The Defensive Line Podcast

The Defensive Line Weekly Podcast 025

13 min · Ayer
Portada del episodio The Defensive Line Weekly Podcast 025

Descripción

The Defensive Line Weekly — Episode 25 (28 June – 5 July 2026). A new CitrixBleed exploited in 24 hours; FortiBleed theft turns to ransomware; device-code phishing goes pro; AI runs ransomware end-to-end. 🤖 Voices are AI-generated. Story curation and analysis is human. A new CitrixBleed (CVE-2026-8451) * Citrix Security Bulletin CTX696604 — fixed builds [https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604] * watchTowr Labs — CitrixBleed to Infinity and Beyond: technical analysis [https://labs.watchtowr.com/citrixbleed-to-infinity-and-beyond-citrix-netscaler-pre-auth-memory-overread-cve-2026-8451/] * Field Effect — Citrix NetScaler memory disclosure: patch guidance [https://fieldeffect.com/blog/citrix-netscaler-memory-disclosure-patch] * SecurityWeek — New CitrixBleed vulnerability exploited immediately after public disclosure [https://www.securityweek.com/new-citrixbleed-vulnerability-exploited-immediately-after-public-disclosure/] FortiBleed → INC Ransom and Lynx ransomware * SOCRadar — FortiBleed: INC / Lynx ransomware link [https://socradar.io/blog/fortibleed-inc-lynx-ransomware-link/] * Dark Reading — FortiBleed actors tied to INC and Lynx ransomware gangs [https://www.darkreading.com/threat-intelligence/fortibleed-actors-inc-lynx-ransomware-gangs] * SecurityWeek — FortiBleed campaign linked to INC, Lynx ransomware attacks [https://www.securityweek.com/fortibleed-campaign-linked-to-inc-lynx-ransomware-attacks/] * BleepingComputer — FortiBleed credential theft campaign linked to Lynx ransomware [https://www.bleepingcomputer.com/news/security/fortibleed-credential-theft-campaign-linked-to-lynx-ransomware/] ARToken — device-code phishing as a service * Cisco Talos — ARToken: inside an EvilTokens affiliate panel targeting Microsoft 365 [https://blog.talosintelligence.com/artoken-inside-an-eviltokens-affiliate-panel-targeting-microsoft-365/] * Sekoia — EvilTokens: AI-augmented phishing-as-a-service for automating BEC fraud [https://blog.sekoia.io/eviltokens-an-ai-augmented-phishing-as-a-service-for-automating-bec-fraud-part-2/] * Microsoft — AI-enabled device-code phishing campaign (April 2026) [https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026/] * Microsoft Learn — Conditional Access: block authentication flows (device code) [https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-block-authentication-flows] JADEPUFFER — AI-agent-run ransomware * Sysdig — JADEPUFFER: agentic ransomware for automated database extortion [https://www.sysdig.com/blog/jadepuffer-agentic-ransomware-for-automated-database-extortion] * BleepingComputer — JADEPUFFER ransomware used AI agent to automate entire attack [https://www.bleepingcomputer.com/news/security/jadepuffer-ransomware-used-ai-agent-to-automate-entire-attack/] * SecurityWeek — Agentic AI used to conduct ransomware attack via Langflow [https://www.securityweek.com/agentic-ai-used-to-conduct-ransomware-attack-via-langflow/] Honourable mentions * Socket — PolinRider: North Korea-linked supply chain campaign expands [https://socket.dev/blog/polinrider-north-korea-linked-supply-chain-campaign-expands] * OpenSourceMalware — PolinRider rides again: North Korean attack expands across GitHub [https://opensourcemalware.com/blog/polinrider-rides-again-north-korean-attack-expands-across-github] * The Hacker News — North Korean hackers publish 108 malicious packages [https://thehackernews.com/2026/07/north-korean-hackers-publish-108.html] * The Hacker News — New ChocoPoC RAT targets vulnerability researchers [https://thehackernews.com/2026/07/new-chocopoc-rat-targets-vulnerability.html] Vulnerabilities * MSRC — CVE-2026-45659: Microsoft SharePoint RCE [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659] * The Hacker News — SharePoint RCE CVE-2026-45659 added to KEV [https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html] * Cisco — Unified Communications Manager security advisory [https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW] * SecurityWeek — Cisco confirms in-the-wild exploitation of Unified CM vulnerability [https://www.securityweek.com/cisco-confirms-in-the-wild-exploitation-of-unified-cm-vulnerability/] Subscribe * This week’s written edition — The Defensive Line Weekly #28 [https://thedefensiveline.substack.com/p/the-defensive-line-weekly-28-28-june] This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit thedefensiveline.substack.com [https://thedefensiveline.substack.com?utm_medium=podcast&utm_campaign=CTA_1]

