The Cybersecurity Defenders Podcast

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Two critical local privilege escalation vulnerabilities in the Sudo utility—CVE-2025-32462 and CVE-2025-32463—have been disclosed by the Stratascale Cyber Research Unit.Google Chrome and Mozilla Firefox are both facing distinct, serious threats this week—Chrome from a zero-day vulnerability under active exploitation and Firefox from a campaign of malicious browser extensions targeting cryptocurrency users.The Medusa ransomware group, active since late 2021, has maintained a consistent and aggressive operational tempo into 2025. Cloudflare has rolled out a significant change to how websites handle AI crawlers, positioning itself as the first internet infrastructure provider to block AI-driven scraping by default.

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Thai police conducted a major raid on the Antai Holiday Hotel in central Pattaya late on Monday night, June 16th, uncovering a joint operation involving both ransomware distribution and illegal gambling.Canada’s national cybersecurity agency has confirmed that a Chinese state-sponsored group known as Salt Typhoon successfully targeted a Canadian telecommunications company earlier this year, exploiting a Cisco vulnerability.The Department of Homeland Security (DHS) has issued a National Terrorism Advisory System bulletin warning of an elevated risk of cyberattacks and potentially violent extremism in response to escalating geopolitical tensions between the U.S. and Iran.Security researchers have confirmed that recent social engineering campaigns exploiting Zoom are the work of BlueNoroff, a North Korean state-sponsored APT group known for targeting financial entities, particularly in the cryptocurrency and online gambling sectors.

Join Brian Carrier, the CEO of Sleuth Kit Labs and a digital forensics expert with over 25 years in the field, as he dives into the latest in cybersecurity. Topics include the evolving landscape of endpoint detection and response (EDR) and its unique challenges. Carrier discusses the limitations of traditional forensic techniques in cloud environments and emphasizes the importance of root cause analysis. He sheds light on the complexities of data collection across different operating systems and the implications for cybersecurity, especially regarding Advanced Persistent Threats.

Delve into the chilling world of OtterCookie, a malware created by North Korea's Lazarus group, which lures victims with fake freelance job offers. Discover a critical flaw in the LangFlow platform, allowing for severe code execution exploits, and the ethical quandaries around hacking disclosure. Also, learn about the nefarious Water Curse, which targets the software supply chain through disguised GitHub repositories, and the evolving tactics of Scattered Spider as they shift focus to the US insurance sector. Cybersecurity insights await!

Hayden Covington, SOC SecOps Lead at Black Hills Information Security, shares insights from his extensive background, including work with APTs for a Navy contractor. He dives into the vital balance of AI and human oversight in security operations, stressing the importance of maintaining a human touch to prevent errors. The conversation highlights how AI can enhance detection and streamline operations, while also discussing the challenges posed by rapidly evolving AI technologies. With an informal tone, they emphasize collaboration in tackling cybersecurity challenges.

Discover the troubling tactics behind China-backed cyberattacks on SentinelOne and the implications for the cybersecurity landscape. Delve into newly exploited vulnerabilities in popular software and the legal responsibilities tied to cybersecurity incidents. Uncover how AI misuses are reshaping phishing and malware scenarios, calling for responsible practices. Finally, gain insight into the active exploitation of a critical flaw in Wazuh Server, allowing attackers to unleash Mirai botnet variants for DDoS operations.

Filip Stojkovski, Staff Security Engineer at Snyk, shares his insights from over 15 years in cybersecurity. He discusses the transformative role of AI and automation in security operations and how these technologies can enhance incident response. Filip highlights Snyk’s approach to code security, emphasizing secure coding practices in modern development pipelines. He also reflects on his career journey, from early interests to shaping security strategies and frameworks, ultimately advocating for a thoughtful integration of AI with necessary human oversight.

David Weston, Corporate Vice President of Enterprise and OS Security at Microsoft, dives into the cutting-edge intersection of AI and cybersecurity. He discusses the complexities of securing AI within Windows, reflecting on historical lessons like ActiveX. The chat highlights the crucial balance between security and extensibility in AI models, along with transformative innovations in endpoint security, such as ENTRA ID. Weston emphasizes the importance of collaboration in the cybersecurity landscape and invites listeners to actively engage with AI advancements for a safer digital future.

A strategic alliance between Microsoft and CrowdStrike aims to standardize threat actor naming for clearer communication in cybersecurity. An intriguing figure, GangExposed, emerges, revealing the identities of leaders within notorious ransomware groups. The podcast also discusses a new supply chain attack in the Ruby ecosystem that uses malicious packages to steal data. Additionally, researchers uncover the exploitation of misconfigured HashiCorp Nomad servers for unauthorized cryptocurrency mining, highlighting the critical need for robust security measures.

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Two significant crypto security breaches occurred in close succession this month, affecting both decentralized and centralized platforms. On May 22, Cetus—a decentralized exchange built on the Sui Network—was exploited via a vulnerability in its automated market maker (AMM). Meanwhile, Coinbase confirmed what it called a “targeted insider threat operation” that compromised data from less than 1% of its active monthly users.A threat group identified as “Hazy Hawk” has been systematically hijacking cloud-based DNS resources tied to well-known organizations, including the US Centers for Disease Control and Prevention (CDC), since December 2023. A newly disclosed vulnerability in Windows Server 2025, dubbed BadSuccessor, has raised major concerns among enterprise administrators managing Active Directory environments.Federal and international law enforcement, alongside a significant number of private-sector partners, have successfully dismantled the Danabot botnet in a multiyear operation aimed at neutralizing one of the more advanced malware-as-a-service (MaaS) platforms tied to Russian cybercriminal activity.