The Cybersecurity Defenders Podcast

Originally recorded: Friday May 29, 2026
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.
A large-scale software supply chain attack dubbed “Megalodon” infected thousands of GitHub repositories with credential-stealing malware in a highly automated campaign that unfolded over a six-hour period on May 18, 2026.
Researchers from OX Security have identified a malicious npm package named “mouse5212-super-formatter” that was designed to steal files from Anthropic Claude AI environments by targeting the “/mnt/user-data” directory.
Convenience store giant 7-Eleven disclosed a data breach tied to an attack that occurred on April 8, 2026, involving systems that contained franchise-related documents. SecurityWeek article Matt references.
CISA has issued an urgent warning about a critical vulnerability in the LiteSpeed cPanel Plugin, tracked as CVE-2026-48172, which is already being actively exploited in the wild.
Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.
This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Join us for this week's Defender Fridays as Charles Grandjean, CTO and Co-founder at Hexiagon AI, breaks down where AI-assisted pen testing actually stands today and what it means for both red teams and defenders.
At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.
What We'll Discuss
In this episode, Charles Grandjean draws on his experience building an AI-powered continuous pen testing platform to trace how LLM capabilities have evolved for offensive security, and what the rise of autonomous attack tooling means for defenders.
Key Topics:
How AI pen testing has progressed from unreliable single commands to chaining complex attack sequences
Why the last six months marked a turning point in LLM planning and long-context reasoning
When to use in-context learning and RAG versus fine-tuning, and why most teams should start with the former
Why privacy considerations push serious pen testing operations toward self-hosted models
How the balance between model control and code control has shifted as models have improved
Why unrestricted and fine-tuned open-weights models are lowering the barrier for malicious actors
What automated offense means for defense teams and why the response needs to match the scale of the threat
About Our Guest
Charles Grandjean is the CTO and Co-founder of Hexiagon AI, a company focused on automating penetration testing through AI to enable continuous, around-the-clock security validation. He has been building and iterating on AI-assisted offensive tooling for the past two years, tracking the evolution of LLM capabilities firsthand from early prototype to production system.
Register for Live Sessions
Join us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you, our audience.
Register here: https://limacharlie.io/defender-fridays
Subscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes on our website!
Sponsored by LimaCharlie
This episode is brought to you by LimaCharlie, the Agentic SecOps Workspace (ASW), where AI agents operate security infrastructure using the same controls and authority as human analysts, with every action visible, governed, and auditable.
Why LimaCharlie?
Eliminate vendor sprawl and tool complexity
Deploy and scale effortlessly on native multi-tenant architecture
Reduce costs with intelligent data routing and free 1-year retention
Build custom solutions with 100+ security capabilities on-demand
Accelerate response with agentic AI that acts directly within predefined workflows
Try the Agentic SecOps Workspace free: https://limacharlie.io
Learn more: https://docs.limacharlie.io
Follow LimaCharlie
Sign up for free: https://limacharlie.io
LinkedIn: / limacharlieio
X: https://x.com/limacharlieio
Community Discourse: https://community.limacharlie.com/
Host: Maxime Lamothe-Brassard - Founder at LimaCharlie
Guest: Charles Grandjean - CTO and Co-founder at Hexiagon AI

Originally recorded: Friday May 22, 2026
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.
GitHub has confirmed that roughly 3,800 internal repositories were accessed in a supply chain compromise tied to the hacking group TeamPCP.
China-aligned threat actor Webworm has shifted its targeting focus from Asia to Europe, according to new research published by ESET.
Researchers uncovered a previously undocumented Microsoft 365 account takeover panel that integrates directly with Evilginx Pro infrastructure to streamline token theft and post-compromise operations.
European and North American law enforcement agencies announced the dismantling of “First VPN,” a VPN service allegedly built to support cybercriminal activity including ransomware operations, data theft, scanning, and denial-of-service attacks.
Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.
This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Join us for this week's Defender Fridays as Chris Sanders, Founder at Applied Network Defense and the Rural Technology Fund, breaks down how analysts actually think through investigations and what separates high performers from the rest.
At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.
What We'll Discuss
In this episode, Chris Sanders draws on his background in security operations and cognitive psychology to explore how metacognition shapes investigative performance, and why understanding how you think is one of the most underleveraged skills in the SOC.
Key Topics:
Why high-performing analysts ask better questions instead of starting with large chunks of data
How diagnostic inquiry (DINQ) was developed by studying senior analysts in action
What separates one year of experience repeated twenty times from genuinely diverse experience
Why tacit knowledge makes it hard to train new analysts and what to do about it
How AI fits into the investigative process and where humans still need to be in the loop
Why cybersecurity education has a transfer problem and what other fields like medicine get right
What good SOCs have in common and why it comes down to metacognitive awareness
About Our Guest
Chris Sanders is the Founder of Applied Network Defense, a training company focused on analyst and investigative roles, and the Rural Technology Fund, an organization that supports technology education in rural and underserved communities. He holds a doctorate in education and has spent his career at the intersection of cybersecurity and cognitive psychology, including time at school districts, the federal government, and Mandiant.
Register for Live Sessions
Join us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you, our audience.
Register here: https://limacharlie.io/defender-fridays
Subscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes on our website!
Sponsored by LimaCharlie
This episode is brought to you by LimaCharlie, the Agentic SecOps Workspace (ASW), where AI agents operate security infrastructure using the same controls and authority as human analysts, with every action visible, governed, and auditable.
Why LimaCharlie?
Eliminate vendor sprawl and tool complexity
Deploy and scale effortlessly on native multi-tenant architecture
Reduce costs with intelligent data routing and free 1-year retention
Build custom solutions with 100+ security capabilities on-demand
Accelerate response with agentic AI that acts directly within predefined workflows
Try the Agentic SecOps Workspace free: https://limacharlie.io
Learn more: https://docs.limacharlie.io
Follow LimaCharlie
Sign up for free: https://limacharlie.io
LinkedIn: / limacharlieio
X: https://x.com/limacharlieio
Community Discourse: https://community.limacharlie.com/
Host: Maxime Lamothe-Brassard - Founder at LimaCharlie
Guest: Chris Sanders - Founder at Applied Network Defense & Rural Technology Fund

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.
Researchers have disclosed a new Linux local privilege escalation technique called “Dirty Frag,” which chains together two kernel vulnerabilities: CVE-2026-43284 in xfrm-ESP handling and CVE-2026-43500 in RxRPC.
The breach affecting educational technology provider Instructure has raised broader concerns about the security dependencies schools have on third-party cloud platforms.
Security researchers at Aikido are tracking a major expansion of the “Mini Shai-Hulud” malware campaign targeting the npm ecosystem.
Google Threat Intelligence Group says threat actors are moving from experimental AI usage toward large-scale operational integration of generative models across the cyberattack lifecycle.
Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.
This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.