The Microsoft Threat Intelligence Podcast

The Microsoft Threat Intelligence Podcast

Join us to hear stories from the Microsoft Threat Intelligence community as they navigate the ever-evolving threat landscape - uncovering APTs, cybercrime gangs, malware, vulnerabilities, and other weird and cool tools and tactics in the world of cyber threats. Featuring tales of innovation, teamwork, and cyber espionage, tune in to hear in-depth analyses of Microsoft's influence on the threat landscape and behind the scenes stories from the tireless researchers and analysts that take part. This enthralling and insightful podcast is delivered in a casual, conversational style that transports you to the frontlines of cyber defense.

Trailer

Recent Episodes

Ep 72 | 7.1.26

Casey Ellis on How AI Is Reshaping Vulnerability Research and Patching

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ sits down with Casey Ellis, founder of Bugcrowd and co-founder of disclose.io, to explore how AI is reshaping vulnerability research, bug bounty programs, and the future of cyber defense. They discuss the growing volume of vulnerabilities, the challenges of responsible disclosure, the rise of AI-assisted hacking, and what happens when increasingly powerful tools are placed in the hands of both defenders and attackers. The conversation also dives into the human side of cybersecurity, from community and creativity to maintaining optimism and connection in an AI-driven world.

TranscriptTranscript
Ep 71 | 6.17.26

Hot Cybercrime Summer:  Smishing, Supply Chains, and Sleuthcon

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ sits down with Aurora Johnson of SpyCloud and Amitai Cohen of Wiz ahead of SleuthCon to explore two rapidly changing corners of the cybercrime landscape. Aurora breaks down the highly organized Chinese-language smishing ecosystem, revealing how phishing operations, fraud networks, and cash-out schemes work together like a mature business. Amitai examines the growing threat to software supply chains, explaining how groups like Team PCP are exploiting CI/CD pipelines, open-source dependencies, and AI-assisted malware development. Together, they discuss the industrialization of cybercrime, the role of automation and AI, and why defenders must rethink how they secure today's interconnected digital ecosystem.

TranscriptTranscript
Ep 70 | 6.3.26

Supply Chain Attacks: Open Source or Open Door?

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ is joined by Allie Luhrs and Mario Samolis from Microsoft Security to explore the growing threat of open source software supply chain attacks. They discuss how malicious NPM packages, compromised developer ecosystems, AI-generated attacks, and software dependency risks are reshaping modern incident response, while sharing insights from their recent presentation at BlueHat IL 2025.

TranscriptTranscript
Ep 69 | 5.20.26

Eviltokens: A Conversation with Huntress on an AI‑Enabled Device Code Phishing Campaign

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ joins researchers from Huntress to break down the rise of ⁠EvilTokens⁠, an AI-powered phishing-as-a-service platform designed to bypass MFA and automate credential theft at scale. Together, they explore how attackers are leveraging legitimate authentication flows, trusted infrastructure, and AI-generated phishing lures to blend malicious activity into normal enterprise traffic. The conversation also examines how modern phishing operations have evolved into highly professionalized cybercrime ecosystems and what defenders must do to adapt their identity security strategies.

TranscriptTranscript
Ep 68 | 5.6.26

Russia’s Forest Blizzard Is Abusing Home + Small Office Routers for Cred Theft

This week on the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ speaks with Danny Adamitis, Distinguished Engineer at Lumen Technologies’ Black Lotus Labs who break down how the Russian state-linked threat actor Forest Blizzard is exploiting home and small office routers to hijack DNS traffic, enabling large-scale surveillance and targeted credential theft. The conversation highlights how this low-cost approach scales globally, why unmanaged routers have become a critical weak point, and how tactics, from brute force to token theft to DNS hijacking continue to evolve.

TranscriptTranscript
Load More
The Microsoft Threat Intelligence Podcast
Host(s)
Sherrod DeGrippo
Sherrod DeGrippo, Deputy CISO, GM Customer Security at Microsoft, is a frequently cited threat intelligence expert with a 19-year career leading global threat research and analyst teams. She was named Cybersecurity Woman of the Year in 2022 and Cybersecurity PR Spokesperson of the Year for 2021. Sherrod has provided expert commentary for BBC News, Wall Street Journal, CNN, and New York Times and has presented extensively at conferences including Black Hat, RSA Conference, RMISC, SleuthCon, and others.
Schedule: Bi-Weekly
Credits: Producer is Rob Petrillo, Production Manager is Max Solomon, Scheduling and Administrative Support is Elliot Volkman, and our Audio Engineer (and magician) is none other than The Great Rich Cerbini.
Creator: Microsoft
Microsoft logo