Microsoft Threat Intelligence Podcast

Microsoft

Join us to hear stories from the Microsoft Threat Intelligence community as they navigate the ever-evolving threat landscape - uncovering APTs, cybercrime gangs, malware, vulnerabilities, and other weird and cool tools and tactics in the world of cyber threats. Featuring tales of innovation, teamwork, and cyber espionage, tune in to hear in-depth analyses of Microsoft's influence on the threat landscape and behind the scenes stories from the tireless researchers and analysts that take part. This enthralling and insightful podcast is delivered in a casual, conversational style that transports you to the frontlines of cyber defense.

  1. 2 days ago

    Casey Ellis on How AI Is Reshaping Vulnerability Research and Patching

    In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo sits down with Casey Ellis, founder of Bugcrowd and co-founder of disclose.io, to explore how AI is reshaping vulnerability research, bug bounty programs, and the future of cyber defense. They discuss the growing volume of vulnerabilities, the challenges of responsible disclosure, the rise of AI-assisted hacking, and what happens when increasingly powerful tools are placed in the hands of both defenders and attackers. The conversation also dives into the human side of cybersecurity, from community and creativity to maintaining optimism and connection in an AI-driven world.  In this episode you’ll learn:       How AI is changing vulnerability research for both defenders and threat actors  The challenges of responsible disclosure in an age of rapid software development  Why cybersecurity experts believe vulnerability volume is growing faster than ever  Some questions we ask:       How will AI affect individual threat actors, hacktivists, and cybercriminals?  What tasks should humans continue doing instead of outsourcing AI?  When does publishing vulnerability research help defenders versus help threat actors?  Resources:   View Casey Ellis on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

    1hr 3min
  2. 17 Jun

    Hot Cybercrime Summer:  Smishing, Supply Chains, and Sleuthcon

    In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo sits down with Aurora Johnson of SpyCloud and Amitai Cohen of Wiz ahead of SleuthCon to explore two rapidly changing corners of the cybercrime landscape.   Aurora breaks down the highly organized Chinese-language smishing ecosystem, revealing how phishing operations, fraud networks, and cash-out schemes work together like a mature business.   Amitai examines the growing threat to software supply chains, explaining how groups like Team PCP are exploiting CI/CD pipelines, open-source dependencies, and AI-assisted malware development.   Together, they discuss the industrialization of cybercrime, the role of automation and AI, and why defenders must rethink how they secure today's interconnected digital ecosystem.   In this episode you’ll learn:       Why cybercrime ecosystems now operate like sophisticated businesses  How NFC relay attacks are being used to cash out stolen credit card data  The role Telegram marketplaces play in modern fraud operations  Some questions we ask:      How industrialized has modern cybercrime become?  What clues suggest threat actors are using AI to create malware?  What are defenders missing about CI/CD pipelines as an attack surface?  Resources:   View Aurora Johnson on LinkedIn   View Amitai Cohen on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

    40 min
  3. 3 Jun

    Supply Chain Attacks: Open Source or Open Door?

    In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Allie Luhrs and Mario Samolis from Microsoft Security to explore the growing threat of open source software supply chain attacks. They discuss how malicious NPM packages, compromised developer ecosystems, AI-generated attacks, and software dependency risks are reshaping modern incident response, while sharing insights from their recent presentation at BlueHat IL 2025.   In this episode you’ll learn:       How attackers are targeting open source software ecosystems at scale  Why AI is accelerating both cyberattacks and threat detection  What was uncovered during their BlueHat presentation on modern software supply chain attacks  Some questions we ask:      What patterns did you uncover in NPM attack campaigns?  Should developers rely on dependencies or build everything themselves?  Why should organizations pay closer attention to open source security risks?  Resources:   View Allie Luhrs on LinkedIn   View Mario Samolis on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

    39 min
  4. 20 May

    Eviltokens: A Conversation with Huntress on an AI‑Enabled Device Code Phishing Campaign

    In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo joins researchers from Huntress to break down the rise of EvilTokens, an AI-powered phishing-as-a-service platform designed to bypass MFA and automate credential theft at scale. Together, they explore how attackers are leveraging legitimate authentication flows, trusted infrastructure, and AI-generated phishing lures to blend malicious activity into normal enterprise traffic. The conversation also examines how modern phishing operations have evolved into highly professionalized cybercrime ecosystems and what defenders must do to adapt their identity security strategies.   In this episode you’ll learn:       How EvilTokens bypasses MFA using device code phishing  Why AI-powered phishing campaigns are harder to detect  What makes modern phishing kits highly scalable and automated  Some questions we ask:      What role does trusted infrastructure play in these attacks?  Why are traditional phishing defenses struggling against these tactics?  How are modern phishing kits becoming more professionalized?  Resources:   Watch the LinkedIn live recording  Read Huntress’ related research  View Lindsay O’Donnell-Welch on LinkedIn  View Jamie Levy on LinkedIn  View Sherrod DeGrippo on LinkedIn   Related Microsoft Podcasts:                    Security Insider Conversations  The BlueHat Podcast  Uncovering Hidden Risks      Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

