The Cybersecurity Defenders Podcast

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Cisco has disclosed a critical vulnerability—tracked as CVE-2025-20337 with a perfect score of 10—affecting its Identity Services Engine (ISE) and the ISE Passive Identity Connector (ISE-PIC). A recently updated version of the malware-as-a-service (MaaS) loader Matanbuchus is being deployed in active spear-phishing campaigns that are ultimately aimed at high-value ransomware infections.Cambodia has announced the arrest of over 1,000 individuals this week as part of a nationwide crackdown on cybercrime networks operating within its borders.A threat actor linked to the Abyss ransomware campaign, tracked as UNC6148 by Google’s Threat Intelligence Group (GTIG), appears to be exploiting a zero-day vulnerability in SonicWall’s end-of-life Secure Mobile Access (SMA) 100 series devices.

Join us every Friday as we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Kai West, a 25-year-old British national, has been indicted by the U.S. Attorney’s Office for the Southern District of New York for allegedly operating under the online alias “IntelBroker.” Hunters International, a ransomware group that surfaced in 2023 and is believed to have originated from the now-defunct Hive ransomware operation, has announced it is ceasing all activity.Hackers in Brazil managed to steal nearly $140 million USD from six banks by exploiting insider access at a financial technology firm called C&M, which provides connectivity services to financial institutions and the Brazilian Central Bank. Several critical vulnerabilities in Ruckus Networks' management products remain unpatched, leaving large-scale WiFi environments at risk of complete compromise.Microsoft has released security updates addressing 130 vulnerabilities across its product line as part of its July 2025 Patch Tuesday.

Join us every Friday as we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.Each week, we bring you a different expert guest who will share their invaluable insights on topics ranging from threat hunting and incident response to security operations and detection engineering. What makes these sessions special is their informal and interactive nature, allowing for an engaging dialogue between our guests, hosts, and the audience.You can sign up to join us for the live sessions at limacharlie.io/defender-fridays

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Two critical local privilege escalation vulnerabilities in the Sudo utility—CVE-2025-32462 and CVE-2025-32463—have been disclosed by the Stratascale Cyber Research Unit.Google Chrome and Mozilla Firefox are both facing distinct, serious threats this week—Chrome from a zero-day vulnerability under active exploitation and Firefox from a campaign of malicious browser extensions targeting cryptocurrency users.The Medusa ransomware group, active since late 2021, has maintained a consistent and aggressive operational tempo into 2025. Cloudflare has rolled out a significant change to how websites handle AI crawlers, positioning itself as the first internet infrastructure provider to block AI-driven scraping by default.

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Thai police conducted a major raid on the Antai Holiday Hotel in central Pattaya late on Monday night, June 16th, uncovering a joint operation involving both ransomware distribution and illegal gambling.Canada’s national cybersecurity agency has confirmed that a Chinese state-sponsored group known as Salt Typhoon successfully targeted a Canadian telecommunications company earlier this year, exploiting a Cisco vulnerability.The Department of Homeland Security (DHS) has issued a National Terrorism Advisory System bulletin warning of an elevated risk of cyberattacks and potentially violent extremism in response to escalating geopolitical tensions between the U.S. and Iran.Security researchers have confirmed that recent social engineering campaigns exploiting Zoom are the work of BlueNoroff, a North Korean state-sponsored APT group known for targeting financial entities, particularly in the cryptocurrency and online gambling sectors.

Join Brian Carrier, the CEO of Sleuth Kit Labs and a digital forensics expert with over 25 years in the field, as he dives into the latest in cybersecurity. Topics include the evolving landscape of endpoint detection and response (EDR) and its unique challenges. Carrier discusses the limitations of traditional forensic techniques in cloud environments and emphasizes the importance of root cause analysis. He sheds light on the complexities of data collection across different operating systems and the implications for cybersecurity, especially regarding Advanced Persistent Threats.

Delve into the chilling world of OtterCookie, a malware created by North Korea's Lazarus group, which lures victims with fake freelance job offers. Discover a critical flaw in the LangFlow platform, allowing for severe code execution exploits, and the ethical quandaries around hacking disclosure. Also, learn about the nefarious Water Curse, which targets the software supply chain through disguised GitHub repositories, and the evolving tactics of Scattered Spider as they shift focus to the US insurance sector. Cybersecurity insights await!

Hayden Covington, SOC SecOps Lead at Black Hills Information Security, shares insights from his extensive background, including work with APTs for a Navy contractor. He dives into the vital balance of AI and human oversight in security operations, stressing the importance of maintaining a human touch to prevent errors. The conversation highlights how AI can enhance detection and streamline operations, while also discussing the challenges posed by rapidly evolving AI technologies. With an informal tone, they emphasize collaboration in tackling cybersecurity challenges.

Discover the troubling tactics behind China-backed cyberattacks on SentinelOne and the implications for the cybersecurity landscape. Delve into newly exploited vulnerabilities in popular software and the legal responsibilities tied to cybersecurity incidents. Uncover how AI misuses are reshaping phishing and malware scenarios, calling for responsible practices. Finally, gain insight into the active exploitation of a critical flaw in Wazuh Server, allowing attackers to unleash Mirai botnet variants for DDoS operations.