Generative AI and its impact on creating zero-day malware that traditional defenses can't recognize.
"Today, an inexperienced bad actor can craft well-engineered prompts and generate entirely new malicious code in minutes. By definition, systems that rely on denying only known threats will fail to catch these attacks." - Danny Jenkins
What you need to know: Type 1 hypervisors run directly on physical hardware and allow enterprises to scale virtual servers on demand through a centralized management layer, eliminating the need to deploy new hardware for every workload. This efficiency makes them foundational to modern data centers, but because they don't support traditional security tools like EDR or antivirus, a different security approach is needed.
Why it matters:Because the hypervisor sits beneath every virtual machine, a compromise bypasses VM-level security controls. If attackers gain access to the hypervisor or its management plane, they can control every virtual machine it hosts, often without triggering security alerts.
Key takeaways: Protection must rely on compensating controls. Strict access controls, network segmentation, MFA, and least-privilege administration reduce the blast radius and limit the impact of management-layer abuse.
What you need to know: Attackers are using AI to make familiar threats like phishing, social engineering, and malware more targeted and harder to detect. AI-generated spear phishing, deepfakes, and automated reconnaissance are all old attack techniques being supercharged. Meanwhile, security teams are increasingly using AI to detect anomalies, identify malicious behavior faster, and respond in real time.
Why it matters: AI lowers the barrier to entry for attackers and erodes many detection-based defenses. As AI-generated attacks becomes more targeted and convincing, human judgment becomes easier to exploit. On the defensive side, handling the scale and speed of AI-driven threats is not something IT professionals can do manually. AI-assisted defense tools are essential, but not infallible.
Key takeaways: AI is one layer in a multi-layered defense strategy. A culture of strong policy making, Zero Trust controls, and regular security awareness training help ensures AI strengthens your defenses rather than becoming another attack surface.
What you need to know: Insider threats, whether malicious or unintentional, account for more than one third of data breaches. These threats operate from inside your defenses, using legitimate access, trusted credentials, or human error.
Why it matters: Organizations tend to focus on external attackers, but insiders can cause equal or greater damage because they already have access to systems, data, and processes. Misconfigured permissions, overprivileged accounts, and a lack of visibility allow small mistakes or compromised users to escalate into major incidents.
Key takeaways: Insider risk requires a Zero Trust mindset. Enforcing least privilege, monitoring behavior for anomalies, and building a strong security culture helps reduce both accidental and malicious-driven insider breaches.
What you need to know: Jack Thompson, Director of Information Security and Risk for the Indianapolis Colts, began his career doing all-source intelligence for the U.S. Army and cyber intelligence in the Air Force. When he joined the Colts, he shifted the team to a proactive, prevention-first security model focused on protecting people, data, and trust across a highly visible, data-driven organization.
Why it matters: Every organization relies on sensitive data and digital systems to operate and maintain trust. When the security is reactive, attackers stay a step ahead. A Zero Trust mindset however reduces risk and puts your organization in a position to prevent threats from ever materializing.
Key takeaways: Thompson credits the Colts' ownership for their trust and understanding and for providing the resources necessary to move from a reactive security posture to Zero Trust. Effective cybersecurity starts with leadership support.
What you need to know: Attackers can create AI-generated identities using synthetic resumes, LinkedIn profiles, voice cloning, and video deepfakes to go from the interview stage to getting hired and receiving legitimate employee credentials and access.
Why it matters: Hiring is the initial access vector, and remote work has made this process scalable. Identity checks are often a one-time event, and traditional controls assume employees are trustworthy. Once access is granted, it looks like a normal insider breach and is harder to stop.
Key takeaways: Hiring and onboarding must be treated as part of the attack surface. Strong identity controls, monitoring of new hires, tight access controls, and controlled unpredictability in interviews provide enhanced protection and verification. Unscripted follow-up questions, real-time liveness checks, and physical-world verification checks force real human interaction.
Discord attackhighlights increased threat of credential theft
What you need to know: A new low-cost Python-based malware called VVS Stealer is being sold on Telegram and used to steal Discord credentials, browser data, and session tokens. It uses heavy code obfuscation to evade analysis and detection, allowing attackers to hijack active user sessions and maintain persistence on compromised systems.
Why it matters: Modern malware continues to become stealthier and more accessible. Obfuscation techniques can bypass signature-based defenses, while stolen credentials and tokens give attackers legitimate access to systems. Once inside, compromised accounts can be used to spread malware further.
Key takeaways: Credential theft remains a primary enabler of larger attacks. Organizations should assume user accounts and endpoints will be targeted and focus on prevention-first controls: limiting what applications can run, reducing token and credential exposure, enforcing least privilege, and monitoring for abnormal behavior.
M365 is the front door to your organization. Compromised credentials, excessive permissions, or misconfigured cloud settings give attackers immediate access to email, files, internal communications, and connected apps.
What you'll learn:
Reviewing report-only policies.
Identifying false positives.
Using ThreatLocker Cloud Control to dynamically update named locations.
Hands-on training and expert insights
What's waiting for you at this year's event:
Win a $5K custom PC built by Linus Tech Tips, if you're the first to hack it.
Rubber Ducky Basic & Advanced—you get to keep the Rubber Ducky.
An in-person Cyber Hero Help Desk for ThreatLocker customers.
A hands-on active directory hacking lab with Spencer Alessi.
