An accessible but technical podcast about cybersecurity and the people who keep the internet safe. The podcast is built as a series of segments: we will be looking back at the last couple of weeks in cybersecurity news, talking to different people in the industry about areas of their expertise, we're going to break apart some of the TTPs being used by adversaries, and we will even cover a little bit of hacker history.
Listen to episodes
60 recent
June 15, 2026Episode 33128 min
FFmpeg's 21 zero-days, Ruby cooldown feature, Microsoft disrupted by Shai-Hulud worm & Meta AI tool compromise / Intel Chat [#331]
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.DepthFirst reported that it's autonomous security agent discovered 21 previously unknown vulnerabilities in FFmpeg, a widely deployed multimedia framework used across browsers, streaming infrastructure, and other systems that process media. Bundler, 4.0.13 introduces a new security feature called cooldown, aimed at reducing the impact of software supply chain attacks in the Ruby ecosystem. A new variant of the Shai-Hulud supply chain worm, known as Miasma, briefly disrupted Microsoft's software development ecosystem after compromising dozens of GitHub repositories.Meta says approximately 20,000 Instagram accounts may have been compromised through the abuse of an AI powered account recovery support system.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.
June 12, 2026Episode 33032 min
AI-assisted SOC training with Carlo Anez / Defender Fridays [#330]
Join us for this week's Defender Fridays as Carlo Anez, Founder and Lead Instructor at IgniteCyber Academy and DEFCON Training Instructor, breaks down how to build practical blue team skills using open-source labs, MITRE ATTACK, and real-world defender workflows, and where AI fits into the picture without replacing the analyst.At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.What We'll DiscussIn this episode, Carlo Anez draws on years of SOC operations, detection engineering, and cybersecurity instruction to make the case for hands-on, open-source training as the foundation for developing confident, capable defenders.Key Topics:Why cybersecurity training must move beyond passive learning and into real defender workflowsHow the OpenSOC initiative uses open-source tools like Wazuh, MISP, The Hive, and TimeSketch to simulate a small-scale fusion center environmentHow open-source stacks build transferable skills that translate to enterprise platforms like Splunk and LimaCharlieWhere AI fits in the SOC: summarizing noisy alerts, mapping activity to MITRE ATT&CK, drafting investigation questions, and improving report clarityWhy AI literacy means knowing how to validate AI output against evidence, not just knowing how to write promptsWhy the analyst owns the evidence, the decision, and the communicationHow the DEF CON boot camp and online pilot program structure five days of scenario-based training around a final analyst report and CTF capstoneAbout Our GuestCarlo Anez is the Founder and Lead Instructor at IgniteCyber Academy and a DEFCON Training Instructor. He spent five years at Rapid7 doing detection engineering, threat hunting, and DFIR workflows, and has supported SOC operations, government contractors, and projects with DARPA, the US Army, and the US Navy. He currently creates SOC-focused content with TCM Security and leads Blue Team Village at DEF CON, where he also presents and trains annually.Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you, our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes on our website!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, the Agentic SecOps Workspace (ASW), where AI agents operate security infrastructure using the same controls and authority as human analysts, with every action visible, governed, and auditable.Why LimaCharlie?Eliminate vendor sprawl and tool complexityDeploy and scale effortlessly on native multi-tenant architectureReduce costs with intelligent data routing and free 1-year retentionBuild custom solutions with 100+ security capabilities on-demandAccelerate response with agentic AI that acts directly within predefined workflowsTry the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.ioFollow LimaCharlieSign up for free: https://limacharlie.ioLinkedIn: / limacharlieioX: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - Founder at LimaCharlieGuest: Carlo Anez - Founder & Lead Instructor at IgniteCyber Academy
June 5, 2026Episode 32930 min
Building practical blue team skills using AI-assisted SOC training with Bobby Ford/ Defender Fridays [#329]
Join us for this week's Defender Fridays as Bobby Ford, Chief Strategy and Experience Officer at Doppel, talks about open-source labs, MITRE ATT&CK, and real-world defender workflows.At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.About Our GuestBobby is a globally recognized cybersecurity “geek” with almost three decades of experience, including the last 14 years as a CISO, protecting some of the world’s most complex and operationally intensive enterprises. His career began in the military as a founding member of the Pentagon Computer Incident Response Team. Bobby built and led cybersecurity programs in the Aerospace and Defense industry. He was the first CISO at Exelis Inc. and was the architect of ITT’s global cybersecurity audit function under DOJ oversight.Transitioning from public to private sector, Bobby served as the first CISO at Abbott Labs, was CISO for Unilever, and most recently was SVP and Chief Security Officer at Hewlett Packard Enterprise (HPE). Known for his collaborative style and empathetic leadership, Bobby fosters an inclusive culture that empowers entire security organizations to excel.Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you, our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes on our website!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, the Agentic SecOps Workspace (ASW), where AI agents operate security infrastructure using the same controls and authority as human analysts, with every action visible, governed, and auditable.Why LimaCharlie?Eliminate vendor sprawl and tool complexityDeploy and scale effortlessly on native multi-tenant architectureReduce costs with intelligent data routing and free 1-year retentionBuild custom solutions with 100+ security capabilities on-demandAccelerate response with agentic AI that acts directly within predefined workflowsTry the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.ioFollow LimaCharlieSign up for free: https://limacharlie.ioLinkedIn: / limacharlieioX: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - Founder at LimaCharlieGuest: Charles Grandjean - CTO and Co-founder at Hexiagon AI
June 1, 2026Episode 32829 min
"Megalodon" Malware in GitHub, Malware-Slop steals from Claude AI, 7-Eleven breach & CISA cPanel vulnerability / Intel Chat [#328]
Originally recorded: Friday May 29, 2026In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A large-scale software supply chain attack dubbed “Megalodon” infected thousands of GitHub repositories with credential-stealing malware in a highly automated campaign that unfolded over a six-hour period on May 18, 2026.Researchers from OX Security have identified a malicious npm package named “mouse5212-super-formatter” that was designed to steal files from Anthropic Claude AI environments by targeting the “/mnt/user-data” directory.Convenience store giant 7-Eleven disclosed a data breach tied to an attack that occurred on April 8, 2026, involving systems that contained franchise-related documents. SecurityWeek article Matt references.CISA has issued an urgent warning about a critical vulnerability in the LiteSpeed cPanel Plugin, tracked as CVE-2026-48172, which is already being actively exploited in the wild.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.
May 30, 2026Episode 32730 min
From PentestGPT to production: The state of AI-assisted offensive security with Charles Grandjean / Defender Fridays [#327]
Join us for this week's Defender Fridays as Charles Grandjean, CTO and Co-founder at Hexiagon AI, breaks down where AI-assisted pen testing actually stands today and what it means for both red teams and defenders.At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.What We'll DiscussIn this episode, Charles Grandjean draws on his experience building an AI-powered continuous pen testing platform to trace how LLM capabilities have evolved for offensive security, and what the rise of autonomous attack tooling means for defenders.Key Topics:How AI pen testing has progressed from unreliable single commands to chaining complex attack sequencesWhy the last six months marked a turning point in LLM planning and long-context reasoningWhen to use in-context learning and RAG versus fine-tuning, and why most teams should start with the formerWhy privacy considerations push serious pen testing operations toward self-hosted modelsHow the balance between model control and code control has shifted as models have improvedWhy unrestricted and fine-tuned open-weights models are lowering the barrier for malicious actorsWhat automated offense means for defense teams and why the response needs to match the scale of the threatAbout Our GuestCharles Grandjean is the CTO and Co-founder of Hexiagon AI, a company focused on automating penetration testing through AI to enable continuous, around-the-clock security validation. He has been building and iterating on AI-assisted offensive tooling for the past two years, tracking the evolution of LLM capabilities firsthand from early prototype to production system.Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you, our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes on our website!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, the Agentic SecOps Workspace (ASW), where AI agents operate security infrastructure using the same controls and authority as human analysts, with every action visible, governed, and auditable.Why LimaCharlie?Eliminate vendor sprawl and tool complexityDeploy and scale effortlessly on native multi-tenant architectureReduce costs with intelligent data routing and free 1-year retentionBuild custom solutions with 100+ security capabilities on-demandAccelerate response with agentic AI that acts directly within predefined workflowsTry the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.ioFollow LimaCharlieSign up for free: https://limacharlie.ioLinkedIn: / limacharlieioX: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - Founder at LimaCharlieGuest: Charles Grandjean - CTO and Co-founder at Hexiagon AI
Originally recorded: Friday May 22, 2026In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.GitHub has confirmed that roughly 3,800 internal repositories were accessed in a supply chain compromise tied to the hacking group TeamPCP.China-aligned threat actor Webworm has shifted its targeting focus from Asia to Europe, according to new research published by ESET.Researchers uncovered a previously undocumented Microsoft 365 account takeover panel that integrates directly with Evilginx Pro infrastructure to streamline token theft and post-compromise operations.European and North American law enforcement agencies announced the dismantling of “First VPN,” a VPN service allegedly built to support cybercriminal activity including ransomware operations, data theft, scanning, and denial-of-service attacks.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.
