Name: Unit 42 Threat Briefing | Defending Against Active Microsoft SharePoint Exploits
Start: 2025-07-29T15:00:00Z
End: 2025-07-29T15:00:43.000Z
Location: BrightTALK
Rating: 4.9

Palo Alto Networks is the next-generation security company, leading a new era in cybersecurity by safely enabling applications and preventing cyber breaches for tens of thousands of organizations worldwide. Built with an innovative approach and highly differentiated cyberthreat prevention capabilities, our game-changing security platform delivers security far superior to legacy or point products, safely enables daily business operations, and protects an organization's most valuable assets. Find out more at www.paloaltonetworks.com or call us at 1-877-524-1031.

AI agents powered by the Model Context Protocol (MCP) are reshaping how enterprises work — coordinating tasks, integrating with tools and making autonomous decisions at scale. But the very power that makes MCP so transformative also makes it dangerous. Attackers don’t need to break your infrastructure; they just need to trick your AI. From prompt injections and impersonated services to excessive privilege and compromised “trusted” tools, MCP introduces a new class of vulnerabilities that can quietly erode revenue, trust and compliance.

Traditional security controls aren’t designed for this environment. AI agents move fast, interpret loosely and can be manipulated in ways legacy defenses can’t detect. The question isn’t whether MCP-enabled agents can be exploited — it’s how quickly adversaries will take advantage.

In this session, we’ll demystify MCP, expose the top security gaps it creates and share a practical security playbook for containing AI risk. Whether you’re an executive asking “what’s the business impact?” or a practitioner asking “how do I defend it?”, you’ll walk away with a clear roadmap for securing your agentic future.

You’ll learn:

● How MCP works — and why it’s becoming the backbone of agentic AI.
● The most common and dangerous ways AI agents can be tricked.
● Security strategies to control agent “agency” and prevent rogue behavior.
● What leaders must do now to protect AI-powered systems before attackers strike.

Join us to uncover the hidden risks in MCP — and how to defend your AI before it makes a decision you can’t take back.

Can your AI Be Tricked? Exposing the Security Gaps in MCP

AI systems are no longer theoretical targets — they’re already being exploited. From jailbreaks and prompt injections to data leaks and agent manipulation, attackers are using simple language to probe and break systems once thought secure. Traditional pentesting can’t keep pace with this reality. AI behaves unpredictably, its vulnerabilities change with context and every new update or integration introduces fresh risk.

In this session, we’ll explore why AI needs an entirely new red teaming playbook. You’ll hear real-world evidence of how even the most advanced models fail under adversarial testing, and why continuous red teaming — across models, applications and agents — is now essential. We’ll break down how red teaming works in practice, from simulating guardrail bypasses and data exfiltration to uncovering context-driven flaws that only appear in deployment.

You’ll learn:

● Why AI’s nondeterministic nature breaks the old red-teaming model.
● The most common attack vectors enterprises face today.
● How vulnerabilities differ in models, applications and agents.
● How continuous red teaming builds confidence for developers, executives and customers alike.

Join us to see how AI red teaming turns hidden flaws into actionable insights — helping you protect your business before attackers exploit the gaps.

Red Teaming Your AI Systems Before Attackers Do

Generative AI is transforming how businesses innovate — but it also opens the door to risks that only surface once systems go live. Even rigorously trained models can harbor hidden flaws that attackers exploit through prompt injection, jailbreaks, tool misuse or data exfiltration. These aren’t rare edge cases — organizations have already suffered financial loss, compliance penalties and reputational damage from AI failures.

In this webinar, we’ll show why static testing and traditional tools can’t keep pace with adaptive AI systems. You’ll learn:

• How vulnerabilities emerge when chatbots and agents interact with real users.
• Real-world cases where runtime attacks disrupted operations and eroded trust.
• Why legacy security methods fail to block AI-specific threats.
• A practical framework for runtime protection using inspection, monitoring and adaptive defenses.
• How Prisma AIRS™ AI Runtime Security delivers broad detection and low-latency safeguards without slowing innovation.

Join us to see how runtime protection transforms AI from an unpredictable risk into a trusted, resilient business enabler.

When Hidden Flaws Surface: Securing AI at Runtime

AI is a powerful driver of innovation, but it can introduce an invisible risk: unintentional data leaks. These leaks are often self-inflicted when employees, customers or partners unintentionally expose sensitive data through AI tools. Systems can remember, replicate and resurface confidential information in unexpected ways, leaving organizations vulnerable without a clear forensic trail. The ultimate risk isn’t just fines or a breach notification, but a profound loss of trust from customers, regulators and boards.

