Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This week on the podcast, we cover a wave of attacks against network edge equipment and internet-exposed systems including an update on the recently patched Firebox 0-Day. After that, we cover two stories on browser extensions siphoning off data and making unwanted modifications to victim’s web browsing activity.

On this episode of The Cybersecurity Defenders Podcast, we revisit the 2025 predictions shared by our guests throughout the year. From attackers and defenders to AI and the broader security industry, these forecasts capture what experts expected was coming next. Rather than judging accuracy - which is still too early to assess - we're examining the predictions themselves: where they aligned, how they clustered, and what those patterns reveal about the industry’s mindset as this year came to a close. Free from hindsight bias, this episode explores what remained uncertain as we entered 2026.

Join us for this week's Defender Fridays as we explore bug bounty programs, vulnerability management, and the complexities of the CVE system with Brian Break, a veteran security professional with twenty years of experience across endpoint security, consulting, and product security. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

Join us for this week's Defender Fridays as we explore ICS phishing and calendar invite abuse with John Gaulding, Full Stack Engineer at Sublime Security. John examines how attackers are weaponizing calendar invites to bypass email security defenses and create persistent attack vectors. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

On this episode of The Cybersecurity Defenders Podcast we speak with Rebekah Skeete, Executive Director and CEO of BlackGirlsHack Foundation. Rebekah dives into how BGH is helping to increase diversity in cybersecurity by bridging the gap between what is taught in educational institutions and what is necessary for careers in cybersecurity.

AI assistants with broad enterprise access are creating a new attack vector. Chris Luft and Matt Bromiley discuss the Gemini Jack vulnerability, where attackers used prompt injection to turn Google's AI assistant into an unwitting accomplice in data exfiltration. The attack embedded hidden instructions in documents or emails. When employees asked Gemini normal questions like "show me our budgets," the AI retrieved the poisoned document and executed the attacker's commands without anyone clicking anything.