Intel Chat: Cisco CUCM exploited, ransomware profiles, Gamaredon & AI agent phishing [335]
Show notes
Intel Chat with Matt Bromiley and Chris Luft.
Matt and Chris break down four stories from the week in threat intel:
• Cisco CUCM (CVE-2026-20230) — a web-dialer SSRF that chains to root-level RCE, exploited in the wild less than 24 hours after the PoC and full exploit chain were published.
• The latest Ransomware Tool Matrix (RTM) / Ransomware Vulnerability Matrix (RVM) update, profiling three active groups — The Gentlemen, DragonForce and Warlock — and the BYOVD and legit-admin-tool tradecraft they increasingly share.
• Gamaredon's upgraded toolkit against Ukraine (per ESET): new PowerShell downloaders like PteroPaste, Cloudflare tunneling and Workers for C2, and exfiltration to trusted cloud storage such as Amazon S3 and Dropbox.
• Varonis Threat Labs phishing an AI email agent ("Pinchy") — why agents spot technical phishing better than humans yet hand over credentials to a convincing social request, and why you should treat them as privileged junior employees.
Chapters:
0:00 Intro & catching up
2:25 Cisco CUCM exploited within 24h of the PoC
9:57 Ransomware Tool Matrix: The Gentlemen, DragonForce & Warlock
15:44 Gamaredon's upgraded TTPs against Ukraine
22:18 Can AI email agents be phished?
28:08 Wrap-up: Black Hat plans & the LimaCharlie suite
The Cybersecurity Defenders Podcast — a podcast about cybersecurity and the people that keep the internet safe. New episodes drop weekly.
Subscribe wherever you listen:
• Spotify: https://open.spotify.com/show/6ep00zeY3S8ffZ4o0UeSps
• Apple Podcasts: https://podcasts.apple.com/us/podcast/the-cybersecurity-defenders-podcast/id1649981740
• YouTube: https://www.youtube.com/@limacharlieio
Learn more about LimaCharlie: https://limacharlie.io
#cybersecurity #infosec #threatintel #ransomware #DFIR