The Cybersecurity Defenders Podcast

Filip Stojkovski, Staff Security Engineer at Snyk, shares his insights from over 15 years in cybersecurity. He discusses the transformative role of AI and automation in security operations and how these technologies can enhance incident response. Filip highlights Snyk’s approach to code security, emphasizing secure coding practices in modern development pipelines. He also reflects on his career journey, from early interests to shaping security strategies and frameworks, ultimately advocating for a thoughtful integration of AI with necessary human oversight.

David Weston, Corporate Vice President of Enterprise and OS Security at Microsoft, dives into the cutting-edge intersection of AI and cybersecurity. He discusses the complexities of securing AI within Windows, reflecting on historical lessons like ActiveX. The chat highlights the crucial balance between security and extensibility in AI models, along with transformative innovations in endpoint security, such as ENTRA ID. Weston emphasizes the importance of collaboration in the cybersecurity landscape and invites listeners to actively engage with AI advancements for a safer digital future.

A strategic alliance between Microsoft and CrowdStrike aims to standardize threat actor naming for clearer communication in cybersecurity. An intriguing figure, GangExposed, emerges, revealing the identities of leaders within notorious ransomware groups. The podcast also discusses a new supply chain attack in the Ruby ecosystem that uses malicious packages to steal data. Additionally, researchers uncover the exploitation of misconfigured HashiCorp Nomad servers for unauthorized cryptocurrency mining, highlighting the critical need for robust security measures.

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Two significant crypto security breaches occurred in close succession this month, affecting both decentralized and centralized platforms. On May 22, Cetus—a decentralized exchange built on the Sui Network—was exploited via a vulnerability in its automated market maker (AMM). Meanwhile, Coinbase confirmed what it called a “targeted insider threat operation” that compromised data from less than 1% of its active monthly users.A threat group identified as “Hazy Hawk” has been systematically hijacking cloud-based DNS resources tied to well-known organizations, including the US Centers for Disease Control and Prevention (CDC), since December 2023. A newly disclosed vulnerability in Windows Server 2025, dubbed BadSuccessor, has raised major concerns among enterprise administrators managing Active Directory environments.Federal and international law enforcement, alongside a significant number of private-sector partners, have successfully dismantled the Danabot botnet in a multiyear operation aimed at neutralizing one of the more advanced malware-as-a-service (MaaS) platforms tied to Russian cybercriminal activity.

In this discussion, Joshua Hoffman, the Chief Revenue Officer at ControlCase, sheds light on transforming compliance into a strategic advantage. With a rich background in cybersecurity, he emphasizes a shift from basic compliance to dynamic risk management. Joshua explores the role of AI in navigating complex regulatory frameworks like CMMC and PCI DSS. He also evaluates how small businesses can tackle new SEC disclosures, underscoring the importance of partnerships and communication in building a robust cybersecurity strategy.

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A report from Google on how to defend against UNC3944, better known as Scattered Spider.North Korea-backed threat actor TA406 has shifted its focus to targeting Ukrainian government agencies, according to new research from Proofpoint.Since October 2024, urlscan.io has been tracking a phishing campaign known as Oriental Gudgeon, which is targeting over 40 Japanese commercial entities—mostly in the financial services sector.Apple has released a substantial batch of security updates across its software ecosystem, including iOS 18.5, iPadOS, and the latest versions of macOS. And the article Matt mentions about CISA shifting their alert distribution strategy: https://www.infosecurity-magazine.com/news/cisa-alert-strategy-email-social/

On episode 215 of the Cybersecurity Defenders Podcast, Hank Thomas, Managing Partner and Founder at Strategic Cyber Ventures, shares his journey from Army intelligence officer to cyber-focused venture capitalist. But the most pressing part of the conversation is his call for a structural overhaul in how the US military handles cyber operations.Thomas argues that cyber is no longer a niche; it is the starting point for modern conflict. Yet cyber capability remains fragmented across service branches, leading to inefficiencies, talent drain, and even internal competition for resources. He makes the case for a separate, fully resourced cyber force, similar to the creation of the Air Force and Space Force, to truly secure the digital domain.He also shares concerns about government overreliance on contractors in critical cyber roles, the need for agile decision-making authority during cyber operations, and why AI must be deployed responsibly to defend a fractured critical infrastructure landscape.

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Since March 2025, Volexity has tracked an escalation in sophisticated phishing campaigns executed by two suspected Russian threat actors, UTA0352 and UTA0355, targeting the Microsoft 365 accounts of individuals connected to Ukraine and human rights organizations. A recent security assessment by watchTowr uncovered a pre-authenticated Remote Code Execution (RCE) vulnerability in Commvault’s on-premise Backup and Recovery solution (Innovation Release 11.38.20). CISA has added two SonicWall vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, indicating an escalation in exploitation activity against the vendor’s SMA series of secure remote access appliances. Bot traffic has overtaken legitimate human use on the internet, with the latest data showing that automated traffic now accounts for 51% of all internet activity—of which 37% is classified as malicious.

In this enlightening discussion, Jonathan Haas, Product at Vanta and former co-founder of ThreatKey, shares his insights on building effective cybersecurity products. He emphasizes the importance of understanding customer pain points to identify market signals for innovation. Jonathan highlights the shift towards adaptable cybersecurity solutions in our fast-paced digital world. Additionally, he reflects on his journey from childhood tech curiosity to impactful software development, while also advocating for cohesive teamwork across disciplines to drive meaningful change.

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.During a talk at RSA, DHS Secretary Kristi Noem provided an update on the future direction of the Cybersecurity and Infrastructure Security Agency (CISA) under the new Trump administration.During the panel discussion titled “AI and Cyber Defense: Protecting Critical Infrastructure” which brought together federal research leaders to talk about how AI and automation are being leveraged to address mounting cyber risks across the U.S. critical infrastructure landscape. A new report titled The Rise of State-Sponsored Hacktivism provides a detailed analysis of how hacktivist operations have become an increasingly prominent feature of geopolitical cyber conflict.