The Cybersecurity Defenders Podcast

LimaCharlie

An accessible but technical podcast about cybersecurity and the people who keep the internet safe. The podcast is built as a series of segments: we will be looking back at the last couple of weeks in cybersecurity news, talking to different people in the industry about areas of their expertise, we're going to break apart some of the TTPs being used by adversaries, and we will even cover a little bit of hacker history.

  1. 4d ago

    AI Chat: Grok CLI data exfiltration, AI vs. patching, distillation wars & shadow AI [339]

    AI Chat with Maxime Lamothe-Brassard and Chris Luft. A new segment on the podcast: AI news in cybersecurity that is less than 24 hours old, discussed while it is still hot. Joining Chris for these conversations is LimaCharlie founder and CEO Maxime Lamothe-Brassard. In this episode: • Nipun Gupta (founder of Optimus Labs) reports that xAI's Grok Build CLI packaged and uploaded an entire local Git repository — commit history, branches and .env files with API keys — to a Google Cloud bucket; wire-level analysis via mitmproxy, a quiet server-side fix, and why you should rotate keys if you used the tool. • Fortinet's take (via Mexico Business News) on AI accelerating vulnerability discovery and exploitation: 24–48 hours from disclosure to active exploitation vs. 16 days to patch — and whether "virtual patching" is a real mitigation or a feat of marketing. • The AI distillation debate: after years of arguing fair use for scraping the internet, frontier labs now object to competitors training on their model outputs — Business Insider's look at the irony, shared by Pascal Hetzscholdt (Wiley). • Neon Cyber's survey on shadow AI rising with seniority: 14% of individual contributors use unapproved AI tools vs. 63.7% of managers and 70% of VPs and above — and why enforcement, not awareness, is the real challenge. Stories covered: • / guptanipun_my-spare-laptop-ran-completely-... • https://mexicobusiness.news/cybersecu... • / pascal-hetzscholdt_quote-heres-some-delici... • https://neoncyber.com/blog/shadow-ai-... Chapters: 0:00 Intro — welcome to AI Chat 0:45 Grok Build CLI uploading entire repos (Nipun Gupta / Optimus Labs) 4:57 AI is outpacing patch management — is virtual patching the answer? 12:32 The AI distillation debate: scraping irony at the frontier labs 16:29 Shadow AI use rises with seniority (Neon Cyber) 22:51 Wrap-up The Cybersecurity Defenders Podcast — a podcast about cybersecurity and the people that keep the internet safe. New episodes drop weekly. Subscribe wherever you listen: • Spotify: https://open.spotify.com/show/6ep00ze... • Apple Podcasts: https://podcasts.apple.com/us/podcast... • YouTube: / @limacharlieio

  2. Jul 9

    Intel Chat: Dialogflow Rogue Agent, ghost phishing, CISA KEV deadline & HalluSquatting [338]

    Intel Chat with Matt Bromiley and Chris Luft. Matt and Chris break down four stories from the week in threat intel: • Varonis Threat Labs' "Rogue Agent" — a permission boundary flaw in Google Dialogflow CX's Code Blocks feature that could let an attacker with a single permission (dialogflow.playbooks.update) inject persistent malicious code into a chatbot's execution pipeline and silently exfiltrate conversations; Google has fully patched it, no customer action required. • The EvilTokens campaign and "ghost phishing" — AES-GCM-encrypted phishing pages that look harmless to URL scanners and only reveal themselves after decrypting in the victim's browser, driving Microsoft device code phishing against Microsoft 365 accounts. • CISA adds four actively exploited flaws to the KEV catalog with a July 10 patch deadline under BOD 26-04: Adobe ColdFusion (CVE-2026-48282, CVSS 10.0), Langflow (CVE-2026-55255, chained with CVE-2026-33017), and Joomla's SP Page Builder (CVE-2026-48908) and Page Builder CK (CVE-2026-56290) extensions. • HalluSquatting — Tel Aviv University researchers show attackers can register the repository names AI coding assistants predictably hallucinate, then ride prompt injection to code execution on developer machines — with success rates up to 85% for repos and 100% for skill installs across Cursor, Windsurf, Copilot, Cline, Gemini CLI and more. Stories covered: • https://www.darkreading.com/application-security/dialogflow-cx-rogue-agent-flaw-enabled-ai-chatbot-data-theft • https://thehackernews.com/2026/07/new-ghost-phishing-wave-is-breaking.html • https://www.securityweek.com/cisa-urges-immediate-patching-of-exploited-coldfusion-langflow-joomla-flaws/ • https://thehackernews.com/2026/07/new-hallusquatting-attack-could-trick.html Chapters: 0:00 Intro & catching up 4:31 Google Dialogflow CX "Rogue Agent" flaw 11:03 EvilTokens & "ghost phishing" 17:37 CISA KEV: ColdFusion, Langflow & Joomla — patch by July 10 24:56 HalluSquatting: weaponizing AI hallucinations 33:16 Wrap-up The Cybersecurity Defenders Podcast — a podcast about cybersecurity and the people that keep the internet safe. New episodes drop weekly. Subscribe wherever you listen: • Spotify: https://open.spotify.com/show/6ep00zeY3S8ffZ4o0UeSps • Apple Podcasts: https://podcasts.apple.com/us/podcast/the-cybersecurity-defenders-podcast/id1649981740 • YouTube: https://www.youtube.com/@limacharlieio Learn more about LimaCharlie: https://limacharlie.io #cybersecurity #infosec #threatintel #AIsecurity #phishing