    42 min
  5. 6 May

    Russia’s Forest Blizzard Is Abusing Home + Small Office Routers for Cred Theft

    This week on the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo speaks with Danny Adamitis, Distinguished Engineer at Lumen Technologies’ Black Lotus Labs who break down how the Russian state-linked threat actor Forest Blizzard is exploiting home and small office routers to hijack DNS traffic, enabling large-scale surveillance and targeted credential theft. The conversation highlights how this low-cost approach scales globally, why unmanaged routers have become a critical weak point, and how tactics, from brute force to token theft to DNS hijacking continue to evolve.  In this episode you’ll learn:       How Forest Blizzard exploits home routers to intercept DNS traffic  Why unmanaged routers are a major blind spot in modern security  How tactics have evolved from brute force to token-based access  Some questions we ask:      What defines Forest Blizzard and how they operate?  How does this impact machine-to-machine or service account security?  What are the broader third-party or downstream risks?  Resources:   View Danny Adamitis on LinkedIn   View Sherrod DeGrippo on LinkedIn   Justice Department Conducts Court-Authorized Disruption of DNS Hijacking Network Controlled by a Russian Military Intelligence Unit  FrostArmada: All thriller, no (malware) filler    Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

    52 min
  6. 22 Apr

    The Cybercrime Shift: From Opportunistic Attacks to Marketplace-Driven Ecosystem

    In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo speaks with Maurice Mason and Jackie Burns-Koven to explore how cybercrime has shifted into a highly organized, marketplace-driven ecosystem. They break down the growing convergence between criminal networks and nation-state actors, highlighting how shared tools, infrastructure, and cryptocurrency have blurred traditional boundaries.  The conversation dives into the rise of as-a-service cybercrime models, where access, malware, and infrastructure can be easily bought and sold, lowering barriers to entry and increasing attack volume. They also examine how blockchain intelligence is becoming a critical tool for tracking illicit activity, improving attribution, and disrupting operations.  In this episode you’ll learn:       How cybercrime has evolved into a scalable, marketplace-driven ecosystem  Why initial access brokers are lowering the barrier to entry for attackers  How proactive disruption and collaboration can reduce ransomware impact and payments  Some questions we ask:      What role does crypto intelligence play in prevention and detection?  Why are threat actors shifting to alternative cryptocurrencies?  How can defenders better protect themselves against these threats?    Resources:   View Maurice Mason on LinkedIn   View Jackie Burns-Koven on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

    40 min
  7. 8 Apr

    Ransomware: From Isolated Attacks to Global Criminal Ecosystem

    In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo speaks with Cynthia Kaiser to unpack the progression of ransomware from isolated attacks into a sophisticated global criminal ecosystem. Drawing on her two decades at the FBI and current role at Halcyon, Cynthia explains how cybercrime has scaled through organized networks, improved tactics, and increasing speed, with some attacks now unfolding in under an hour.   The conversation explores how law enforcement strategies have shifted from targeting low-level actors to disrupting entire ecosystems, leading to more impactful takedowns. Cynthia also highlights the real-world consequences of ransomware, including its growing impact on critical infrastructure like hospitals and the potential for loss of life. The episode examines how AI is shaping both attacker and defender capabilities, accelerating phishing and access while also enabling stronger defensive responses.   In this episode you’ll learn:       How ransomware evolved into a global organized criminal ecosystem  Why modern ransomware attacks are faster, more scalable, and harder to stop  The real-world impact of ransomware, including risks to critical infrastructure  Some questions we ask:      How has ransomware shifted into a larger ecosystem over time?  What are companies getting wrong about cyber insurance and recovery?  Are autonomous AI-driven attacks a real threat yet?  Resources:   View Cynthia Kaiser on LinkedIn  View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

    48 min
  8. 25 Mar

    Winter SHIELD: Closing the Security Control Gap

    In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo speaks with Jarrod Forgues Schlenker of the FBI’s Cyber Division about the pattern's investigators see in cyber incidents and how initiatives like Operation Winter Shield aim to close the gap between knowing what to do and actually implementing it.   They discuss the importance of foundational controls like phishing-resistant authentication, secure logging, and strong identity protection, as well as the role threat intelligence and prevention play in strengthening organizational defenses. The conversation highlights how small, practical security improvements can significantly disrupt attackers and help organizations reduce risk before an incident occurs.  In this episode you’ll learn:       How the FBI identifies recurring patterns in cyber-attacks across investigations  Why phishing-resistant authentication and MFA are critical for stopping credential theft  What Operation Winter Shield is and how it encourages organizations to move from awareness to action   Some questions we ask:      Which security control themes in the program stand out to you the most?  Why are log retention and protection so critical during investigations?  How can threat intelligence programs help organizations strengthen their defenses?    Resources:   View Jarrod Forgues Schlenker on LinkedIn View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

    37 min

About

Join us to hear stories from the Microsoft Threat Intelligence community as they navigate the ever-evolving threat landscape - uncovering APTs, cybercrime gangs, malware, vulnerabilities, and other weird and cool tools and tactics in the world of cyber threats. Featuring tales of innovation, teamwork, and cyber espionage, tune in to hear in-depth analyses of Microsoft's influence on the threat landscape and behind the scenes stories from the tireless researchers and analysts that take part. This enthralling and insightful podcast is delivered in a casual, conversational style that transports you to the frontlines of cyber defense.

You Might Also Like