Comentarios

0

Sé la primera persona en comentar

¡Regístrate ahora y únete a la comunidad de The Defensive Line Podcast!

Prueba gratis

Empieza 7 días de prueba

$99 / mes después de la prueba. · Cancela cuando quieras.

  • Podcasts solo en Podimo
  • 20 horas de audiolibros al mes
  • Podcast gratuitos

Todos los episodios

26 episodios

episode The Defensive Line Weekly Podcast 025 artwork

The Defensive Line Weekly Podcast 025

The Defensive Line Weekly — Episode 25 (28 June – 5 July 2026). A new CitrixBleed exploited in 24 hours; FortiBleed theft turns to ransomware; device-code phishing goes pro; AI runs ransomware end-to-end. 🤖 Voices are AI-generated. Story curation and analysis is human. A new CitrixBleed (CVE-2026-8451) * Citrix Security Bulletin CTX696604 — fixed builds [https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604] * watchTowr Labs — CitrixBleed to Infinity and Beyond: technical analysis [https://labs.watchtowr.com/citrixbleed-to-infinity-and-beyond-citrix-netscaler-pre-auth-memory-overread-cve-2026-8451/] * Field Effect — Citrix NetScaler memory disclosure: patch guidance [https://fieldeffect.com/blog/citrix-netscaler-memory-disclosure-patch] * SecurityWeek — New CitrixBleed vulnerability exploited immediately after public disclosure [https://www.securityweek.com/new-citrixbleed-vulnerability-exploited-immediately-after-public-disclosure/] FortiBleed → INC Ransom and Lynx ransomware * SOCRadar — FortiBleed: INC / Lynx ransomware link [https://socradar.io/blog/fortibleed-inc-lynx-ransomware-link/] * Dark Reading — FortiBleed actors tied to INC and Lynx ransomware gangs [https://www.darkreading.com/threat-intelligence/fortibleed-actors-inc-lynx-ransomware-gangs] * SecurityWeek — FortiBleed campaign linked to INC, Lynx ransomware attacks [https://www.securityweek.com/fortibleed-campaign-linked-to-inc-lynx-ransomware-attacks/] * BleepingComputer — FortiBleed credential theft campaign linked to Lynx ransomware [https://www.bleepingcomputer.com/news/security/fortibleed-credential-theft-campaign-linked-to-lynx-ransomware/] ARToken — device-code phishing as a service * Cisco Talos — ARToken: inside an EvilTokens affiliate panel targeting Microsoft 365 [https://blog.talosintelligence.com/artoken-inside-an-eviltokens-affiliate-panel-targeting-microsoft-365/] * Sekoia — EvilTokens: AI-augmented phishing-as-a-service for automating BEC fraud [https://blog.sekoia.io/eviltokens-an-ai-augmented-phishing-as-a-service-for-automating-bec-fraud-part-2/] * Microsoft — AI-enabled device-code phishing campaign (April 2026) [https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026/] * Microsoft Learn — Conditional Access: block authentication flows (device code) [https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-block-authentication-flows] JADEPUFFER — AI-agent-run ransomware * Sysdig — JADEPUFFER: agentic ransomware for automated database extortion [https://www.sysdig.com/blog/jadepuffer-agentic-ransomware-for-automated-database-extortion] * BleepingComputer — JADEPUFFER ransomware used AI agent to automate entire attack [https://www.bleepingcomputer.com/news/security/jadepuffer-ransomware-used-ai-agent-to-automate-entire-attack/] * SecurityWeek — Agentic AI used to conduct ransomware attack via Langflow [https://www.securityweek.com/agentic-ai-used-to-conduct-ransomware-attack-via-langflow/] Honourable mentions * Socket — PolinRider: North Korea-linked supply chain campaign expands [https://socket.dev/blog/polinrider-north-korea-linked-supply-chain-campaign-expands] * OpenSourceMalware — PolinRider rides again: North Korean attack expands across GitHub [https://opensourcemalware.com/blog/polinrider-rides-again-north-korean-attack-expands-across-github] * The Hacker News — North Korean hackers publish 108 malicious packages [https://thehackernews.com/2026/07/north-korean-hackers-publish-108.html] * The Hacker News — New ChocoPoC RAT targets vulnerability researchers [https://thehackernews.com/2026/07/new-chocopoc-rat-targets-vulnerability.html] Vulnerabilities * MSRC — CVE-2026-45659: Microsoft SharePoint RCE [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659] * The Hacker News — SharePoint RCE CVE-2026-45659 added to KEV [https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html] * Cisco — Unified Communications Manager security advisory [https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW] * SecurityWeek — Cisco confirms in-the-wild exploitation of Unified CM vulnerability [https://www.securityweek.com/cisco-confirms-in-the-wild-exploitation-of-unified-cm-vulnerability/] Subscribe * This week’s written edition — The Defensive Line Weekly #28 [https://thedefensiveline.substack.com/p/the-defensive-line-weekly-28-28-june] This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit thedefensiveline.substack.com [https://thedefensiveline.substack.com?utm_medium=podcast&utm_campaign=CTA_1]

