The 90% Attack: Inside the First AI-Orchestrated Cyber Espionage Campaign
Anthropic revealed on November 13, 2025, that Chinese state-sponsored hackers successfully weaponized its Claude AI system to conduct the first documented AI-orchestrated cyber espionage campaign. The sophisticated operation, which targeted approximately 30 global organizations including technology companies, financial institutions, and government agencies, was executed with alarming efficiency, as the AI systems performed 80–90% of the campaign autonomously. This unprecedented automation signals a dangerous new era where attack speed and scale now operate at machine timescales, making the adoption of defensive AI ("AI-native security") critical for organizations that wish to counter these threats.
https://breached.company/anthropic-exposes-first-ai-orchestrated-cyber-espionage-chinese-hackers-weaponized-claude-for-automated-attacks
https://breached.company/ai-weaponized-hacker-uses-claude-to-automate-unprecedented-cybercrime-spree
Sponsor:
www.breached.company
www.myprivacy.blog
--------
12:18
--------
12:18
Beyond the First Lie: Building Communication Resilience with the RESIST Framework
Explore the systematic RESIST 3 framework, which guides government communicators through six sequential steps designed to build resilience against the impacts of manipulated, false, and misleading information (MDM). This episode details the crucial "Recognise" stage, where communicators use the FIRST indicators (Fabrication, Identity, Rhetoric, Symbolism, Technology) to identify the components of compromised messages and coordinated behavior. We show how utilizing Impact Analysis and structured evaluation ultimately supports better decisions on prioritizing resources and ensures continuous improvement in counter-disinformation efforts.
https://www.compliancehub.wiki/building-resilience-against-information-threats-a-deep-dive-into-the-uk-governments-resist-3-framework
https://www.myprivacy.blog/the-silent-war-psychological-operations-from-the-kgb-to-tiktok
https://www.compliancehub.wiki/the-white-house-influencer-pipeline-how-the-biden-administration-revolutionized-government-communications-through-social-media
www.securitycareers.help/briefing-document-the-resist-3-framework-for-countering-information-threats
Sponsor:
www.cisomarketplace.com
www.myprivacy.blog
www.compliancehub.wiki
--------
17:09
--------
17:09
From Perimeter to Pipeline: Securing the OWASP Top 10 in the Cloud Era
The 2025 OWASP Top 10 reveals a fundamental shift in application security, showing how threats have transformed from simple code flaws like buffer overflows to exploiting the systemic complexity of cloud-native and microservices architectures. This newest list confirms the continued dominance of Broken Access Control (A01) and spotlights the critical surge of Security Misconfiguration (A02) to the number two spot, reflecting that infrastructure has become the primary attack surface. We examine why Software Supply Chain Failures (A03) became the new perimeter—despite limited presence in collected data—and discuss how integrating DevSecOps practices is the only way to meet modern development velocity.
Sponsors:
https://cloudassess.vibehack.dev
https://vibehack.dev
https://airiskassess.com
https://compliance.airiskassess.com
https://devsecops.vibehack.dev
--------
13:33
--------
13:33
From BOLA to Bots: Building a Layered API Defense Against the Modern Top 10
APIs are the "nervous system" of modern applications, making them the number one attack vector, with flaws like Broken Object Level Authorization (BOLA), Broken Object Property Level Authorization (BOPLA), and Broken Function Level Authorization (BFLA) accounting for a high percentage of breaches. This episode delves into the multi-layered "defense-in-depth" strategies required to mitigate these threats, focusing on input validation, rate limiting, and centralized enforcement via API Gateways We explore how integrating security testing into the CI/CD pipeline and maintaining a proper inventory helps organizations eliminate "shadow" or "zombie" APIs and build a true culture of digital resilience.
Sponsors:
https://cloudassess.vibehack.dev
https://vibehack.dev
https://airiskassess.com
https://compliance.airiskassess.com
https://devsecops.vibehack.dev
--------
40:03
--------
40:03
Orchestrating Security: The DevSecOps Blueprint for 2025
Driven by a market anticipated to exceed USD 40.6 billion by 2030, DevSecOps Engineers are crucial experts who bridge the gaps between software development, security protocols, and operational efficiency. Successful implementation relies on a socio-technical work system that emphasizes cultural transformation, shared security responsibility, and procedural excellence by embedding security ("shifting left") into the Software Development Lifecycle. This episode delves into the key requirements for professionals in 2025, from mastering automation tools like Terraform and ensuring robust container security (Kubernetes/Docker) to leveraging application scanning with tools like SonarQube and Trivy.
Sponsors:
https://cloudassess.vibehack.dev
https://vibehack.dev
https://airiskassess.com
https://compliance.airiskassess.com
https://devsecops.vibehack.dev
CISO Insights: The Cybersecurity Leadership PodcastWhere Security Leaders Shape Tomorrow’s DefensesJoin us for CISO Insights, the definitive podcast for cybersecurity executives navigating today’s evolving threat landscape. Each episode delivers exclusive conversations with industry pioneers and practical frameworks from security leaders.CISO Insights provides actionable intelligence for executives building resilient security programs. We cover everything from board-level risk communication to threat detection, compliance, and talent development.Whether you’re a CISO, aspiring security leader, or technology executive, we equip you with the tools to thrive in a complex digital environment.Connect with us:Shop: cisomarketplace.comNews: threatwatch.newsPodcast: cisoinsights.showTools: microsec.toolsAI Resources: cybersecuritygpt.storeFollow us:TikTok @cisomarketplace - Quick insights and security tipsYouTube @cisomarketplace - In-depth discussions and CISO interviewsTiktok & Youtube: @ScamwatchHQPowered by grit, fueled by caffeine. Thanks for keeping us going!coff.ee/cisomarketplacecoindrop.to/cisomarketplace
Netherlands