Threat Vector by Palo Alto Networks

In this special episode of Threat Vector, host David Moulton, Senior Director of Thought Leadership for Unit 42, sits down with Stav Setty, Principal Researcher at Palo Alto Networks, to unpack Jingle Thief a cloud-only, identity-driven campaign that turned Microsoft 365 into a gift card printing press. Stav explains how the Morocco based group known as Atlas Lion lived off the land inside M365 for months at a time, using tailored phishing and smishing pages, URL tricks, and internal phishing to compromise one user and quietly pivot to dozens more. Together, David and Stav walk through how the attackers abused legitimate identity features like device registration, MFA resets, inbox forwarding rules, and ServiceNow style access requests to blend into normal business workflows and monetize “digital cash” in the form of gift cards. They dig into why MFA alone is not safety, why identity is now the real perimeter, and how behavioral analytics, UEBA, and ITDR can piece together small signals into a clear story of compromise. You’ll come away with practical steps to harden identity posture, spot early warning signs in cloud environments, and protect high value systems where trust can be turned directly into profit. To go deeper on this campaign and the Atlas Lion threat actor, read the Unit 42 article Jingle Thief Inside a Cloud-Based Gift Card Fraud Campaign at https://unit42.paloaltonetworks.com/cloud-based-gift-card-fraud-campaign/ Join the conversation on our social media channels: Website:⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.paloaltonetworks.com/⁠⁠⁠⁠⁠ Threat Research:⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠⁠⁠⁠⁠⁠ Facebook:⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠⁠⁠⁠⁠⁠ LinkedIn:⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠⁠⁠⁠⁠⁠ YouTube:⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠@paloaltonetworks⁠⁠⁠⁠ Twitter:⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠⁠⁠⁠⁠ About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠

In this episode of Threat Vector, host David Moulton, Senior Director of Thought Leadership for Unit 42, speaks with Elad Koren, Vice President of Product Management for Cortex Cloud at Palo Alto Networks. With the 2025 Unit 42 Incident Response Report showing that adversaries can move from initial compromise to data theft in less than five hours, Elad explains why reactive security models can no longer keep up. He outlines how complexity in cloud environments, rising attacker speed, and the use of AI-driven automation have reshaped the threat landscape, leaving defenders little time to respond. The conversation dives into why posture and configuration alone are not enough, how uniting vulnerability management and threat detection eliminates blind spots, and why "peacetime" and "wartime" security must finally converge. Listeners will learn how to build trust between security and development teams, what it takes to truly shift left, and how unifying data and context enables faster and smarter decision-making. For security leaders ready to evolve from firefighting to forewarning, this episode offers a clear roadmap to proactive and resilient defense. Join the conversation on our social media channels: Website:⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.paloaltonetworks.com/⁠⁠⁠⁠ Threat Research:⁠⁠⁠⁠ ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠⁠⁠⁠⁠ Facebook:⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠⁠⁠⁠⁠ LinkedIn:⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠⁠⁠⁠⁠ YouTube:⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠@paloaltonetworks⁠⁠⁠ Twitter:⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠⁠⁠⁠ About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.

AI adoption is outpacing every major tech wave of the past two decades, reshaping the digital enterprise faster than most security leaders expected. In this episode of Threat Vector, Meerah Rajavel, Chief Information Officer at Palo Alto Networks, joins David Moulton to talk about how CIOs can successfully lead AI transformation while securing new AI-powered ecosystems. Meerah shares how Palo Alto Networks is building internal AI agents like Panda AI, leveraging generative AI to support developers, go-to-market, and support teams, and combining automation and AI to eliminate up to 90% of enterprise service tickets. She also discusses the critical security risks introduced by generative AI and why innovation, with AI at its core, is the most powerful weapon against today’s real-time threats. Meerah was last on Threat Vector in December of last year, and it’s great to have her back. That episode, Behind the Scenes with Palo Alto Networks CIO and CISO: Securing Business Success with Frictionless Cybersecurity, discussed the importance of aligning IT strategy with cybersecurity. That episode explored how frictionless security, AI integration, and cloud solutions enable agility without compromising safety. Don’t miss it. Listen to that episode here. Join the conversation on our social media channels: Website:⁠⁠⁠ ⁠⁠⁠⁠https://www.paloaltonetworks.com/⁠⁠⁠ Threat Research:⁠⁠⁠ ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠⁠⁠⁠ Facebook:⁠⁠⁠ ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠⁠⁠⁠ LinkedIn:⁠⁠⁠ ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠⁠⁠⁠ YouTube:⁠⁠⁠ ⁠⁠⁠⁠⁠@paloaltonetworks⁠⁠ Twitter:⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠⁠⁠ About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠ ⁠http://paloaltonetworks.com.