Ayer13 min
episode The Defensive Line Weekly Podcast 024 artwork

The Defensive Line Weekly Podcast 024

The Defensive Line Weekly — Episode 24, covering 21–28 June 2026. A weekly briefing for blue teamers and security leaders: the biggest stories of the week, why they matter, and what to do next. 🤖 Voices are AI-generated. Story curation and analysis is human. Sources Cisco Catalyst SD-WAN zero-day exploited for months * Mandiant / Google Cloud — zero-day exploitation of Cisco Catalyst SD-WAN Manager [https://cloud.google.com/blog/topics/threat-intelligence/zero-day-exploitation-cisco-catalyst-sd-wan-manager] * Cisco Security Advisory — SD-WAN Manager privilege escalation [https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-4uxFrdzx] * The Hacker News [https://thehackernews.com/2026/06/cisco-catalyst-sd-wan-zero-day-cve-2026.html] * SecurityWeek [https://www.securityweek.com/cisco-sd-wan-zero-day-exploited-months-before-patching/] Amazon Q Developer flaw — malicious repos and cloud credential theft * Wiz — Amazon Q vulnerability [https://www.wiz.io/blog/amazon-q-vulnerability] * AWS Security Bulletin [https://aws.amazon.com/security/security-bulletins/2026-047-aws/] * The Hacker News [https://thehackernews.com/2026/06/amazon-q-developer-flaw-could-let.html] * SecurityWeek [https://www.securityweek.com/amazon-q-flaw-enabled-cloud-credential-theft-via-malicious-repositories/] “BadBlocker” — 11M-install ad blocker that can run code anywhere * Island — BadBlocker research [https://www.island.io/blog/badblocker-11-million-users-one-server-call-away-from-compromise] * The Hacker News [https://thehackernews.com/2026/06/chrome-ad-blocker-with-10m-installs.html] Russian intelligence targeting Signal backup recovery keys * FBI / IC3 Public Service Announcement [https://www.ic3.gov/PSA/2026/PSA260626] * CISA advisory [https://www.cisa.gov/resources-tools/resources/russian-intelligence-services-continue-target-commercial-messaging-applications] * The Hacker News [https://thehackernews.com/2026/06/fbi-warns-russian-intelligence-hackers.html] * The Record [https://therecord.media/russia-ukraine-social-engineering-messaging-accounts] Operation Endgame — SocGholish, Amadey and StealC takedown * Europol [https://www.europol.europa.eu/media-press/newsroom/news/global-cyber-strike-disrupts-socgholish-amadey-and-stealc-malware-networks] * Microsoft Security Blog [https://www.microsoft.com/en-us/security/blog/2026/06/24/stealc-and-amadey-breaking-down-infostealers-and-the-cybercrime-services-that-deliver-them/] * The Hacker News [https://thehackernews.com/2026/06/amadey-and-stealc-malware-network.html] * Wired — LastPass user data stolen again [https://www.wired.com/story/security-news-this-week-lastpass-users-had-their-data-stolen-again/] Honourable mentions & vulnerability roundup * The Register — “Miasma” npm supply-chain campaign [https://www.theregister.com/security/2026/06/26/miasma_campaign_npm/] * Novee Security — “Cordyceps” CI/CD weakness [https://novee.security/blog/cordyceps/] * The Hacker News — Cordyceps exposes 300+ GitHub repos [https://thehackernews.com/2026/06/cordyceps-cicd-flaws-expose-300-github.html] * Microsoft — photo-zip campaign targeting hospitality [https://www.microsoft.com/en-us/security/blog/2026/06/25/photo-zip-campaign-targeting-hospitality/] * The Hacker News — “Gaslight” macOS stealer with prompt injection [https://thehackernews.com/2026/06/new-gaslight-macos-malware-uses-prompt.html] * BleepingComputer — CISA deadline for exploited Cisco CUCM flaw [https://www.bleepingcomputer.com/news/security/cisa-sets-urgent-deadline-to-fix-cisco-flaw-exploited-in-attacks/] * Dark Reading — attackers weaponise Cisco CUCM flaw [https://www.darkreading.com/cyberattacks-data-breaches/less-than-24-hours-attackers-weaponize-cisco-cucm-flaw] * The Hacker News — CISA adds exploited PTC Windchill RCE [https://thehackernews.com/2026/06/cisa-adds-exploited-ptc-windchill-rce.html] * The Hacker News — “DirtyClone” Linux kernel flaw [https://thehackernews.com/2026/06/new-dirtyclone-linux-kernel-flaw-lets.html] * The Hacker News — Linux “pedit” copy-on-write exploit [https://thehackernews.com/2026/06/new-linux-pedit-cow-exploit-enables.html] This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit thedefensiveline.substack.com [https://thedefensiveline.substack.com?utm_medium=podcast&utm_campaign=CTA_1]

