ReliaQuest @ReliaQuest

Hospitality runs on distributed operations—and attackers take advantage of that fact. A front-desk phish hits one property. Loyalty abuse shows up somewhere else. Suspicious activity touches guest-facing systems at the same time. Most security teams see separate incidents because the architecture keeps the context apart. See how agentic defense helps hospitality teams work across properties, networks, and guest systems faster. 👉 ow.ly/viK750Z6enS #ReliaQuest #AgenticDefense #MakeSecurityPossible

IIS remains a target for China-linked espionage. ReliaQuest Agentic AI surfaced what we assess with moderate to high confidence to be a China-linked cluster we’re tracking as OP-512. It stitched together a high volume of suspicious events across a customer environment into one high-priority incident. Our threat research team then reviewed and validated the findings. OP-512 was highly likely conducting espionage through a compromised IIS web server. It is at least the fourth China-linked cluster publicly documented targeting IIS in the past year, but its tooling is built to evade the defenses that work against the other three. At the center is a custom web shell framework with capabilities we rarely see together: per-deployment uniqueness, cryptographic access controls, and automatic reporting back to attacker infrastructure. The full report breaks down the attack chain, our attribution assessment, and the detections defenders should prioritize when signatures are not enough. If you run legacy IIS or unsupported .NET, now is the time to hunt. Read more: ow.ly/TmfQ50Z7mj1 #ReliaQuest #ThreatResearch #AgenticAI

Correlate email, identity, endpoint, and domain signals before they hit storage. Finance attacks now arrive in pieces. A fake domain goes live, a senior leader gets a deepfake call, a mailbox gets touched, and a payment request follows. Each step looks small on its own. Together, it becomes fraud at machine speed. AI lowered the cost of running these campaigns. Finance security teams need an architecture that can keep up: Detection on data in motion. Field-level normalization at ingest. AI investigations that run across every control at once. 🔗 Read the blog: ow.ly/ByLP50Z6efP #ReliaQuest #SecOps #AgenticAI

AI-built attacks leave fingerprints. Your team needs to know what they look like. 🫆 Join Alexandra Moore and Tim Derringer on Thursday, June 11th for a live webinar on how ReliaQuest threat researchers identify AI across real attacks. We’ll cover: • How to fingerprint AI-generated code and content • How AI speeds up initial access • How identity fabrication and deepfakes show up in live operations Register here ➡️ ow.ly/H8NX50Z7GcM #ReliaQuest #AgenticAI #ThreatResearch

Recognized as a Visionary in the "2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies", ReliaQuest is defining what modern threat intelligence should look like in practice with its agentic AI SecOps platform, GreyMatter. This report shows a market moving toward AI-driven, operationalized intelligence that supports faster detection, investigation, and response. Read the report: ow.ly/N70Z50YWFbl #ReliaQuest #MakeSecurityPossible #ThreatIntelligence #AgenticAI #SecOps

🎙️ New #ShadowTalk Episode: SonicWall, MFA Bypass, IABs: Why Patched Devices Are Still Handing Attackers Initial Access Your team patches the device. The firmware version matches the advisory. The ticket closes. The device comes off the remediation queue. What your workflow never tracked is that the advisory also required six manual LDAP configuration steps — and without them, the authentication bypass still works. An initial access broker authenticated through the VPN, reached a domain-joined file server, and was gone in under 40 minutes. Your dashboard still showed a clean queue. With initial access brokers operating on disciplined, sub-hour timelines and patch-management workflows built around a single completion step, defenders are closing tickets on devices that are still wide open. Join hosts Tehman and John as they discuss: ✅ How a firmware update can still leave a device fully exploitable ✅ How initial access brokers progressed their attack in under 40 minutes ✅ Why teams that prioritize from a single vulnerability score alone are behind 🔑 Two questions your organization should be asking right now: - Does your patch-management workflow include a separate item for post-patch manual configuration requirements? - When CISA, NVD, and the vendor publish different CVSS scores for the same CVE, does your vulnerability-management policy specify which authority takes precedence — and does it supplement static scoring with a dynamic signal like EPSS?   👉 Tune in for expert insights, practical takeaways, and the full threat report: ow.ly/iip650Z7hAQ 👉 Listen on @Listennotes: ow.ly/hhpV50Z7hAO #SonicWall #CyberSecurity #VulnerabilityManagement #ThreatIntelligence #PatchManagement

Congratulations to our newest hires at #ReliaQuest. We look forward to seeing how you’ll help security teams do more with agentic defense and #MakeSecurityPossible every day. Interested in joining our world-class team? Explore open roles at ow.ly/1sl250Z7jOE #Careers #Cybersecurity #AgenticAI

keyboard_arrow_left Previous keyboard_arrow_right Next

Retail attacks changed shape last quarter. Phishing dropped. Reconnaissance, IP enumeration, and remote service exploitation took over. The signal now sits across identity, network, endpoint, and cloud at the same time. A manual SOC has to chase that story tool by tool. Agentic AI can work it in parallel. ⚡️ Understand why retail needs agentic defense built for data in motion and fast cross-tool investigation. 👉 ow.ly/YkAy50Z6cVP #ReliaQuest #AgenticAI #SecOps #AgenticDefense

ReliaQuest is hiring. 🚀 Security is a team sport. The future of AI in security operations will be shaped by people who run toward hard problems and see them as opportunities. Join the world’s leading AI cybersecurity company and help us Make Security Possible for some of the largest and most recognizable brands across the globe. 👉 Explore open roles: ow.ly/KAGf50Z6NXf #CybersecurityJobs #Careers #AI #MakeSecurityPossible

