The Defensive Line Podcast
The Defensive Line Weekly — Episode 25 (28 June – 5 July 2026). A new CitrixBleed exploited in 24 hours; FortiBleed theft turns to ransomware; device-code phishing goes pro; AI runs ransomware end-to-end. 🤖 Voices are AI-generated. Story curation and analysis is human. A new CitrixBleed (CVE-2026-8451) * Citrix Security Bulletin CTX696604 — fixed builds [https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604] * watchTowr Labs — CitrixBleed to Infinity and Beyond: technical analysis [https://labs.watchtowr.com/citrixbleed-to-infinity-and-beyond-citrix-netscaler-pre-auth-memory-overread-cve-2026-8451/] * Field Effect — Citrix NetScaler memory disclosure: patch guidance [https://fieldeffect.com/blog/citrix-netscaler-memory-disclosure-patch] * SecurityWeek — New CitrixBleed vulnerability exploited immediately after public disclosure [https://www.securityweek.com/new-citrixbleed-vulnerability-exploited-immediately-after-public-disclosure/] FortiBleed → INC Ransom and Lynx ransomware * SOCRadar — FortiBleed: INC / Lynx ransomware link [https://socradar.io/blog/fortibleed-inc-lynx-ransomware-link/] * Dark Reading — FortiBleed actors tied to INC and Lynx ransomware gangs [https://www.darkreading.com/threat-intelligence/fortibleed-actors-inc-lynx-ransomware-gangs] * SecurityWeek — FortiBleed campaign linked to INC, Lynx ransomware attacks [https://www.securityweek.com/fortibleed-campaign-linked-to-inc-lynx-ransomware-attacks/] * BleepingComputer — FortiBleed credential theft campaign linked to Lynx ransomware [https://www.bleepingcomputer.com/news/security/fortibleed-credential-theft-campaign-linked-to-lynx-ransomware/] ARToken — device-code phishing as a service * Cisco Talos — ARToken: inside an EvilTokens affiliate panel targeting Microsoft 365 [https://blog.talosintelligence.com/artoken-inside-an-eviltokens-affiliate-panel-targeting-microsoft-365/] * Sekoia — EvilTokens: AI-augmented phishing-as-a-service for automating BEC fraud [https://blog.sekoia.io/eviltokens-an-ai-augmented-phishing-as-a-service-for-automating-bec-fraud-part-2/] * Microsoft — AI-enabled device-code phishing campaign (April 2026) [https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026/] * Microsoft Learn — Conditional Access: block authentication flows (device code) [https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-block-authentication-flows] JADEPUFFER — AI-agent-run ransomware * Sysdig — JADEPUFFER: agentic ransomware for automated database extortion [https://www.sysdig.com/blog/jadepuffer-agentic-ransomware-for-automated-database-extortion] * BleepingComputer — JADEPUFFER ransomware used AI agent to automate entire attack [https://www.bleepingcomputer.com/news/security/jadepuffer-ransomware-used-ai-agent-to-automate-entire-attack/] * SecurityWeek — Agentic AI used to conduct ransomware attack via Langflow [https://www.securityweek.com/agentic-ai-used-to-conduct-ransomware-attack-via-langflow/] Honourable mentions * Socket — PolinRider: North Korea-linked supply chain campaign expands [https://socket.dev/blog/polinrider-north-korea-linked-supply-chain-campaign-expands] * OpenSourceMalware — PolinRider rides again: North Korean attack expands across GitHub [https://opensourcemalware.com/blog/polinrider-rides-again-north-korean-attack-expands-across-github] * The Hacker News — North Korean hackers publish 108 malicious packages [https://thehackernews.com/2026/07/north-korean-hackers-publish-108.html] * The Hacker News — New ChocoPoC RAT targets vulnerability researchers [https://thehackernews.com/2026/07/new-chocopoc-rat-targets-vulnerability.html] Vulnerabilities * MSRC — CVE-2026-45659: Microsoft SharePoint RCE [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659] * The Hacker News — SharePoint RCE CVE-2026-45659 added to KEV [https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html] * Cisco — Unified Communications Manager security advisory [https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW] * SecurityWeek — Cisco confirms in-the-wild exploitation of Unified CM vulnerability [https://www.securityweek.com/cisco-confirms-in-the-wild-exploitation-of-unified-cm-vulnerability/] Subscribe * This week’s written edition — The Defensive Line Weekly #28 [https://thedefensiveline.substack.com/p/the-defensive-line-weekly-28-28-june] This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit thedefensiveline.substack.com [https://thedefensiveline.substack.com?utm_medium=podcast&utm_campaign=CTA_1]
26 episodios
Comentarios
0Sé la primera persona en comentar
¡Regístrate ahora y únete a la comunidad de The Defensive Line Podcast!