1 de jul de 202617 min
episode The Defensive Line Weekly Podcast 023 artwork

The Defensive Line Weekly Podcast 023

The Defensive Line Weekly podcast is the audio version of the weekly Defensive Line Substack intelligence summary. Written by humans but read by AI. It turns the week’s key cyber stories into a practical conversation between Carter and Lizzie. FortiBleed and edge credential exposure * CISA — CISA urges hardening Fortinet devices after reports of credential exposure [https://www.cisa.gov/news-events/alerts/2026/06/18/cisa-urges-hardening-fortinet-devices-after-reports-credential-exposure] * NCSC — Advice following global targeting of Fortinet firewalls and VPN gateways [https://www.ncsc.gov.uk/news/advice-following-global-targeting-of-fortinet-firewalls-and-vpn-gateways] * The Hacker News — CISA warns Fortinet customers as compromised credentials leak [https://thehackernews.com/2026/06/cisa-warns-fortinet-customers-as.html] Klue, OAuth tokens and SaaS integration risk * Huntress — Klue breach investigation [https://www.huntress.com/blog/klue-breach-investigation] * Klue — Update on recent Klue security incident [https://klue.com/blog/an-update-on-recent-klue-security-incident] * The Hacker News — Salesforce disables Klue app [https://thehackernews.com/2026/06/salesforce-disables-klue-app.html] * BleepingComputer — Klue OAuth breach linked to Icarus Salesforce data theft attacks [https://www.bleepingcomputer.com/news/security/klue-oauth-breach-linked-to-icarus-salesforce-data-theft-attacks/] Mastra, AutoJack and trusted tooling * Microsoft Threat Intelligence — Postinstall payload inside Mastra npm supply chain compromise [https://www.microsoft.com/en-us/security/blog/2026/06/17/postinstall-payload-inside-mastra-npm-supply-chain-compromise/] * Microsoft Defender Security Research — AutoJack: single-page RCE on host running AI agent [https://www.microsoft.com/en-us/security/blog/2026/06/18/autojack-single-page-rce-host-running-ai-agent/] * BleepingComputer — Microsoft links Mastra AI supply-chain attack to North Korean hackers [https://www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/] * The Hacker News — 144 Mastra npm packages compromised [https://thehackernews.com/2026/06/144-mastra-npm-packages-compromised-via.html] * The Hacker News — AutoJack attack lets one web page execute code [https://thehackernews.com/2026/06/autojack-attack-lets-one-web-page.html] * BleepingComputer — Microsoft fixes AutoGen Studio flaw [https://www.bleepingcomputer.com/news/security/microsoft-fixes-autogen-studio-flaw-that-enabled-code-execution/] Honourable mentions * ESET Research — Killing me gently: inside Gentlemen’s EDR killer framework [https://www.welivesecurity.com/en/eset-research/killing-me-gently-inside-gentlemens-edr-killer-framework/] * The Hacker News — F5 patches two critical NGINX Open Source flaws [https://thehackernews.com/2026/06/f5-patches-two-critical-nginx-open.html] * The Hacker News — Hackers exploit Gravity SMTP WordPress plugin [https://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html] * Dark Reading — Novo Nordisk breach exposes dev pipeline risk [https://www.darkreading.com/cyber-risk/novo-nordisk-breach-exposes-dev-pipeline-risk] * The Hacker News — Operation Endgame disrupts SocGholish [https://thehackernews.com/2026/06/operation-endgame-disrupts-socgholish.html] * The Hacker News — AryStinger malware infects legacy D-Link routers [https://thehackernews.com/2026/06/arystinger-malware-infects-4300-legacy.html] This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit thedefensiveline.substack.com [https://thedefensiveline.substack.com?utm_medium=podcast&utm_campaign=CTA_1]

