Identities, browsers and social engineering....oh my!

SecOps Weekly kicks off episode 1 of the Threat Detection Report miniseries with an exclusive first look at the trends uncovered in the report. Red Canary experts Keith McCammon, Brian Donohue, and Katie Nickels discuss a significant spike in identity-related attacks, with adversaries targeting credentials through info stealers, consent phishing, and OAuth abuse. They explore how browsers have become the new endpoint, serving as both the primary workspace for users and a major attack vector for malicious payloads through compromised extensions and token theft. The discussion emphasizes that while technical controls like conditional access policies, MFA, and browser management are important, adversaries are increasingly using social engineering techniques including voice phishing, help desk impersonation, and MFA bombing to bypass these defenses. Throughout the discussion, these security experts stress that these three attack vectors - identity, browsers, and social engineering - are interconnected and that layered security controls combining device trust, user authentication, and behavioral monitoring provide the best protection. #cybersecurity #threathunting #threatdetection #securityoperations #secops #securityoperationscenter #cybersecurityexperts Chapters: 00:00 - 01:13: Introduction 01:14 - 03:00: Welcome to Red Canary SecOps Weekly! 03:01 - 03:27: 2026 Threat Detection Report: By the numbers 03:28 - 05:08: What the report covers 05:09 - 07:28: What’s going on with identities? 07:29 - 10:57: The why and how of identity compromise 10:58 - 18:20: Identity: What can you do about it? 18:21 - 21:28: Browsers are the “endpoints” that matter most 21:29 - 25:22: Browsers: What can you do about it? 25:23 - 29:54: The common thread: Social engineering 29:55 - 33:17: Snapshot of what’s in the report Follow us:   / redcanary     / redcanary   --- Red Canary stops cyber threats no one else does, so organizations can fearlessly pursue their missions. We do it by delivering managed detection and response (MDR) across enterprise endpoints, cloud workloads, network, identities, and SaaS apps. As a security ally, we define MDR in our own terms with unlimited 24×7 support, deep threat expertise, hands-on remediation, and by doing what’s right for customers and partners. Subscribe to our YouTube channel for frequently updated, how-to content about Atomic Red Team, threat hunting in security operations, MDR or Managed Detection and Response, and using the MITRE ATT&CK® framework.