In this webinar, we'll shift the conversation from a technical problem to a trust-driven business imperative. You'll learn:

● Why traditional security models fail.
● The most common ways sensitive data slips into and out of AI systems.
● How to build a proactive AI governance strategy with real-time visibility and automated guardrails.
● How to accelerate AI adoption safely. 

Join us to move beyond reactive security and create a responsible AI framework that lets you innovate confidently.

When AI Leaks: Containing and Preventing Sensitive Data Leaks

AI is redefining what’s possible, with over 78% of global enterprises having integrated it into their operations. However, only 6% have an advanced AI security strategy framework. To compensate, many organizations are putting AI guardrails in place, hoping to seal security gaps without slowing innovation.

In this webinar, we'll expose the "guardrail trap" — the reason why these traditional mechanisms often fail under real-world pressure. Drawing on recent examples, we'll show you how adversaries exploit fragmented standards and risky design decisions, turning a "lethal trifecta" of external data, permissive tools and broad access rights into a major liability. 

You’ll leave with a clear framework for avoiding the guardrail trap — and a view into how Prisma AIRS™ can help your organization build AI systems that aren’t just functional, but resilient, compliant and trustworthy.

The Guardrail Trap: Why Existing AI Security Strategies Aren't Enough

Modern data centers face an unprecedented series of security challenges - an increasingly intense threat environment, new threat vectors and risks from every AI app, and the "East-West blind spot," where threats move laterally between servers, completely invisible to traditional perimeter firewalls. This problem grows exponentially in distributed, multi-site environments, where maintaining a consistent security posture often seems impossible.

Join experts from Arista and Palo Alto Networks to understand a unified solution that solves these challenges without requiring a complex network redesign. Learn how the Arista data center fabric intelligently steers traffic to the Palo Alto Networks Next-Generation Firewall for deep, Layer 7 inspection, with policy then enforced at wire speed directly in the network.

This session will demonstrate how this integrated solution:
● Eliminates the East-West blind spot in a single data center.
● Extends to provide a single, consistent security policy across a multi-site environment using a single, seamless management experience
● Avoids common multi-site issues like asymmetric routing and inefficient traffic "tromboning."

Discover how to build a scalable, consistent, and automated Zero Trust strategy for your entire data center infrastructure.

Comprehensive Data Center Security for the Age of AI

Attackers are fully focused on utilizing the identity when infiltrating organizations through their endpoints. Most security teams are still fighting these threats with disconnected tools, creating dangerous blind spots that let threats slip through undetected.

Don’t let siloed security create blind spots. Join us for this webinar where our speakers, Niels van Bennekom from CyberArk, and Nadav Shai Kanon from Palo Alto Networks, will walk through the importance of breaking down silos in your organization’s security to protect the identity at the endpoint.

What you’ll learn:
● The risks organizations face through approaching endpoint protection and security in a siloed manner.
● What a defense-in-depth strategy looks like when protecting endpoints.
● How to transform your organization’s endpoint security from reactive to proactive with solution integrations.

Bridging security gaps with defense-in-depth: Tackling vulnerabilities of siloed security

According to Unit 42®, 80% of security exposures occur in the cloud, with attacks increasing almost 2x in the past three years. To stay ahead, modern organizations are adopting cloud detection and response (CDR) approaches in record numbers.

Join Forrester VP and Principal Analyst Andras Cser and Palo Alto Networks Technical Evangelist Ory Segal in a candid discussion on the state of CDR. They'll dive deep into cloud security trends, discuss real customer challenges and provide actionable recommendations to help your organization build a resilient CDR program.

What you'll learn:

- The state of cloud security: Understand why traditional security strategies are failing and how attackers are exploiting new cloud vulnerabilities faster than ever.
- Proactive vs. reactive approaches: Discover how a prevention-first approach is crucial to stopping attacks before they escalate.
- A strategic roadmap: Walk away with concrete, actionable steps for building a resilient CDR program, including how to improve threat detection and automate response.

This is a must-attend session for security leaders looking to move beyond reactive defense and stop cloud attacks in real time.

The State of Cloud Detection & Response, Featuring Forrester

Digital transformation is changing how we do business, creating incredible opportunities for growth and innovation. But as we embrace new technologies and workflows, we also open the door to new cyber risks. 

Don't let these challenges slow your progress. Join us to learn how to stop being a gatekeeper and start turning your security operations into an enabler of business growth.