  3. Jul 3

    Intel Chat: Hijacked AI backends, billboard hacks, Cursor DuneSlide & Claude export controls [336]

    Intel Chat with Matt Bromiley and Chris Luft. Matt and Chris break down four stories from the week in threat intel: • Zenity researchers observed three campaigns where attackers hijacked internet-exposed AI inference endpoints (Ollama, LiteLLM) as free model backends for offensive operations — including the Strix and HexStrike-AI pentesting frameworks and a Codex agent posing as a "security auditor" — enabled by no-auth defaults and placeholder API keys. https://www.darkreading.com/cloud-security/attackers-hijack-exposed-ai-endpoints-power-offensive-ops • A CISA advisory on Daktronics controllers behind scoreboards, digital billboards and highway signs: unauthenticated path traversal, arbitrary file upload and default admin credentials chaining to root-level control, found and responsibly disclosed by a Princeton undergrad. https://www.securityweek.com/new-controller-flaws-expose-highway-signs-and-billboards-to-remote-hacking/ • Cato's "DuneSlide" (CVE-2026-50548 / CVE-2026-50549) — two critical Cursor flaws where a single prompt injection escapes the terminal sandbox and executes arbitrary commands on a developer's machine; patched in Cursor 3.0. https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html • Anthropic restoring worldwide Claude Fable 5 access after the US Commerce Department lifted emergency export controls triggered by a jailbreak — plus what it means for AI governance, open-source model catch-up and the data center debate. https://thehackernews.com/2026/07/anthropic-restores-claude-fable-5-after.html Chapters: 0:00 Intro & catching up 1:17 Attackers hijacking exposed AI backends (Ollama & LiteLLM) 9:18 CISA advisory: billboard & highway sign controllers 13:46 Cursor "DuneSlide" prompt-injection sandbox escape 20:34 Claude Fable 5 export controls lifted 28:17 Data centers, nuclear déjà vu & the AI race 33:39 Wrap-up The Cybersecurity Defenders Podcast — a podcast about cybersecurity and the people that keep the internet safe. New episodes drop weekly. Learn more about LimaCharlie: https://limacharlie.io #cybersecurity #infosec #threatintel #AIsecurity #promptinjection

  4. Jul 1

    Intel Chat: Cisco CUCM exploited, ransomware profiles, Gamaredon & AI agent phishing [335]

