The Defensive Line Podcast

The Defensive Line Weekly Podcast 025


Listen Later

The Defensive Line Weekly β€” Episode 25 (28 June – 5 July 2026). A new CitrixBleed exploited in 24 hours; FortiBleed theft turns to ransomware; device-code phishing goes pro; AI runs ransomware end-to-end.

πŸ€– Voices are AI-generated. Story curation and analysis is human.

A new CitrixBleed (CVE-2026-8451)

* Citrix Security Bulletin CTX696604 β€” fixed builds

* watchTowr Labs β€” CitrixBleed to Infinity and Beyond: technical analysis

* Field Effect β€” Citrix NetScaler memory disclosure: patch guidance

* SecurityWeek β€” New CitrixBleed vulnerability exploited immediately after public disclosure

FortiBleed β†’ INC Ransom and Lynx ransomware

* SOCRadar β€” FortiBleed: INC / Lynx ransomware link

* Dark Reading β€” FortiBleed actors tied to INC and Lynx ransomware gangs

* SecurityWeek β€” FortiBleed campaign linked to INC, Lynx ransomware attacks

* BleepingComputer β€” FortiBleed credential theft campaign linked to Lynx ransomware

ARToken β€” device-code phishing as a service

* Cisco Talos β€” ARToken: inside an EvilTokens affiliate panel targeting Microsoft 365

* Sekoia β€” EvilTokens: AI-augmented phishing-as-a-service for automating BEC fraud

* Microsoft β€” AI-enabled device-code phishing campaign (April 2026)

* Microsoft Learn β€” Conditional Access: block authentication flows (device code)

JADEPUFFER β€” AI-agent-run ransomware

* Sysdig β€” JADEPUFFER: agentic ransomware for automated database extortion

* BleepingComputer β€” JADEPUFFER ransomware used AI agent to automate entire attack

* SecurityWeek β€” Agentic AI used to conduct ransomware attack via Langflow

Honourable mentions

* Socket β€” PolinRider: North Korea-linked supply chain campaign expands

* OpenSourceMalware β€” PolinRider rides again: North Korean attack expands across GitHub

* The Hacker News β€” North Korean hackers publish 108 malicious packages

* The Hacker News β€” New ChocoPoC RAT targets vulnerability researchers

Vulnerabilities

* MSRC β€” CVE-2026-45659: Microsoft SharePoint RCE

* The Hacker News β€” SharePoint RCE CVE-2026-45659 added to KEV

* Cisco β€” Unified Communications Manager security advisory

* SecurityWeek β€” Cisco confirms in-the-wild exploitation of Unified CM vulnerability

Subscribe

* This week’s written edition β€” The Defensive Line Weekly #28



This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit thedefensiveline.substack.com
...more
View all episodesView all episodes
Download on the App Store

The Defensive Line PodcastBy The Defensive Line