In this session, you'll discover:  
● Discover the latest social engineering trends from Unit 42 research.
● Empower your security teams with automation and machine-learning tools to focus on the most critical threats.
● Strengthen your organization's defenses by leveraging AI to respond faster and more effectively.
● See how the Cortex XSIAM, the AI-Driven SOC Platform makes all of this possible.

Register today and take the first step toward a more secure digital future.

Secure Your Innovations, Outsmart Cyber Risks

Phantom Taurus isn't just another advanced persistent threat (APT), it's an evolution of cyber espionage itself. This highly sophisticated Chinese APT group identified by Unit 42 uses custom-built, evasive malware to bypass traditional defenses and breach high-value targets.

In this live briefing, our Unit 42 experts will share exclusive, actionable intelligence from our investigation conducted over the past two and a half years. You will learn how to:

● Unmask the Adversary: Go behind the scenes of the investigation that began with a single activity cluster and resulted in a newly attributed threat actor.
● Dissect the Novel Malware: Understand the details of the NET-STAR malware suite, including its fileless components and sophisticated evasion techniques.
● Harden Your Defenses: Learn the TTPs of Phantom Taurus to better protect yourself, and see how Palo Alto Networks provides a comprehensive defense against this new threat.

Get the insights you need to stop Phantom Taurus in your organization.

To learn more, check out the threat research: http://unit42.paloaltonetworks.com/phantom-taurus

UNMASKED: Inside a New Chinese Nexus APT

The truth? Upgrading from QRadar to Cortex XSIAM is easier than you think. Join Palo Alto Networks and IBM as we separate fact from fiction when it comes to modernizing your SOC. 

In this fast-paced myth-busting session, we’ll tackle the top concerns about moving to a cloud-native, AI-powered SOC, from fears of time-consuming deployments to worries about cost, complexity, and security. Hear directly from security leaders who’ve made the switch—and haven’t looked back.

Featuring Chris Meenan, formerly the VP of Security Product Management, Threat Management at IBM, now Security Operations Transformation Leader at Palo Alto Networks, Bill Crawford, VP of Sales at IBM, and Danny Milrad, Principal Product Marketing Manager for Unit 42 at Palo Alto Networks, this session delivers expert insights, real customer stories, and practical tips to simplify your journey from QRadar to the future of security operations.

What you’ll learn:
● Why QRadar customers are making the move now.
● What real customers say about migration timelines and outcomes.
● How IBM and Palo Alto Networks can help you upgrade seamlessly.

Don’t let outdated assumptions hold your SOC back. It’s time to debunk the myths and move forward with confidence.

5 QRadar Migration Myths Debunked: Why You Should Move to a Cloud-Native, AI-Driven SOC

Cybercriminals are shifting from technical exploits to manipulating human psychology, making social engineering the top threat to organizations. Traditional tech-focused security controls fall short against attackers exploiting trust.
 
This session delves into the 2025 Unit 42 Global Incident Response Report, highlighting how social engineering has become the leading attack vector, causing data exposure in over half of incidents. It examines modern deception tactics and strategies for stronger defenses.
 
• Real-world cases like deepfake videos and fake IT support calls
• How AI scales deception, mimicking legitimate processes
• The rise of automated ecosystems exploiting familiar workflows
• Defense strategies like red flag detection and Zero Trust
 
Watch this webinar to understand today's social engineering threats and learn how to fortify your organization's human-centered security.

Why social engineering became the dominant cyber threat and how to defend against it

As cloud adoption accelerates, traditional security measures are quickly becoming obsolete. With the rise of sophisticated AI-driven attacks, security teams need to adapt, moving faster and smarter to protect their environments.

This fireside chat explores how cloud posture security and AI-driven solutions are key to safeguarding multi-cloud environments. Moderated by Tom Schmidt, contributing editor at CIO, they dive into:

● Insights from Unit 42 threat researchers about emerging cloud and AI attacks.
● New ways to prioritize risks, fix misconfigurations and prevent cloud breaches.
● Best practices for building real-time, adaptive security for the modern cloud environment.

Tune in for actionable insights on how to strengthen your cloud security posture and outpace attackers.

Averting Cloud Attacks with AI & Cloud Posture Security

Midmarket organizations face the same cybersecurity threats as larger enterprises but with fewer resources, making them attractive targets while struggling to implement security measures.
 
This webinar explores how an integrated platform approach can transform cybersecurity for resource-constrained organizations, offering enterprise-grade protection without complexity. Experts discuss strategies for consolidating tools and streamlining operations while maintaining robust defenses.
 
