend in AI abuse: recommendation poisoning through memory manipulation. While looking into prompt injection and reprompt-style behaviors, the team uncovered something quieter but potentially more persistent—websites embedding hidden instructions inside Summarize with AI links that attempt to influence what an AI assistant remembers and recommends over time. Rather than focusing on immediate exploitation, this technique aims to shape long-term behavior inside AI systems. Giorgio and Noam explain how it works, why it’s spreading across industries, where legitimate marketing tactics can blur into security risk, and what defenders and users should understand about managing AI memory in an increasingly agent-driven environment. In this episode you’ll learn: How AI memory poisoning differs from traditional prompt injection Why legitimate businesses are using memory manipulation tactics What threat hunters can look for inside enterprise telemetry Some questions we ask: How is memory poisoning different from prompt injection? What are the long-term risks of embedding bias into AI memory? Could this technique be used for more harmful influence beyond marketing? Resources: View Giorgio Severi on LinkedIn View Noam Kochavi on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.
Transcribe →Unpacking the Latest Threats Targeting the Financial Services Industry
Feb 1100:30:25Tap to summarizeIn this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Microsoft security researchers Megan Stalling and Anna Seitz to examine how financially motivated threat actors are using familiar, low-complexity techniques to drive real-world impact across the financial services sector. They examine Storm-0727, a financially motivated threat actor targeting cryptocurrency, financial services, and government entities, highlighting how simple techniques like financial-themed lures, macro-enabled documents, and credential theft allow attackers to quietly establish and maintain access. The conversation then expands to broader financial-services threat trends, including business email compromise, ransomware with data extortion, phishing-as-a-service, and why social engineering and unpatched vulnerabilities continue to succeed even in mature security environments. In this episode you’ll learn: How credential theft helps attackers maintain persistence Why social engineering works even in well-secured environments How Storm-0727 targets financial services and cryptocurrency organizations Some questions we ask: What happens after a victim opens a macro-enabled document used by Storm-0727? How are phishing as a service platforms changing the threat landscape? What major threat trends are currently shaping the financial services sector? Resources: View Megan Stalling on LinkedIn View Anna Seitz on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider
Transcribe →Fact vs Hype: How Threat Actors Are Really Using AI Right Now
Jan 2800:41:34Tap to summarizeIn this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researcher Crane Hassold and Digital Defense Report lead Chloe Mesdaghi for a grounded, practitioner-led discussion on where artificial intelligence actually stands today. Moving beyond hype and fear-driven narratives, the conversation examines how AI is realistically being used by threat actors, where its impact is often overstated, and why defenders currently stand to gain the most from AI-driven tooling. The episode explores AI’s strengths in detection, triage, and workflow acceleration, the psychology and incentives that shape attacker behavior, and emerging risks such as prompt injection and AI systems becoming direct attack targets. In this episode you’ll learn: Where AI is genuinely being used in real-world cyber operations Why AI systems themselves are becoming attractive targets for attackers How AI is accelerating defensive workflows like detection engineering and threat triage Some questions we ask: What does AI do well right now, and where has it been overpromised? Does AI shift the balance of power toward defenders or attackers? Why are prompt injection and agent manipulation such serious concerns? Resources: View Chloé Messdaghi on LinkedIn View Crane Hassold on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.
Transcribe →