PodcastsBusinessThe Cybersecurity Defenders Podcast

The Cybersecurity Defenders Podcast

LimaCharlie
The Cybersecurity Defenders Podcast
Latest episode

339 episodes

  • The Cybersecurity Defenders Podcast

    Intel Chat: Dialogflow Rogue Agent, ghost phishing, CISA KEV deadline & HalluSquatting [338]

    2026-07-09 | 34 mins.
    Intel Chat with Matt Bromiley and Chris Luft.
    Matt and Chris break down four stories from the week in threat intel:
    • Varonis Threat Labs' "Rogue Agent" — a permission boundary flaw in Google Dialogflow CX's Code Blocks feature that could let an attacker with a single permission (dialogflow.playbooks.update) inject persistent malicious code into a chatbot's execution pipeline and silently exfiltrate conversations; Google has fully patched it, no customer action required.
    • The EvilTokens campaign and "ghost phishing" — AES-GCM-encrypted phishing pages that look harmless to URL scanners and only reveal themselves after decrypting in the victim's browser, driving Microsoft device code phishing against Microsoft 365 accounts.
    • CISA adds four actively exploited flaws to the KEV catalog with a July 10 patch deadline under BOD 26-04: Adobe ColdFusion (CVE-2026-48282, CVSS 10.0), Langflow (CVE-2026-55255, chained with CVE-2026-33017), and Joomla's SP Page Builder (CVE-2026-48908) and Page Builder CK (CVE-2026-56290) extensions.
    • HalluSquatting — Tel Aviv University researchers show attackers can register the repository names AI coding assistants predictably hallucinate, then ride prompt injection to code execution on developer machines — with success rates up to 85% for repos and 100% for skill installs across Cursor, Windsurf, Copilot, Cline, Gemini CLI and more.
    Stories covered:
    • https://www.darkreading.com/application-security/dialogflow-cx-rogue-agent-flaw-enabled-ai-chatbot-data-theft
    • https://thehackernews.com/2026/07/new-ghost-phishing-wave-is-breaking.html
    • https://www.securityweek.com/cisa-urges-immediate-patching-of-exploited-coldfusion-langflow-joomla-flaws/
    • https://thehackernews.com/2026/07/new-hallusquatting-attack-could-trick.html
    Chapters:
    0:00 Intro & catching up
    4:31 Google Dialogflow CX "Rogue Agent" flaw
    11:03 EvilTokens & "ghost phishing"
    17:37 CISA KEV: ColdFusion, Langflow & Joomla — patch by July 10
    24:56 HalluSquatting: weaponizing AI hallucinations
    33:16 Wrap-up
    The Cybersecurity Defenders Podcast — a podcast about cybersecurity and the people that keep the internet safe. New episodes drop weekly.
    Subscribe wherever you listen:
    • Spotify: https://open.spotify.com/show/6ep00zeY3S8ffZ4o0UeSps
    • Apple Podcasts: https://podcasts.apple.com/us/podcast/the-cybersecurity-defenders-podcast/id1649981740
    • YouTube: https://www.youtube.com/@limacharlieio
    Learn more about LimaCharlie: https://limacharlie.io
    #cybersecurity #infosec #threatintel #AIsecurity #phishing
  • The Cybersecurity Defenders Podcast

    Ransomware in the age of agentic AI with Behnaz Karimi [337]

    2026-07-08 | 33 mins.
    Today we're speaking with Behnaz Karimi, an independent researcher specializing in ransomware and agentic AI systems, Senior Cybersecurity Analyst at Accenture, and founder of Tremorina, about how ransomware is evolving to target AI systems, machine learning pipelines, and autonomous agents.
    With more than 20 years of experience in cybersecurity, Behnaz is also a leader within the OWASP AI Exchange, where she helps develop AI security frameworks and contributes to international AI security standards. In this conversation we cover the new generation of data-poisoning ransomware, why stolen models and datasets are becoming the ransom, what makes autonomous agents an entirely new attack surface, and how organizations can build resilience into their AI initiatives from day one.
    Learn more about the OWASP AI Exchange at https://owaspai.org/
    Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.
    This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.
    Start today for free at https://limacharlie.io/
    Subscribe to The Cybersecurity Defenders Podcast on Spotify: https://open.spotify.com/show/6ep00zeY3S8ffZ4o0UeSps
  • The Cybersecurity Defenders Podcast

    Intel Chat: Hijacked AI backends, billboard hacks, Cursor DuneSlide & Claude export controls [336]

