In episode 174 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Kyle Leonard, Cyber Threat Intelligence Analyst at the Center for Internet Security® (CIS®), and Randy Rose, VP of Security Operations & Intelligence at CIS. Together, they continue their discussion of 2026 cybersecurity predictions from seven CIS experts, as shared on the CIS website.

Here are some highlights from our episode:

• 02:00. How cross-platform campaigns are becoming the norm
• 03:09. Threat actors' use of generative artificial intelligence (GenAI) to expand their attacks and gain efficiencies
• 05:08. The blurring line of what separates today's script kiddies from nation-state threat actors
• 07:47. Fully autonomous malware: in the realm of possibility but not here yet
• 13:19. How specialization in the criminal ecosystem requires us to rethink analysis itself
• 16:07. Shrinking dwell time: a product of the democratization of complex tools' availability
• 18:02. The effective use of social engineering to lower threat actors' operational costs
• 19:20. Malware's increasing use of trusted infrastructure to thwart cyber defenses
• 20:25. The use of behavioral analysis to apply bottleneck security mechanisms
• 22:40. Evolving threat actors' tradecraft: pseudo-random subdomains, GenAI models, and SEO poisoning
• 26:39. What trust looks like today: something that's dynamic and negotiated at a moment's notice
• 31:25. Supply chain attackers' pivot to edge device vendors and security appliance makers
• 33:43. The ongoing work of CIS to support state and local governments' cybersecurity efforts

Resources

• Episode 169: 2026 Cybersecurity Predictions from CIS — Pt 1
• The Evolving Role of Generative Artificial Intelligence in the Cyber Threat Landscape
• Surge of QakBot Activity Using Malspam, Malicious XLSB Files
• Active Lumma Stealer Campaign Impacting U.S. SLTTs
• Episode 173: Scammer Jousting as Human Risk Management
• ClickFix: An Adaptive Social Engineering Technique
• Impact of Federal Funding Cuts to the Value of MS-ISAC CTI
• Episode 157: How a Modern, Mission-Driven CIRT Operates

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].