Intel Chat: Cisco CUCM exploited, ransomware profiles, Gamaredon & AI agent phishing [335]

Intel Chat with Matt Bromiley and Chris Luft.

Matt and Chris break down four stories from the week in threat intel:

  • Cisco CUCM (CVE-2026-20230) — a web-dialer SSRF that chains to root-level RCE, exploited in the wild less than 24 hours after the PoC and full exploit chain were published.
  • The latest Ransomware Tool Matrix (RTM) / Ransomware Vulnerability Matrix (RVM) update, profiling three active groups — The Gentlemen, DragonForce and Warlock — and the BYOVD and legit-admin-tool tradecraft they increasingly share.
  • Gamaredon's upgraded toolkit against Ukraine (per ESET): new PowerShell downloaders like PteroPaste, Cloudflare tunneling and Workers for C2, and exfiltration to trusted cloud storage such as Amazon S3 and Dropbox.
  • Varonis Threat Labs phishing an AI email agent ("Pinchy") — why agents spot technical phishing better than humans yet hand over credentials to a convincing social request, and why you should treat them as privileged junior employees.

Chapters:

0:00 Intro & catching up

2:25 Cisco CUCM exploited within 24h of the PoC

9:57 Ransomware Tool Matrix: The Gentlemen, DragonForce & Warlock

15:44 Gamaredon's upgraded TTPs against Ukraine

22:18 Can AI email agents be phished?

28:08 Wrap-up: Black Hat plans & the LimaCharlie suite

The Cybersecurity Defenders Podcast — a podcast about cybersecurity and the people that keep the internet safe. New episodes drop weekly.

Subscribe wherever you listen:

Learn more about LimaCharlie: https://limacharlie.io

#cybersecurity #infosec #threatintel #ransomware #DFIR