    2026-07-03 | 33 mins.
    Intel Chat with Matt Bromiley and Chris Luft.
    Matt and Chris break down four stories from the week in threat intel:
    • Zenity researchers observed three campaigns where attackers hijacked internet-exposed AI inference endpoints (Ollama, LiteLLM) as free model backends for offensive operations — including the Strix and HexStrike-AI pentesting frameworks and a Codex agent posing as a "security auditor" — enabled by no-auth defaults and placeholder API keys.
    https://www.darkreading.com/cloud-security/attackers-hijack-exposed-ai-endpoints-power-offensive-ops
    • A CISA advisory on Daktronics controllers behind scoreboards, digital billboards and highway signs: unauthenticated path traversal, arbitrary file upload and default admin credentials chaining to root-level control, found and responsibly disclosed by a Princeton undergrad.
    https://www.securityweek.com/new-controller-flaws-expose-highway-signs-and-billboards-to-remote-hacking/
    • Cato's "DuneSlide" (CVE-2026-50548 / CVE-2026-50549) — two critical Cursor flaws where a single prompt injection escapes the terminal sandbox and executes arbitrary commands on a developer's machine; patched in Cursor 3.0.
    https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html
    • Anthropic restoring worldwide Claude Fable 5 access after the US Commerce Department lifted emergency export controls triggered by a jailbreak — plus what it means for AI governance, open-source model catch-up and the data center debate.
    https://thehackernews.com/2026/07/anthropic-restores-claude-fable-5-after.html
    Chapters:
    0:00 Intro & catching up
    1:17 Attackers hijacking exposed AI backends (Ollama & LiteLLM)
    9:18 CISA advisory: billboard & highway sign controllers
    13:46 Cursor "DuneSlide" prompt-injection sandbox escape
    20:34 Claude Fable 5 export controls lifted
    28:17 Data centers, nuclear déjà vu & the AI race
    33:39 Wrap-up
    The Cybersecurity Defenders Podcast — a podcast about cybersecurity and the people that keep the internet safe. New episodes drop weekly.
    Learn more about LimaCharlie: https://limacharlie.io
    #cybersecurity #infosec #threatintel #AIsecurity #promptinjection
  • The Cybersecurity Defenders Podcast

    Intel Chat: Cisco CUCM exploited, ransomware profiles, Gamaredon & AI agent phishing [335]

    2026-07-01 | 30 mins.
    Intel Chat with Matt Bromiley and Chris Luft.
    Matt and Chris break down four stories from the week in threat intel:
    • Cisco CUCM (CVE-2026-20230) — a web-dialer SSRF that chains to root-level RCE, exploited in the wild less than 24 hours after the PoC and full exploit chain were published.
    • The latest Ransomware Tool Matrix (RTM) / Ransomware Vulnerability Matrix (RVM) update, profiling three active groups — The Gentlemen, DragonForce and Warlock — and the BYOVD and legit-admin-tool tradecraft they increasingly share.
    • Gamaredon's upgraded toolkit against Ukraine (per ESET): new PowerShell downloaders like PteroPaste, Cloudflare tunneling and Workers for C2, and exfiltration to trusted cloud storage such as Amazon S3 and Dropbox.
    • Varonis Threat Labs phishing an AI email agent ("Pinchy") — why agents spot technical phishing better than humans yet hand over credentials to a convincing social request, and why you should treat them as privileged junior employees.
    Chapters:
    0:00 Intro & catching up
    2:25 Cisco CUCM exploited within 24h of the PoC
    9:57 Ransomware Tool Matrix: The Gentlemen, DragonForce & Warlock
    15:44 Gamaredon's upgraded TTPs against Ukraine
    22:18 Can AI email agents be phished?
    28:08 Wrap-up: Black Hat plans & the LimaCharlie suite
    The Cybersecurity Defenders Podcast — a podcast about cybersecurity and the people that keep the internet safe. New episodes drop weekly.
    Subscribe wherever you listen:
    • Spotify: https://open.spotify.com/show/6ep00zeY3S8ffZ4o0UeSps
    • Apple Podcasts: https://podcasts.apple.com/us/podcast/the-cybersecurity-defenders-podcast/id1649981740
    • YouTube: https://www.youtube.com/@limacharlieio
    Learn more about LimaCharlie: https://limacharlie.io
    #cybersecurity #infosec #threatintel #ransomware #DFIR
  • The Cybersecurity Defenders Podcast

    The evolving fraud landscape in the age of AI with Tamas Kadar [#334]

    2026-06-30 | 42 mins.
    Today we're speaking with Tamas Kadar, CEO / Co-Founder of SEON, about building a safer digital world for businesses. We touch on fraud, how it's evolved in the age of AI, and what we can do to protect ourselves against it.
    Tamas' entrepreneurial path began at Corvinus University in Budapest, where the vision for SEON first took shape. Co-founding a cryptocurrency exchange opened his eyes to the scale and complexity of online fraud, sparking the idea for something better. In 2017, that “something better” became SEON. Learn more at https://seon.io/
    Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.
    This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io
More Business podcasts
About The Cybersecurity Defenders Podcast
An accessible but technical podcast about cybersecurity and the people who keep the internet safe. The podcast is built as a series of segments: we will be looking back at the last couple of weeks in cybersecurity news, talking to different people in the industry about areas of their expertise, we're going to break apart some of the TTPs being used by adversaries, and we will even cover a little bit of hacker history.
Podcast website

Listen to The Cybersecurity Defenders Podcast, The Rational Reminder Podcast and many other podcasts from around the world with the radio.net app

Get the free radio.net app

  • Stations and podcasts to bookmark
  • Stream via Wi-Fi or Bluetooth
  • Supports Carplay & Android Auto
  • Many other app features