

The Cybersecurity Defenders Podcast
LimaCharlie
An accessible but technical podcast about cybersecurity and the people who keep the internet safe. The podcast is built as a series of segments: we will be looking back at the last couple of weeks in cybersecurity news, talking to different people in the industry about areas of their expertise, we're going to break apart some of the TTPs being used by adversaries, and we will even cover a little bit of hacker history.
Episodes
Mentioned books

Aug 2, 2025 • 29min
#234 - Defender Fridays: Autonomous SOC, AI for cybersecurity, and security automation with Filip Stojkovski, Staff Security Engineer at Snyk
Join us every Friday as we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

Jul 31, 2025 • 37min
#233 - Intel Chat: SharePoint, ToolShell, UK bans payment & cryptojacking
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A critical new SharePoint vulnerability is under mass exploitation, with attackers targeting on-premises SharePoint Server deployments to exfiltrate sensitive data, including authentication tokens.And then directly related to the first story, Microsoft has now confirmed that at least three China-linked threat actors—Linen Typhoon, Violet Typhoon, and Storm-2603—were actively exploiting CVE-2025-49706 and CVE-2025-49704 a day before the company issued patches on July 8.The UK government announced on July 22, 2025, that it plans to make ransomware payments illegal for public sector bodies and operators of critical national infrastructure (CNI).In-browser cryptocurrency mining, often called crypto jacking, originally gained notoriety in 2017 when Coinhive introduced JavaScript-based mining for Monero.

Jul 25, 2025 • 31min
#232 - Defender Fridays: AI scarping and internal threat with Lera Leonteva, Founder of Leo AI
Join us every Friday as we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

Jul 22, 2025 • 28min
#231 - Intel Chat: CISCO CVE 10/10, Matanbuchus, Cambodian takedown & Overstep
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Cisco has disclosed a critical vulnerability—tracked as CVE-2025-20337 with a perfect score of 10—affecting its Identity Services Engine (ISE) and the ISE Passive Identity Connector (ISE-PIC). A recently updated version of the malware-as-a-service (MaaS) loader Matanbuchus is being deployed in active spear-phishing campaigns that are ultimately aimed at high-value ransomware infections.Cambodia has announced the arrest of over 1,000 individuals this week as part of a nationwide crackdown on cybercrime networks operating within its borders.A threat actor linked to the Abyss ransomware campaign, tracked as UNC6148 by Google’s Threat Intelligence Group (GTIG), appears to be exploiting a zero-day vulnerability in SonicWall’s end-of-life Secure Mobile Access (SMA) 100 series devices.

Jul 18, 2025 • 31min
#230 - Defender Fridays: Cyberphysical protection for high value assets with Lennart Koopman, Founder of
Join us every Friday as we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

Jul 17, 2025 • 36min
#229 - Intel Chat: IntelBroker, Hunters International, Brazilian insider, Ruckus Networks & Patch Tuesday
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Kai West, a 25-year-old British national, has been indicted by the U.S. Attorney’s Office for the Southern District of New York for allegedly operating under the online alias “IntelBroker.” Hunters International, a ransomware group that surfaced in 2023 and is believed to have originated from the now-defunct Hive ransomware operation, has announced it is ceasing all activity.Hackers in Brazil managed to steal nearly $140 million USD from six banks by exploiting insider access at a financial technology firm called C&M, which provides connectivity services to financial institutions and the Brazilian Central Bank. Several critical vulnerabilities in Ruckus Networks' management products remain unpatched, leaving large-scale WiFi environments at risk of complete compromise.Microsoft has released security updates addressing 130 vulnerabilities across its product line as part of its July 2025 Patch Tuesday.

Jul 11, 2025 • 29min
#228 - Defender Fridays: Building detection and response processes that scale with Ryan Cox, Senior Security Engineer at Revinate
Join us every Friday as we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.Each week, we bring you a different expert guest who will share their invaluable insights on topics ranging from threat hunting and incident response to security operations and detection engineering. What makes these sessions special is their informal and interactive nature, allowing for an engaging dialogue between our guests, hosts, and the audience.You can sign up to join us for the live sessions at limacharlie.io/defender-fridays

Jul 8, 2025 • 32min
#227 - Intel Chat: Sudo, browser vulns, Medusa & Cloudflare blocks AI
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Two critical local privilege escalation vulnerabilities in the Sudo utility—CVE-2025-32462 and CVE-2025-32463—have been disclosed by the Stratascale Cyber Research Unit.Google Chrome and Mozilla Firefox are both facing distinct, serious threats this week—Chrome from a zero-day vulnerability under active exploitation and Firefox from a campaign of malicious browser extensions targeting cryptocurrency users.The Medusa ransomware group, active since late 2021, has maintained a consistent and aggressive operational tempo into 2025. Cloudflare has rolled out a significant change to how websites handle AI crawlers, positioning itself as the first internet infrastructure provider to block AI-driven scraping by default.

Jul 1, 2025 • 27min
#226 - Intel Chat: Thai takedown, Salt Typhoon, Iran & BlueNoroff
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Thai police conducted a major raid on the Antai Holiday Hotel in central Pattaya late on Monday night, June 16th, uncovering a joint operation involving both ransomware distribution and illegal gambling.Canada’s national cybersecurity agency has confirmed that a Chinese state-sponsored group known as Salt Typhoon successfully targeted a Canadian telecommunications company earlier this year, exploiting a Cisco vulnerability.The Department of Homeland Security (DHS) has issued a National Terrorism Advisory System bulletin warning of an elevated risk of cyberattacks and potentially violent extremism in response to escalating geopolitical tensions between the U.S. and Iran.Security researchers have confirmed that recent social engineering campaigns exploiting Zoom are the work of BlueNoroff, a North Korean state-sponsored APT group known for targeting financial entities, particularly in the cryptocurrency and online gambling sectors.

Jun 27, 2025 • 31min
#225 - Defender Fridays: EDR, DFIR & endpoint triage with Brian Carrier, CEO of Sleauth Kit Labs
Join Brian Carrier, the CEO of Sleuth Kit Labs and a digital forensics expert with over 25 years in the field, as he dives into the latest in cybersecurity. Topics include the evolving landscape of endpoint detection and response (EDR) and its unique challenges. Carrier discusses the limitations of traditional forensic techniques in cloud environments and emphasizes the importance of root cause analysis. He sheds light on the complexities of data collection across different operating systems and the implications for cybersecurity, especially regarding Advanced Persistent Threats.