Intel Chat: Hijacked AI backends, billboard hacks, Cursor DuneSlide & Claude export controls [336]
Show notes
Intel Chat with Matt Bromiley and Chris Luft.
Matt and Chris break down four stories from the week in threat intel:
• Zenity researchers observed three campaigns where attackers hijacked internet-exposed AI inference endpoints (Ollama, LiteLLM) as free model backends for offensive operations — including the Strix and HexStrike-AI pentesting frameworks and a Codex agent posing as a "security auditor" — enabled by no-auth defaults and placeholder API keys.
https://www.darkreading.com/cloud-security/attackers-hijack-exposed-ai-endpoints-power-offensive-ops
• A CISA advisory on Daktronics controllers behind scoreboards, digital billboards and highway signs: unauthenticated path traversal, arbitrary file upload and default admin credentials chaining to root-level control, found and responsibly disclosed by a Princeton undergrad.
• Cato's "DuneSlide" (CVE-2026-50548 / CVE-2026-50549) — two critical Cursor flaws where a single prompt injection escapes the terminal sandbox and executes arbitrary commands on a developer's machine; patched in Cursor 3.0.
https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html
• Anthropic restoring worldwide Claude Fable 5 access after the US Commerce Department lifted emergency export controls triggered by a jailbreak — plus what it means for AI governance, open-source model catch-up and the data center debate.
https://thehackernews.com/2026/07/anthropic-restores-claude-fable-5-after.html
Chapters:
0:00 Intro & catching up
1:17 Attackers hijacking exposed AI backends (Ollama & LiteLLM)
9:18 CISA advisory: billboard & highway sign controllers
13:46 Cursor "DuneSlide" prompt-injection sandbox escape
20:34 Claude Fable 5 export controls lifted
28:17 Data centers, nuclear déjà vu & the AI race
33:39 Wrap-up
The Cybersecurity Defenders Podcast — a podcast about cybersecurity and the people that keep the internet safe. New episodes drop weekly.
Learn more about LimaCharlie: https://limacharlie.io
#cybersecurity #infosec #threatintel #AIsecurity #promptinjection
← Previous
Intel Chat: Cisco CUCM exploited, ransomware profiles, Gamaredon & AI agent phishing [335]