24 de jun de 202612 min
episode The Defensive Line Weekly Podcast 022 artwork

The Defensive Line Weekly Podcast 022

The Defensive Line Weekly podcast is the audio version of the weekly Defensive Line Substack intelligence summary — the same curated briefing for blue teamers and security leaders, in a format you can listen to on the move. This week: PeopleSoft zero-day hits universities; AUR packages hijacked; AI agents turn ordinary inputs into code paths. ShinyHunters / Oracle PeopleSoft Oracle Security Alert [https://www.oracle.com/security-alerts/alert-cve-2026-35273.html] Google Cloud / Mandiant [https://cloud.google.com/blog/topics/threat-intelligence/shinyhunters-targets-education-sector-oracle-exploit/] Rapid7 [https://www.rapid7.com/blog/post/etr-active-exploitation-of-oracle-peoplesoft-zero-day-cve-20273/] Dark Reading [https://www.darkreading.com/vulnerabilities-threats/shinyhunters-oracle-zero-day-higher-ed] The Record [https://therecord.media/university-of-nottingham-cyber-incident-shiny-hunters] Software supply chain — Arch AUR and npm The Hacker News — Arch AUR [https://thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html] The Hacker News — GitHub / npm [https://thehackernews.com/2026/06/github-to-disable-npm-install-scripts.html] AI agents as attack surface Check Point Research — LangGraph [https://research.checkpoint.com/2026/from-sqli-to-rce-exploiting-langgraphs-checkpointer/] Field Effect — Langflow [https://fieldeffect.com/blog/langflow-flaw-active-exploitation-no-patch] The Hacker News — Agentjacking [https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html] The Hacker News — OpenClaw [https://thehackernews.com/2026/06/new-attacks-trick-openclaw-ai-agent.html] Honourable mentions The Hacker News — The Gentlemen ransomware [https://thehackernews.com/2026/06/the-gentlemen-ransomware-claims-478.html] PRODAFT — Inside the Phantom Mantis Operation [https://catalyst.prodaft.com/public/report/inside-the-phantom-mantis-operation/overview] The Hacker News — Velvet Ant [https://thehackernews.com/2026/06/china-linked-hackers-backdoored-linux.html] Sekoia — APT28 [https://blog.sekoia.io/apt28-an-evolution-of-tradecraft/] Splunk Advisory [https://advisory.splunk.com/advisories/SVD-2026-0603] Ivanti Security Advisory [https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US] The Record — Great Marlow School [https://therecord.media/british-school-sends-students-home-cyberattack] The Register — Plymouth City Council [https://www.theregister.com/security/2026/06/12/plymouth-council-exposes-hundreds-in-latest-local-government-email-gaffe/5254707] The Register — Novo Nordisk [https://www.theregister.com/security/2026/06/12/novo-nordisk-says-hackers-stole-clinical-trial-data/5254812] The Hacker News — Google smishing lawsuit [https://thehackernews.com/2026/06/google-sues-chinese-smishing-network.html] This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit thedefensiveline.substack.com [https://thedefensiveline.substack.com?utm_medium=podcast&utm_campaign=CTA_1]