Detect AI tools before they show up on an approved app list. In software, Shadow AI grows in the gap between adoption and review. Teams bring in new tools during the work itself. A developer tries a coding assistant. QA adds an AI test app. A PM drops roadmap content into a chatbot. Security usually finds out later through an audit, a review, or an incident. By then, the business may already have unmanaged OAuth grants, exposed API keys, and live sessions tied to tools nobody planned to support. AI needs AI on defense too. Agentic defense helps software teams detect unsanctioned AI use, inventory what is really active in the environment, and respond fast when the risk is real. 🛡️ 🔗 Read the blog: ow.ly/HP4A50Z6eW5 #ReliaQuest #SecOps #AgenticAI

Thank you, Marc Varner, Corporate VP & Global CISO at Lowe’s, for taking time to speak with our June onboarding class about how GreyMatter Agentic AI supports agentic defense across his security team. The customer panel and Q&A gave our new teammates a direct view into the problems we solve for our customers every day. #ReliaQuest #MakeSecurityPossible #AgenticDefense

keyboard_arrow_left Previous keyboard_arrow_right Next

Run correlation on streaming telemetry. Hold partial event sequences in memory. Fire the alert the moment the pattern completes. This is the security architecture that held up when manufacturing incident volume nearly quadrupled in one quarter. One compromised credential can turn into VPN access, lateral movement, and pressure on production systems fast. If the SOC is still stitching tools together by hand, the breakout window is already gone. 👉 See how agentic defense helps manufacturing teams absorb more volume without the effort: ow.ly/beYo50Z6cPE #ReliaQuest #SecOps #AgenticAI

Discover why global enterprises are entirely rethinking their security operating models and adopting an agentic system. Sponsored by @ReliaQuest Learn More: bit.ly/4dOotmZ

Intelligence only creates value when it's woven into the operational core of security, not sitting in a feed waiting for someone to act on it manually. ReliaQuest GreyMatter uses threat intelligence to drive action through AI-orchestrated decisioning and integrated data fabric. In the "2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies," Gartner named ReliaQuest a Visionary. Here’s what that means for your SOC 👇 Read the blog: ow.ly/tU6G50YWB8N #ReliaQuest #MakeSecurityPossible #ThreatIntelligence #AgenticAI #SecOps

A billing laptop and an ICU-connected device should never follow the same response path. One can be isolated immediately. The other needs stronger evidence, a clear risk check, and a human decision with context already assembled. That is where healthcare AI gets real. Fast where the answer is obvious. Careful where patient safety is in play. This blog lays out a practical decision framework for agentic defense in clinical environments. ⏩ ow.ly/pKht50Z5mSZ #ReliaQuest #AgenticAI #SecOps

More threat feeds won't make your SOC faster. The bottleneck is the manual work between receiving intelligence and acting on it. The "2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies" evaluates how the market is addressing that gap, as AI reshapes both the attacks and the defenses built to stop them—recognizing ReliaQuest as a Visionary in the market. Download the report: ow.ly/p1MQ50YWF5V #ReliaQuest #MakeSecurityPossible #ThreatIntelligence #AgenticAI #SecOps

Apply detection logic while telemetry is still moving—before it is indexed, parsed, and stored. This changes the first critical minutes of a finance incident. Instead of waiting on SIEM ingest, an agentic defense connects the phishing lure, the identity anomaly, the endpoint signal, and the domain history in seconds. Last quarter, phishing infrastructure targeting financial services tripled. Mean time to contain rose to 2 hours and 34 minutes. Attackers got faster. Most architectures did not. 👉 See what agentic defense looks like when fraud campaigns are multi-vector and built to move fast: ow.ly/Y4er50Z5m4B #ReliaQuest #MakeSecurityPossible #SecOps #AgenticDefense #AI

Today, we celebrate 20 years of Junior Achievement Muma Biztown. We're honored to be here at Partner Tribute Day — celebrating two decades of empowering students through real-world experiences. Introducing students to cybersecurity at a young age helps us build the talent pipeline to solve the greatest technical challenge of our generation. Through our partnership with Junior Achievement, we connect classroom learning with real-world problems, bridge the gap between education and hands-on experiences, and prepare students for successful careers in cybersecurity. #ReliaQuest #MakeSecurityPossible #Community

keyboard_arrow_left Previous keyboard_arrow_right Next

🎙️ New #ShadowTalk Episode: Device Code, OAuth, PhaaS: How Session Token Theft is Breaking the Phishing Playbook Your user clicked a link, landed on a real Microsoft login page, typed their password, completed MFA, and walked away thinking nothing happened. Somewhere across the internet, an attacker's device just received an authenticated session token. The password is irrelevant. The MFA prompt already fired and passed. With PhaaS platforms now converging on token-theft tradecraft and post-compromise automation executing in seconds, defenders are racing a scripted attacker with a manual playbook. Join hosts Brandon and John as they discuss: ✅ How device code phishing uses real authentication infrastructure to capture valid session tokens ✅ How one campaign hit 35,000+ users across 13,000+ organizations in 26 countries ✅ Why rogue device registrations complete before the average analyst reads the alert 🔑 Two questions your organization should be asking right now: - Has your Conditional Access policy been reviewed specifically for device code grant flows, not whether CA policies exist, but whether they cover the OAuth flows that session-token theft actually exploits? - When a phishing confirmation fires, how many manual steps stand between that alert and full token revocation with rogue device deregistration, and is that response faster than the attacker's automation? 👉 Tune in for expert insights, practical takeaways, and the full threat report: ow.ly/Ow7i50Z4Ii8 👉 Listen on @Listennotes: ow.ly/A3w350Z4Ii6 #PhaaS #Cybersecurity #ThreatIntel