• How platform consolidation reduces costs and overhead
• The shift from point solutions to unified security management
• Strategies for network, endpoint, and cloud security integration
• Benefits of centralized visibility and automated threat response
 
Learn how midmarket organizations can achieve better security outcomes with fewer resources by adopting a strategic platform approach. Watch to simplify your cybersecurity posture and strengthen defenses against evolving threats.

Palo Alto Networks’ – Bringing Enterprise Grade Security to the Midmarket

Adversaries use AI. Your security should too. Cortex XSIAM® replaces static rules and manual triage processes with unified data, AI and automation to outpace machine-speed threats.

See how upgrading to Cortex XSIAM is a snap using AI-assisted migration, prebuilt connectors and turnkey playbooks. Deploy 4x faster, cut costs and protect your organization from today’s most advanced attacks.

Attend this webinar to learn:

• Why AI, why now: The limitations of traditional SIEMs and what’s pushing CISOs to AI-driven SecOps platforms.
• The migration playbook: How AI-guided rule mapping, phased cutover and automation drive faster results.
• Real-world outcomes: 75% fewer false positives and 30% lower tool costs and resolve incidents in under 10 minutes.

Get expert advice to make your migration less risky. Save your spot now.

Beyond SIEM: Fast-Track to an AI-Driven SOC

Unmatched results from the XDR technology leader.

 The just-released MITRE ATT&CK® Enterprise Evaluations reveal how Palo Alto Networks continues to outperform the competition in stopping advanced cyberthreats.

 In this on-demand session, cybersecurity experts Peter Havens, Parker Crook and Yoni Allon explain how we achieved the highest MITRE ATT&CK detection accuracy in history and break down what it means for you. Topics include:

-Key changes in MITRE ATT&CK Evaluations for the enterprise and what it means for cybersecurity evaluations.
-Insights on real-world adversaries and ransomware attacks tested, including North Korea.
-How Palo Alto Networks outperformed vendors in the most challenging Enterprise Evaluations yet.

Come away with a deeper understanding of the "how and why" behind MITRE's most rigorous evaluation yet and learn why Cortex XDR's superior performance makes it the clear choice for your security operations.

MITRE ATT&CK 2024:  Results for the Toughest Evaluations Yet

Cyberattacks span various organizational domains, requiring full context for effective defense. Learn how Cortex XDR leverages AI to combat multi-domain attacks, starting with endpoint and utilizing organization-wide data analytics for fast response.

Symphony 25: Defeat Multi-Domain Attacks with AI-Powered Endpoint Security

With threats like AI-assisted campaigns outpacing traditional security, a proactive approach is essential. Based on new Unit 42 research, this session shows how to stop advanced attacks with a combination of threat intelligence, automation, and AI. Discover how Palo Alto Networks Managed Services (MDR & MTH) on the Cortex SOC platform delivers the visibility and speed needed to drastically reduce MTTR and prevent breaches.

From Insight to Action: A Unit 42 Playbook for AI-Driven Managed Defense

Palo Alto Networks is hosting a live threat briefing to provide timely guidance on recently disclosed Microsoft SharePoint vulnerabilities currently being exploited in the wild. CVE-2025-49704, CVE-2025-49706, CVE-2025-53770 and CVE-2025-53771 impact on-premises SharePoint servers and, when chained, allow unauthenticated attackers to execute arbitrary commands.

We’ll share what our IR and Threat Intel teams are seeing in active investigations, outline how these exploits are being used to bypass identity controls and offer practical recommendations for detection, containment and response. The session will include a technical walkthrough, mitigation guidance and time for a live Q&A.

In this live threat briefing, we will provide:

- An overview of the vulnerabilities and how they’re being combined to enable remote code execution.
- A summary of current threat activity targeting on-premises SharePoint environments.
- Insight into common attacker behaviors, including persistence techniques and access escalation.
- Guidance on how to assess exposure, validate compromise and respond.
- Why patching alone may not be sufficient and what additional steps are recommended.
- Available resources and support from Palo Alto Networks and Unit 42.

Act now to equip your organization against these persistent adversaries.

Unit 42 Threat Briefing | Defending Against Active Microsoft SharePoint Exploits

Threat Intelligence

Unit 42

Palo Alto Networks

Proactive Assessments

Microsoft SharePoint

Incident Response

Cyber Attacks

Cyber Incident Response

Breach Detection

Breach Response

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Unit 42 Threat Briefing | Defending Against Active Microsoft SharePoint Exploits

Presented by

About this talk

Palo Alto Networks