![]() |
The Cybersecurity Defenders PodcastAuthor: LimaCharlie
An accessible but technical podcast about cybersecurity and the people who keep the internet safe. The podcast is built as a series of segments: we will be looking back at the last couple of weeks in cybersecurity news, talking to different people in the industry about areas of their expertise, we're going to break apart some of the TTPs being used by adversaries, and we will even cover a little bit of hacker history. Language: en-us Genres: News, Tech News, Technology Contact email: Get it Feed URL: Get it iTunes ID: Get it Trailer: |
Listen Now...
Intel Chat: Hijacked AI backends, billboard hacks, Cursor DuneSlide & Claude export controls [336]
Episode 336
Friday, 3 July, 2026
Intel Chat with Matt Bromiley and Chris Luft.Matt and Chris break down four stories from the week in threat intel:• Zenity researchers observed three campaigns where attackers hijacked internet-exposed AI inference endpoints (Ollama, LiteLLM) as free model backends for offensive operations — including the Strix and HexStrike-AI pentesting frameworks and a Codex agent posing as a "security auditor" — enabled by no-auth defaults and placeholder API keys.https://www.darkreading.com/cloud-security/attackers-hijack-exposed-ai-endpoints-power-offensive-ops• A CISA advisory on Daktronics controllers behind scoreboards, digital billboards and highway signs: unauthenticated path traversal, arbitrary file upload and default admin credentials chaining to root-level control, found and responsibly disclosed by a Princeton undergrad.https://www.securityweek.com/new-controller-flaws-expose-highway-signs-and-billboards-to-remote-hacking/• Cato's "DuneSlide" (CVE-2026-50548 / CVE-2026-50549) — two critical Cursor flaws where a single prompt injection escapes the terminal sandbox and executes arbitrary commands on a developer's machine; patched in Cursor 3.0.https://thehackernews.com/2026/07/critical-cursor-flaws-could-let-prompt.html• Anthropic restoring worldwide Claude Fable 5 access after the US Commerce Department lifted emergency export controls triggered by a jailbreak — plus what it means for AI governance, open-source model catch-up and the data center debate.https://thehackernews.com/2026/07/anthropic-restores-claude-fable-5-after.htmlChapters:0:00 Intro & catching up1:17 Attackers hijacking exposed AI backends (Ollama & LiteLLM)9:18 CISA advisory: billboard & highway sign controllers13:46 Cursor "DuneSlide" prompt-injection sandbox escape20:34 Claude Fable 5 export controls lifted28:17 Data centers, nuclear déjà vu & the AI race33:39 Wrap-upThe Cybersecurity Defenders Podcast — a podcast about cybersecurity and the people that keep the internet safe. New episodes drop weekly.Learn more about LimaCharlie: https://limacharlie.io#cybersecurity #infosec #threatintel #AIsecurity #promptinjection