    Intel Chat with Matt Bromiley and Chris Luft. Matt and Chris break down four stories from the week in threat intel: • Cisco CUCM (CVE-2026-20230) — a web-dialer SSRF that chains to root-level RCE, exploited in the wild less than 24 hours after the PoC and full exploit chain were published. • The latest Ransomware Tool Matrix (RTM) / Ransomware Vulnerability Matrix (RVM) update, profiling three active groups — The Gentlemen, DragonForce and Warlock — and the BYOVD and legit-admin-tool tradecraft they increasingly share. • Gamaredon's upgraded toolkit against Ukraine (per ESET): new PowerShell downloaders like PteroPaste, Cloudflare tunneling and Workers for C2, and exfiltration to trusted cloud storage such as Amazon S3 and Dropbox. • Varonis Threat Labs phishing an AI email agent ("Pinchy") — why agents spot technical phishing better than humans yet hand over credentials to a convincing social request, and why you should treat them as privileged junior employees. Chapters: 0:00 Intro & catching up 2:25 Cisco CUCM exploited within 24h of the PoC 9:57 Ransomware Tool Matrix: The Gentlemen, DragonForce & Warlock 15:44 Gamaredon's upgraded TTPs against Ukraine 22:18 Can AI email agents be phished? 28:08 Wrap-up: Black Hat plans & the LimaCharlie suite The Cybersecurity Defenders Podcast — a podcast about cybersecurity and the people that keep the internet safe. New episodes drop weekly. Subscribe wherever you listen: • Spotify: https://open.spotify.com/show/6ep00zeY3S8ffZ4o0UeSps • Apple Podcasts: https://podcasts.apple.com/us/podcast/the-cybersecurity-defenders-podcast/id1649981740 • YouTube: https://www.youtube.com/@limacharlieio Learn more about LimaCharlie: https://limacharlie.io #cybersecurity #infosec #threatintel #ransomware #DFIR

  5. Jun 20

    Last call for Defenders - How we're actually using AI in the SOC with Eric Capuano / Defender Fridays [#332]

    Join us for the final episode of Defender Fridays as Eric Capuano, creator of Defender Fridays and co-founder of Digital Defense Institute, closes out the series with a candid conversation on how he's actually building and running agentic workflows in the SOC today. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands. What We'll Discuss In this episode, Eric Capuano draws on years of SOC operations, detection engineering, and hands-on agentic workflow development to share what's actually working, what isn't, and where the industry needs to be more honest with itself. Key Topics: Why agentic workflows are the next evolution of SOAR, and what it takes to build them reliablyHow deterministic checkpoints at every stage are essential to making LLM-driven workflows trustworthyHow one team increased their detection engineering output by 900x using agentic workflows running day and nightWhy false positive tuning and detection engineering are the right place to start before tackling complex investigative workflowsHow to think about model selection in agentic pipelines: cost, task complexity, and stakesWhy organizations with poor data hygiene will struggle to get value from AI regardless of how sophisticated the tooling isThe risks of prompt injection when feeding untrusted inputs into LLMs, and why trusted inputs should always come firstWhy the goal is to use LLMs for as little as possible, and push everything else into deterministic stepsAbout Our Guest Eric Capuano is the creator of Defender Fridays and co-founder of Digital Defense Institute. He has spent years doing SOC operations, detection engineering, threat hunting, and DFIR, and currently consults on building and deploying agentic SecOps workflows for security teams. He is also the author of the "So You Want to Be a SOC Analyst" training, which has put over 500 students through hands-on SOC workflows using LimaCharlie's free tier. Watch Us Live Defender Fridays ran every Friday at 10:30am PT for over 100 sessions. Subscribe to our YouTube channel to catch up on past episodes. Sponsored by LimaCharlie This episode is brought to you by LimaCharlie, the Agentic SecOps Workspace (ASW), where AI agents operate security infrastructure using the same controls and authority as human analysts, with every action visible, governed, and auditable. Why LimaCharlie? Eliminate vendor sprawl and tool complexityDeploy and scale effortlessly on native multi-tenant architectureReduce costs with intelligent data routing and free 1-year retentionBuild custom solutions with 100+ security capabilities on-demandAccelerate response with agentic AI that acts directly within predefined workflowsTry the Agentic SecOps Workspace free: https://limacharlie.io Learn more: https://docs.limacharlie.io Follow LimaCharlie Sign up for free: https://limacharlie.io LinkedIn: / limacharlieio X: https://x.com/limacharlieio Community Discourse: https://community.limacharlie.com/ Host: Maxime Lamothe-Brassard - Founder at LimaCharlie Guest: Eric Capuano - Co-founder of Digital Defense Institute

    Last call for Defenders - How we're actually using AI in the SOC with Eric Capuano / Defender Fridays [#332]
5
out of 5
25 Ratings

About

An accessible but technical podcast about cybersecurity and the people who keep the internet safe. The podcast is built as a series of segments: we will be looking back at the last couple of weeks in cybersecurity news, talking to different people in the industry about areas of their expertise, we're going to break apart some of the TTPs being used by adversaries, and we will even cover a little bit of hacker history.

You Might Also Like