17 de jun de 202612 min
episode The Defensive Line Weekly Podcast 021 artwork

The Defensive Line Weekly Podcast 021

The Defensive Line Weekly podcast is the audio version of our weekly Defensive Line Substack intelligence summary — the same curated briefing for blue teamers and security leaders, in a format you can listen to on the move. This week: A self-spreading supply chain worm hits npm, PyPI and GitHub; AI turns up as both an attacker’s tool and an attack surface; and a five-month email espionage campaign against a stock-exchange executive. Supply chain worm (Miasma / Shai-Hulud) * Microsoft [https://www.microsoft.com/en-us/security/blog/2026/06/02/preinstall-persistence-inside-red-hat-npm-miasma-credential-stealing-campaign/] * Socket [https://socket.dev/blog/shai-hulud-descends-to-hades-miasma-pypi-wave] * The Hacker News [https://thehackernews.com/2026/06/miasma-worm-hits-73-microsoft-github.html] * Dark Reading — IronWorm [https://www.darkreading.com/cyberattacks-data-breaches/rust-written-ironworm-npm-supply-chain] (further reading) AI on both sides — Meta AI support bot & EDR evasion * KrebsOnSecurity [https://krebsonsecurity.com/2026/06/hackers-used-metas-ai-support-bot-to-seize-instagram-accounts/] * Check Point [https://blog.checkpoint.com/ai-security/the-meta-ai-account-recovery-incident-wasnt-just-a-chatbot-problem/] * Sophos [https://www.sophos.com/en-us/blog/pointing-a-cursor-at-evading-detection] * Dark Reading [https://www.darkreading.com/endpoint-security/attackers-automate-edr-evasion-testing] Five-month email espionage * Symantec Threat Hunter Team [https://www.security.com/threat-intelligence/stock-exchange-espionage] * Dark Reading [https://www.darkreading.com/cyberattacks-data-breaches/global-stock-exchange-hit-monthslong-email-campaign] Honourable mentions * Google Gemini voice assistant — Dark Reading [https://www.darkreading.com/application-security/malicious-notifications-could-trick-google-gemini-users] * Claude Code GitHub Action — Microsoft [https://www.microsoft.com/en-us/security/blog/2026/06/05/securing-ci-cd-in-agentic-world-claude-code-github-action-case/] * FFmpeg — 21 vulnerabilities — The Hacker News [https://thehackernews.com/2026/06/ai-agent-uncovers-21-zero-days-in.html] * Palo Alto Networks PAN-OS — Unit 42 [https://unit42.paloaltonetworks.com/active-exploitation-of-pan-os-cve-2026-0257/] * Palo Alto Networks advisory [https://security.paloaltonetworks.com/CVE-2026-0257] * SolarWinds Serv-U — The Hacker News [https://thehackernews.com/2026/06/cisa-adds-actively-exploited-solarwinds.html] This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit thedefensiveline.substack.com [https://thedefensiveline.substack.com?utm_medium=podcast&utm_campaign=CTA_1]

11 de jun de 202612 min