On this episode of Threat Vector, host David Moulton sits down with Andy Piazza, Senior Director of Threat Intelligence at Unit 42, to unpack the good, the bad, and the ugly of AI in security. We explore how AI is accelerating detection and response, where it’s already saving thousands of analyst hours, and why human-in-the-loop still matters. We also examine the darker side: LLMs in command-and-control, deepfake-driven fraud, model drift, and data governance blind spots. For security leaders evaluating AI, Andy shares practical questions to cut through hype, real metrics that matter, and a blueprint for building trust. This conversation is essential for decision-makers aiming to secure AI everywhere while strengthening identity controls and SOC workflows. Join the conversation on our social media channels: Website:⁠⁠ ⁠⁠⁠⁠https://www.paloaltonetworks.com/⁠⁠ Threat Research:⁠⁠ ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠⁠⁠ Facebook:⁠⁠ ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠⁠⁠ LinkedIn:⁠⁠ ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠⁠⁠ YouTube:⁠⁠ ⁠⁠⁠@paloaltonetworks⁠ Twitter:⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠⁠ About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠ ⁠http://paloaltonetworks.com.

Asher Davila, Principal Security Researcher at Palo Alto Networks, dives deep into the alarming findings from the 2025 Device Security Enterprise Threat Report. Over 21% of connected devices have known vulnerabilities, with 32.5% unmanaged, creating serious security blind spots. He discusses common oversight with personal devices and the challenges posed by credential-based attacks. Asher emphasizes the importance of effective asset lifecycle governance and why zero trust approaches are hindered by management gaps. Proactive defenses are crucial for breaking the attack chain.

In this episode of Threat Vector, David Moulton⁠ speaks with two cybersecurity leaders from Palo Alto Networks:⁠ Sarit Tager⁠, Vice President of Product Management, and⁠ Krithivasan Mecheri⁠ (Krithi), Senior Director of Product Security. Together, they dive into the urgent challenges of securing modern development in the age of AI. The discussion explores the rise of Application Security Posture Management (ASPM), how organizations can move from reactive patching to proactive prevention, and the growing security crisis fueled by AI-generated code. With decades of combined experience in product security, cloud security, and DevSecOps, Sarit and Krithi share strategies for managing security backlogs, aligning executives and developers, and addressing the economics of technical debt. For decision-makers grappling with the balance between speed and resilience, this episode offers essential insights into securing the future of software development. Join the conversation on our social media channels: Website:⁠⁠ ⁠⁠⁠⁠https://www.paloaltonetworks.com/⁠⁠ Threat Research:⁠⁠ ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠⁠⁠ Facebook:⁠⁠ ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠⁠⁠ LinkedIn:⁠⁠ ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠⁠⁠ YouTube:⁠⁠ ⁠⁠⁠@paloaltonetworks⁠ Twitter:⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠⁠ About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠ ⁠http://paloaltonetworks.com.

