{"version":1,"type":"rich","provider_name":"Libsyn","provider_url":"https:\/\/www.libsyn.com","height":300,"width":600,"title":"Botnets, Edge Devices, and AI: Inside Forescout\u2019s Threat Findings with Daniel dos Santos","description":"A new wave of cyberattacks is being routed through everyday devices\u2014and defenders can\u2019t rely on old assumptions about geography or \u201cknown bad\u201d infrastructure. Daniel dos Santos, VP at Vedere Labs (Forescout), walks through findings from their 2025 Threat Roundup, drawn from a global network of hundreds of honeypots and decoy systems. The conversation focuses on why web-facing systems and edge devices have become prime targets, how attackers hide inside cloud and ISP-managed networks, and what defenders can do earlier in the kill chain. Dos Santos also explains why many exploited vulnerabilities never appear on CISA\u2019s KEV list\u2014and how security teams should think about patching and risk anyway. Main Topics  How honeypots reveal attacker intent across IT, IoT, and OT environments. Why attacks increasingly come from ISP-managed networks and consumer devices. Cloud and \u201cbenign\u201d services used to blend in and evade traditional filters. Why distributed botnets weaken country-based blocking for defenders. The rise of web-facing exploitation and the shift away from stolen passwords. Edge devices, OT exposure, and why \u201cdiscovery\u201d dominates post-breach activity.  Key Quotes \u201cWe have hundreds [of honeypots] throughout the world. Some of them are simulations\u2026 Some of them are real devices\u2026 we expose them with the intention of seeing them attacked.\u201d \u2014 Daniel dos Santos \u201cHome routers, but also home IP cameras or doorbells or solar inverters or\u2026whatever it is that you have in your house that might be exposed to the internet and might be vulnerable can be these days recruited into a botnet.\u201d \u2014 Daniel dos Santos \u201cAttackers\u2026have figured out that when you find a zero-day in a popular router or a popular firewall or a popular VPN appliance, you can really go against thousands and thousands of organizations.\u201d \u2014 Daniel dos Santos \u201cWith one zero-day or one critical exploit, you can compromise thousands of organizations today.\u201d \u2014 Daniel dos Santos \u201cBut what we do see in the signals that we see there and what we present in the report is that there is a whole world of vulnerabilities being exploited.\u201d \u2014 Daniel dos Santos Relevant Links and Resources https:\/\/www.forescout.com\/research-labs\/2025-threat-roundup\/  https:\/\/www.forescout.com\/blog\/anatomy-of-a-hacktivist-attack-russian-aligned-group-targets-otics\/ About the Guest:  Daniel dos Santos&amp;nbsp;is the VP of Research at Forescout Research \u2014 Vedere Labs, where he leads a team of researchers that identifies new vulnerabilities and monitors active threats. He holds a PhD in computer science, has published over 35 peer-reviewed papers, has found or disclosed hundreds of CVEs \u2014 and is a frequent speaker at security conferences. ","author_name":"Cyber Focus: Cybersecurity, National Security, and Critical Infrastructure","author_url":"https:\/\/mccraryinstitute.com\/podcast\/","html":"<iframe title=\"Libsyn Player\" style=\"border: none\" src=\"\/\/html5-player.libsyn.com\/embed\/episode\/id\/40138890\/height\/300\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/88AA3C\/\" height=\"300\" width=\"600\" scrolling=\"no\"  allowfullscreen webkitallowfullscreen mozallowfullscreen oallowfullscreen msallowfullscreen><\/iframe>","thumbnail_url":"https:\/\/assets.libsyn.com\/secure\/content\/198663055"}