DISCARDED: Tales From the Threat Research Trenches

Send us fan mail!
Hello to all our Cyber Pals!
Host Selena Larson is joined by guest host Sarah Sabotka as they chat with returning guest: Alex Pinto, Associate Director of Threat Intelligence at Verizon Business, and the architect behind the Verizon Data Breach Investigations Report. 
Alex joins hosts Selena Larson and Sarah Sabatka to break down the most important findings from this year's report — and there's a lot to unpack.
From vulnerabilities overtaking credential abuse as the leading initial access vector, to the sobering reality that organizations are patching more but getting worse outcomes, this year's DBIR paints a complex picture of a threat landscape under pressure. The team also digs into the rise of pretexting and voice-based social engineering, what the data actually says about GenAI and threat actors (spoiler: mostly reinventing the wheel — for now), and why third-party and supply chain compromises are quietly becoming one of the biggest stories in security.
They discuss:
The VERIS framework and why standardization in threat intelligence matters
Ransomware taxonomy, data extortion, and why classification is still a headache
Pretexting vs. phishing — and why they require completely different defenses
Vulnerability exploitation as the new number one initial access vector
Patching capacity and why outcomes are getting worse despite more effort
What the DBIR data actually shows about GenAI usage by threat actors
Third-party and supply chain breaches — up 60% year over year
Shadow AI and the emerging DLP problem no one's fully ready for
A sneak peek at Verizon's upcoming cost-of-a-data-breach report
The DBIR drops once a year — make sure you're getting the most out of it with this breakdown straight from the source, all 121 nutritious, fiber-rich pages of it.

Resources Mentioned:
2026 DBIR

For more information about Proofpoint, check out our website.

Subscribe & Follow:
Stay ahead of emerging threats, and subscribe! Happy hunting!

Send us fan mail!
What does it actually look like to bring AI into a threat intelligence program at one of the internet's most iconic companies?

Hello to all our Cyber Pals!
Host Selena Larson is joined by guest host, Sarah Sabotka as they chat with Sean Zadig, Chief Information Security Officer (and "Chief Paranoid") at Yahoo, for a candid conversation about the evolving intersection of AI and cybersecurity.
Sean shares how Yahoo's security team, the Paranoids, is navigating the agentic AI transformation: from running a company-wide "skill-a-thon" to get every team member building Claude-powered tools, to rethinking legacy infrastructure from the ground up. He also opens up about what keeps him up at night; including the looming threat of AI-powered exploit frameworks like Mythos, the growing signal-to-noise problem in threat intel feeds, and the very real risk of analyst burnout as the pace of the industry accelerates.
But Sean's outlook is surprisingly optimistic. He argues that defenders have a home-field advantage, that the best code ever written is just 12–18 months away, and that the goal of AI in security shouldn't be doing more with fewer people–it should be building more resilient teams.

For more information about Proofpoint, check out our website.
 

Subscribe & Follow:
Stay ahead of emerging threats, and subscribe! Happy hunting!

Send us fan mail!
Hello to all our Cyber Sunbeams!
Host Selena Larson is joined by guest host, Sarah Sabotka as they chat with Jake Gionet to unpack one of the fastest-growing threats in today’s cyber landscape: device code phishing.
What started as a niche technique used in red team exercises has quickly evolved into a widely adopted method for account takeover—fueled by publicly available phishing kits and accelerated by AI-assisted tooling. The trio breaks down how device code phishing works, why it’s suddenly everywhere, and how attackers are exploiting legitimate authentication flows to bypass traditional defenses.
They also explore the rise of “phishing-as-a-service” platforms like Evil Tokens, the surprising lack of sophistication behind many campaigns, and how AI is both enabling attackers and exposing their mistakes. Along the way, they dig into real-world examples, threat actor missteps, and the blurry line between innovation and imitation in cybercrime.
If you’ve been hearing the buzz around device code phishing and want a clear, grounded explanation—without the hype—this episode delivers. Plus, practical insights on what defenders should actually focus on as these techniques continue to evolve.
Resources Mentioned:
https://www.proofpoint.com/us/blog/threat-insight/access-granted-phishing-device-code-authorization-account-takeover
https://www.proofpoint.com/us/blog/threat-insight/access-granted-phishing-device-code-authorization-account-takeover

For more information about Proofpoint, check out our website.
 
Subscribe & Follow:
Stay ahead of emerging threats, and subscribe! Happy hunting!

Send us fan mail!
Hello to all our Cyber Pals, Cyber Centaurs, Cyber Stars, and listeners who have been with us for 100 episodes! It’s our 100th episode—and we’re raising a glass to celebrate. 🥂
Host Selena Larson is joined by long-time guest hosts, Sarah Sabotka and Tim Kromphardt, and honorary host, VP of Proofpoint Threat Research Daniel Blackford, for this commemorative episode of Discarded! We reflect on the journey so far, revisit standout moments, and look ahead to what’s next in cybersecurity.
From unforgettable guests and inside jokes to real lessons learned from years of tracking threat actors, this episode is part celebration, part reflection, and part unfiltered cyber chat.
We dig into:
Favorite podcast guests and the insights that stuck with us
The reality vs. hype of AI in cybersecurity (and what’s actually useful)
How threat actors are evolving—and where they’re… not
The surprising truth about targeting, myths in the industry, and why attackers don’t need to be sophisticated to be effective
Behind-the-scenes looks at the tools and research we’re building right now
Plus, we answer listener questions, share a few laughs (and a few drinks), and talk about what the next 100 episodes might hold.
Whether you’ve been with us since episode one or just discovered the show, this milestone episode is a thank-you to our listeners—and a reminder that cybersecurity is as much about people as it is about technology.
Cheers to 100 episodes. 🍾

Resources Mentioned:

https://www.nytimes.com/2026/04/04/technology/ai-chatbots-teen-roleplay.html

For more information about Proofpoint, check out our website.
 

Subscribe & Follow:
Stay ahead of emerging threats, and subscribe! Happy hunting!

Send us fan mail!
Hello to all our Cyber Daffodils! Host Selena Larson, and guest Host, Tim Kromphardt, sit down with Stuart Del Caliz, Senior Threat Detection Engineer at Proofpoint, to unpack the stealthy world of backdoors, malware detection, and the “secret signals” threat actors use to stay hidden.
From magic packets and port knocking to sophisticated backdoors like BPFdoor, Stuart shares how attackers design covert communication methods—and how defenders work to uncover them without overwhelming security teams with noise. The conversation blends deep technical insight with real-world analogies (think speakeasy knocks and undercover “internet cops”) to make complex detection strategies easier to understand.

You’ll also hear:
How detection engineers balance accuracy and performance when writing IDS/IPS signatures
Why some advanced malware can remain undetected for years—and whether we’re simply not seeing it
How historic leaks like Shadow Brokers still influence modern attack techniques
The role of “pattern matching” in identifying evolving malware behaviors
How file metadata and revoked certificates can reveal threats hiding in plain sight
Why community collaboration and feedback loops are critical to stronger detections
Whether you’re a security practitioner or deep in the trenches, this episode offers a closer look at the craft of detection engineering—and the constant challenge of writing high-fidelity detections against increasingly evasive threat techniques.

Resources Mentioned:

https://community.emergingthreats.net/
https://www.rapid7.com/blog/post/tr-bpfdoor-telecom-networks-sleeper-cells-threat-research-report/
https://www.wired.com/story/nsa-hacking-tools-stolen-hackers/
https://github.com/x0rz/EQGRP

For more information about Proofpoint, check out our website.
 

Subscribe & Follow:
Stay ahead of emerging threats, and subscribe! Happy hunting!