SHOW NOTES

SecOps Weekly kicks off episode 1 of the Threat Detection Report miniseries with an exclusive first look at the trends uncovered in the report.

Red Canary experts Keith McCammon, Brian Donohue, and Katie Nickels discuss a significant spike in identity-related attacks, with adversaries targeting credentials through info stealers, consent phishing, and OAuth abuse. They explore how browsers have become the new endpoint, serving as both the primary workspace for users and a major attack vector for malicious payloads through compromised extensions and token theft. The discussion emphasizes that while technical controls like conditional access policies, MFA, and browser management are important, adversaries are increasingly using social engineering techniques including voice phishing, help desk impersonation, and MFA bombing to bypass these defenses.

Throughout the discussion, these security experts stress that these three attack vectors – identity, browsers, and social engineering – are interconnected and that layered security controls combining device trust, user authentication, and behavioral monitoring provide the best protection.

Timestamps:

• 00:00 – Introduction
• 01:14 – Welcome to SecOps Weekly
• 03:01 – 2026 Threat Detection Report: By the numbers
• 03:28 – What the report covers
• 05:09 – What’s going on with identities?
• 07:29 – The why and how of identity compromise
• 10:58 – Identity: What can you do about it?
• 18:21 – Browsers are the “endpoints” that matter most
• 21:29 – Browsers: What can you do about it?
• 25:23 – The common thread: Social engineering
• 29:55 – Snapshot of what’s in the report