#199 - Intel Chat: Lazarus Group, BadPilot, PAN-OS, emoji exfil, Kitty Stealer & PolarEdge

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• North Korea’s state-backed Lazarus Group is believed to be responsible for the largest cryptocurrency heist ever recorded, stealing $1.5 billion from the Bybit exchange.
• The "BadPilot" hacking campaign has been linked to Russia's Sandworm threat group, a unit of the GRU known for cyber espionage and disruptive attacks.
• GreyNoise has observed active exploitation of CVE-2025-0108, a critical authentication bypass vulnerability in Palo Alto Networks’ PAN-OS.
• Security researcher Paul Butler has demonstrated a novel technique for smuggling arbitrary data using emojis, leveraging the way modern text encoding and rendering systems handle Unicode characters.
• Kitty Stealer is a newly identified malware targeting macOS systems, designed to steal sensitive user data such as credentials, browser cookies, and cryptocurrency wallets.
• SEKOIA researchers have uncovered a previously unknown IoT botnet named PolarEdge, which has been operating covertly for an extended period.