China-linked group targets cloud, Russian cyber espionage, agentic AI systems flaw & Nginx [313]

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. https://community.limacharlie.com/

Intercept and control AI agent activity with Viberails by LimaCharlie: https://www.viberails.io/

• APT41, a China-linked threat group is deploying a previously undetected backdoor targeting Linux based cloud workflows. https://www.darkreading.com/cloud-security/apt41-zero-detection-backdoor-harvest-cloud-credentials
• Fancy bear, also known as APT28 or Forest Blizzard, is a Russian cyber espionage group believed to operate on behalf of the country's military intelligence services, the GRU. https://www.darkreading.com/threat-intelligence/russias-fancy-bear-apt-continues-global-onslaught
• Trend Micro research here: https://www.trendmicro.com/en_us/research/26/c/pawn-storm-targets-govt-infra.html
• Anthropic’s Model Control Protocol widely used in agentic AI systems to connect AI agents with data sources, contains a design flaw that would enable large-scale supply chain attacks. https://www.securityweek.com/by-design-flaw-in-mcp-could-enable-widespread-ai-supply-chain-attacks/
• Report here: https://20204725.hs-sites.com/the-mother-of-all-ai-supply-chains
• There's a critical vulnerability in nginx-UI, a web-based management interface for Nginx servers, which is being actively exploited and could allow attackers to take full control affected systems. https://thehackernews.com/2026/04/critical-nginx-ui-vulnerability-cve.html

Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.

This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at https://limacharlie.io/