May 22, 2026Episode 32532 min
How analysts use cognitive reasoning in investigations with Chris Sanders / Defender Fridays [#325]
Join us for this week's Defender Fridays as Chris Sanders, Founder at Applied Network Defense and the Rural Technology Fund, breaks down how analysts actually think through investigations and what separates high performers from the rest.At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.What We'll DiscussIn this episode, Chris Sanders draws on his background in security operations and cognitive psychology to explore how metacognition shapes investigative performance, and why understanding how you think is one of the most underleveraged skills in the SOC.Key Topics:Why high-performing analysts ask better questions instead of starting with large chunks of dataHow diagnostic inquiry (DINQ) was developed by studying senior analysts in actionWhat separates one year of experience repeated twenty times from genuinely diverse experienceWhy tacit knowledge makes it hard to train new analysts and what to do about itHow AI fits into the investigative process and where humans still need to be in the loopWhy cybersecurity education has a transfer problem and what other fields like medicine get rightWhat good SOCs have in common and why it comes down to metacognitive awarenessAbout Our GuestChris Sanders is the Founder of Applied Network Defense, a training company focused on analyst and investigative roles, and the Rural Technology Fund, an organization that supports technology education in rural and underserved communities. He holds a doctorate in education and has spent his career at the intersection of cybersecurity and cognitive psychology, including time at school districts, the federal government, and Mandiant.Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you, our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes on our website!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, the Agentic SecOps Workspace (ASW), where AI agents operate security infrastructure using the same controls and authority as human analysts, with every action visible, governed, and auditable.Why LimaCharlie?Eliminate vendor sprawl and tool complexityDeploy and scale effortlessly on native multi-tenant architectureReduce costs with intelligent data routing and free 1-year retentionBuild custom solutions with 100+ security capabilities on-demandAccelerate response with agentic AI that acts directly within predefined workflowsTry the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.ioFollow LimaCharlieSign up for free: https://limacharlie.ioLinkedIn: / limacharlieioX: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - Founder at LimaCharlieGuest: Chris Sanders - Founder at Applied Network Defense & Rural Technology Fund
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Researchers have disclosed a new Linux local privilege escalation technique called “Dirty Frag,” which chains together two kernel vulnerabilities: CVE-2026-43284 in xfrm-ESP handling and CVE-2026-43500 in RxRPC.The breach affecting educational technology provider Instructure has raised broader concerns about the security dependencies schools have on third-party cloud platforms.Security researchers at Aikido are tracking a major expansion of the “Mini Shai-Hulud” malware campaign targeting the npm ecosystem.Google Threat Intelligence Group says threat actors are moving from experimental AI usage toward large-scale operational integration of generative models across the cyberattack lifecycle.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.
May 13, 2026Episode 32225 min
Does the rise of AI mean human-led SOCs are obsolete? With Dr. Adeel Shaikh Muhammad [#322]
Dr. Adeel Shaikh Muhammad, a cybersecurity strategist and global speaker with over 16 years of experience across information security, networks, and systems. Adeel brings a practical perspective on how organizations can adapt to evolving cyber threats and the growing role of AI in cybersecurity. Adeel, with an extraordinary portfolio of 40+ industry certifications, including CISSP, CISM, CISA, CCISO, PMP, CEH, ISO 27001 Lead Implementer & Auditor, and a robust suite of advanced Cisco, Microsoft, Fortinet, Barracuda, ITIL, PRINCE2, and AI-related credentials, he is a benchmark of technical mastery and visionary execution. His academic excellence includes a Master’s in Cybersecurity and a current Doctorate in Business Administration (DBA) focused on the impact of AI in Security Operations Centers (SOCs) in the Gulf region.Adeel is the author of two acclaimed books—“AI-Driven Transformation of Security Operations Center (SOC)” and “AI and Us: The Ethical Choices”—bridging the critical intersection of AI innovation and ethical leadership.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.The cyber threat environment in the Middle East has intensified sharply following military operations involving Israel, the United States, and Iran. An intrusion campaign attributed with moderate confidence to the Iranian state-linked group MuddyWater was disguised as a Chaos ransomware attack, according to research from Rapid7.Palo Alto Networks has warned customers that a critical remote code execution vulnerability in PAN-OS is being actively exploited in the wild.Attackers are abusing Microsoft’s Phone Link application in a campaign that Cisco Talos says has been active since January. Report here.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.
Is this your show?
Claim this listing to keep it up to date, reach guests who want to pitch you, and manage bookings with Guestify.
