Intel Chat: Dialogflow Rogue Agent, ghost phishing, CISA KEV deadline & HalluSquatting [338]

Intel Chat with Matt Bromiley and Chris Luft.

Matt and Chris break down four stories from the week in threat intel:

  • Varonis Threat Labs' "Rogue Agent" — a permission boundary flaw in Google Dialogflow CX's Code Blocks feature that could let an attacker with a single permission (dialogflow.playbooks.update) inject persistent malicious code into a chatbot's execution pipeline and silently exfiltrate conversations; Google has fully patched it, no customer action required.
  • The EvilTokens campaign and "ghost phishing" — AES-GCM-encrypted phishing pages that look harmless to URL scanners and only reveal themselves after decrypting in the victim's browser, driving Microsoft device code phishing against Microsoft 365 accounts.
  • CISA adds four actively exploited flaws to the KEV catalog with a July 10 patch deadline under BOD 26-04: Adobe ColdFusion (CVE-2026-48282, CVSS 10.0), Langflow (CVE-2026-55255, chained with CVE-2026-33017), and Joomla's SP Page Builder (CVE-2026-48908) and Page Builder CK (CVE-2026-56290) extensions.
  • HalluSquatting — Tel Aviv University researchers show attackers can register the repository names AI coding assistants predictably hallucinate, then ride prompt injection to code execution on developer machines — with success rates up to 85% for repos and 100% for skill installs across Cursor, Windsurf, Copilot, Cline, Gemini CLI and more.

Stories covered:

Chapters:

0:00 Intro & catching up

4:31 Google Dialogflow CX "Rogue Agent" flaw

11:03 EvilTokens & "ghost phishing"

17:37 CISA KEV: ColdFusion, Langflow & Joomla — patch by July 10

24:56 HalluSquatting: weaponizing AI hallucinations

33:16 Wrap-up

The Cybersecurity Defenders Podcast — a podcast about cybersecurity and the people that keep the internet safe. New episodes drop weekly.

Subscribe wherever you listen:

Learn more about LimaCharlie: https://limacharlie.io

#cybersecurity #infosec #threatintel #AIsecurity #phishing