Skip Navigation
Get a Demo
 
Share
 
 
 
 
 
 
 
 
Resources Blog Security operations

Here's what you missed on Office Hours: December 2025

Here's what you missed on Office Hours: December 2025

ScreenConnect, Shai-Hulud, and security shortfalls: Catch up on the last month’s episodes of Red Canary Office Hours.

Originally published . Last modified .

Every Tuesday at 1 PM ET, Red Canary’s security experts tackle cybersecurity news and industry trends with special guests and exclusive operational insights.

We rounded out 2025 with episodes on defense in depth, baselining normal behavior for threat detection, and how adversaries abuse the ScreenConnect RMM tool. We’ve embedded them all here for your viewing pleasure.

Episode 43: Defense-in-depth strategies to keep you warm

Keith and Red Canary threat hunter Harrison Koll kick things off by discussing the latest on the return of the Shai Hulud worm—aka Sha1-Hulud: The Second Coming—a messy npm supply chain compromise that hijacked accounts, stole cloud credentials, and infected GitHub repositories—and what defenders can do in its wake. Harrison then breaks down the concept of defense-in-depth, describing security gaps he observes day-to-day, and how implementing multiple layers of controls, including firewalls, SSL inspection, and network segmentation can go a long way in preventing a future security incident.

 

Episode 44: Naughty or nice—decoding normal vs. anomalous behavior

Keith is joined by Brittany Sattler and Tyler Winchester, threat hunters at Red Canary, who break down why context matters when trying to decode between normal and anomalous behavior. A big part of this comes from having a baseline of how a user typically behaves, by identifying network spikes or abuse of normal protocols. The two outline how Red Canary plans, executes, and reports on hunts, and gave tips on how teams can better operationalize their own through tools like Surveyor.

 

 

Episode 45: December Intelligence Insights

Keith, Principal Security Researcher Brian Donohue, and Red Canary Senior Intelligence Analyst Stef Rand discuss the most prevalent threats Red Canary has observed over the past month. Stef touches on several items from December’s Intelligence Insights, including how Red Canary is tracking an uptick in malicious RMM use, specifically ScreenConnect, and activity from a new macOS stealer: MacSync. Later, Brian shares Red Canary’s takeaways from the latest Shai-Hulud campaign and steps organizations can take in wake of the supply chain attack.

 

JOIN US EVERY TUESDAY
Pull up a (virtual) chair and join Red Canary’s experts and industry influencers as they break down the latest cybersecurity trends and threats.
Related Articles
 

Go jump in a lake: Data storage for the win

 

Go jump in a lake: Measuring the data lake effect on your SIEM

 

Red Canary CFP tracker: January 2026

 

Red Canary’s best of 2025

Subscribe to our blog

 

See Red Canary in action

Watch the 10-minute demo now.
Watch the demo

Security gaps? We got you.

Sign up for our monthly email newsletter for expert insights on MDR, threat intel, and security ops—straight to your inbox.

 
 
 
 
Back to Top