In this episode of Threat Vector, David Moulton sits down with Mohammed Saleh, Associate Chief Technology and Management Information Systems Officer at Paterson Public Schools. They explore how school districts can balance cybersecurity, accessibility, and affordability while navigating the evolving threat landscape in K-12 education. Mohammed shares his insights into implementing device management, training programs, and policy changes following a security incident, and how his district uses Chromebooks and SaaS tools to reduce attack surface. This conversation highlights the unique security challenges of public education and the innovative strategies being used to overcome them. Join the conversation on our social media channels: Website:⁠ ⁠⁠⁠⁠https://www.paloaltonetworks.com/⁠ Threat Research:⁠ ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠⁠ Facebook:⁠ ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠⁠ LinkedIn:⁠ ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠⁠ YouTube:⁠ ⁠@paloaltonetworks Twitter:⁠ ⁠⁠⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠⁠ About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠ ⁠http://paloaltonetworks.com

Harish Singh, Vice President at Wipro, excels in modernizing infrastructure and enhancing cybersecurity. He discusses how hybrid work has reshaped security needs, emphasizing the importance of making security invisible yet robust. Harish dives into the benefits of decoupling security from the network and adopting identity-first approaches. He identifies key blind spots for organizations, tackles GenAI visibility risks, and highlights the role of secure browsers in extending zero trust policies. Ultimately, he advocates for automation and user-centric design as critical components for effective security.

Joey Smith, Vice President and CISO at Schnuck Markets, draws on his vast experience in incident response from MasterCard to highlight the crucial distinction between compliance and actual security. He discusses how treating compliance as the finish line leads to vulnerabilities, especially during breaches. Joey emphasizes the importance of effective risk communication to executives and stresses the need for early security integration in AI initiatives, advocating for clear guardrails to prevent hasty adoption of emerging technologies.

Join David Moulton, Senior Director of Thought Leadership for Unit 42, as he sits down with Kyle Wilhoit,Technical Director of Threat Research at Unit 42, for an intimate conversation about the evolution of hacker culture and cybersecurity. From picking up 2600: The Hacker Quarterly magazines at Barnes & Noble and building beige boxes to leading threat research at Palo Alto Networks, Kyle shares his personal journey into the security community. This conversation explores how AI and automation are lowering barriers for attackers, the professionalization of cybersecurity, and what's been lost and gained in the industry's maturation. Kyle offers practical advice for newcomers who don't fit the traditional mold, emphasizing the importance of curiosity, soft skills, and intellectual humility.  Kyle Wilhoit is a seasoned cybersecurity researcher, with more than 15 years of experience studying cybercrime and nation-state threats. He's a frequent speaker at global conferences like Black Hat, FIRST, and SecTor, and has authored two industry-respected books: Hacking Exposed Industrial Control Systems and Operationalizing Threat Intelligence. As a long-standing member of the Black Hat US Review Board and an adjunct instructor, Kyle is deeply involved in shaping both cutting-edge research and the next generation of cybersecurity professionals. Connect with Kyle on LinkedIn Previous appearances on Threat Vector:  Inside DeepSeek’s Security Flaws (Mar 31, 2025) https://www.paloaltonetworks.com/resources/podcasts/threat-vector-inside-deepseeks-security-flaws War Room Best Practices (Nov 07, 2024)https://www.paloaltonetworks.com/resources/podcasts/threat-vector-war-room-best-practices  Cybersecurity in the AI Era: Insights from Unit 42's Kyle Wilhoit, Director of Threat Research (Jan 11, 2024)https://www.paloaltonetworks.com/resources/podcasts/threat-vector-cybersecurity-in-the-ai-era-insights-from-unit-42s-kyle-wilhoit-director-of-threat-research  Learn more about Unit 42's threat research at https://unit42.paloaltonetworks.com/.  Related episodes: For more conversations about AI's impact on cybersecurity, career development in security, and insights from Unit 42 researchers, explore past episodes at https://www.paloaltonetworks.com/podcasts/threat-vector. Join the conversation on our social media channels: Website: http://www.paloaltonetworks.com/ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/palo-alto-networks/ YouTube: ⁠⁠⁠⁠@paloaltonetworks Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Threat Vector, Palo Alto Networks podcast, is your premier destination for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