Security Intelligence

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence In this special year-end episode of Security Intelligence, we reflect on 2025, a year of new attack methods (ClickFix), new vulnerabilities (vibecoding) and new worries on the horizon (shadow agents). From hijacked AI agents to massive supply chain breaches, 2025 forced security leaders to confront a sobering reality: trust might just be our biggest attack surface. Join hosts Matt Kosinski and Patrick Austin for a jam-packed look back at the biggest cybersecurity trends and cyberattacks of 2025, the lessons we can learn from them and what the road ahead looks like. Featuring: 00:00 – Introduction4:10 – AI and data security with Michelle Alvarez and Jeff Crume 22:42 – Biggest cyberattacks of 2025 with Dave Bales and Nick Bradley 38:18 – Major lessons, innovations and failures of cybersecurity in 2025 with Suja Viswesan and Sridhar Muppidi All that and more on Security Intelligence. The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Learn more about cybersecurity → https://www.ibm.com/think/security

AI browsers are neat—but are they more trouble than they’re worth? In this episode of Security Intelligence, Austin Zeizel, Evelyn Anderson and Ryan Anschutz discuss Gartner’s recent advisory warning organizations to ban AI browsers from the workplace for the time being. Is there anything we can do to make them safe enough to use? And that leads to a broader conversation about the relationship between AI model providers and the cybersecurity community. In the wake of some high-profile attacks using AI models—like the spy ring Anthropic busted—cybersecurity pros are split on whether AI vendors are pulling their weight in threat intel circles. This one has it all: spam bombing, social engineering and malicious virtual machines. All that and more on Security Intelligence. 00:00 – Introduction 01:14 -- Gartner: No AI browsers at work 13:38 -- Should AI vendors share threat intel? 23:11 -- MITRE’s top 25 most dangerous software flaws 33:15 -- Are social logins safe? 41:54 -- Bring-your-own-VM attacks The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Learn more about cybersecurity → https://www.ibm.com/think/security

Just how big a deal is React2Shell? Depending on who you ask, it’s either a Log4Shell-level event or just another average, everyday application security vulnerability. Patch and move on. This week, on Security Intelligence, panelists Sridhar Muppidi, Claire Nuñez and Ian Molloy weigh in on the contentious debate React2Shell has sparked. However it shakes out, one thing is for sure: The response to this vulnerability has been anything but typical. We also dive into: 13:01 -- Whether malicious LLMs like WormGPT live up to the hype 23:40 -- How hackers can lock you out of your Gmail account by changing your age 34:09 -- What happens when two different threat actors attack you at the same time 42:37 -- Why cybersecurity pros should care about solar radiation grounding 6,000 flights All that and more on Security Intelligence. The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence Subscribe for AI and security updates → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120

Being a malware reverse engineer isn’t always glamorous work. You spend a lot of time digging through junk emails. But when you find something in there—well, that’s a whole different story. On this episode of Security Intelligence, X-Force Malware Reverse Engineer Raymond Joseph Alfonso tells us about the time he discovered a curious new malware loader in the honeypot. And that leads to a bigger conversation about how hackers hide malicious code from view—and some of the new techniques they’re cooking up to stay hidden. The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Learn more about QuirkyLoader → https://www.ibm.com/think/x-force/ibm-x-force-threat-analysis-quirkyloader Follow the Security Intelligence podcast on your preferred platform → https://www.ibm.com/think/podcasts/security-intelligence