This week on the InfoSec.Watch Podcast, we break down a wave of high-impact security events underscoring a hard truth for defenders: management planes and dependencies are now primary intrusion paths.

The episode opens with active exploitation of a Cisco Unified Communications zero-day (CVE-2026-20045), an unauthenticated web-management RCE capable of delivering full root-level compromise across multiple UC platforms. With exploitation confirmed and CISA adding the flaw to its Known Exploited Vulnerabilities list, the hosts explain why UC management interfaces must be treated as Tier-Zero assets, and why assumed-breach reviews are mandatory even after patching.

Next, the discussion turns to Oracle’s January Critical Patch Update, delivering more than 300 fixes across its portfolio. Grant and Sloane walk through a practical prioritization strategy—patching by exposure, not product name—and explain how to use Oracle’s own exploitability flags and compensating controls to avoid patch paralysis.

The episode also covers Ingram Micro’s ransomware-related data exposure, highlighting the growing risk of third-party concentration. The hosts outline what every organization should have ready before a supplier breach occurs, from notification SLAs and data minimization to pre-staged third-party incident response playbooks.

In the Vulnerability Spotlight, the focus shifts to two expanding attack surfaces:

• Unauthenticated management UI exploitation as a recurring root-compromise pattern
• Malicious code embedded in developer dependencies, including a widely used package now listed in CISA’s KEV catalog

The Trend to Watch ties these threads together: attackers are moving up the stack, blending classic perimeter weaknesses with modern software supply-chain abuse. Management planes, CI/CD pipelines, and automation platforms are increasingly being scanned, scripted, and poisoned at scale.

The episode closes with a decisive Actionable Defense Move of the Week—formally defining your Tier-Zero systems and enforcing strict controls around access, exposure, monitoring, and containment—followed by a clear final warning: if a management interface is reachable from the internet, attackers will automate it.

For deeper coverage and weekly briefings delivered straight to your inbox, subscribe at infosec.watch and follow InfoSec.Watch on X, Facebook, and LinkedIn.

This week on the InfoSec.Watch Podcast, we break down a series of high-impact threats targeting the systems organizations rely on most—email gateways, Windows endpoints, and operational infrastructure that does not fail gracefully.

The episode opens with an urgent look at Cisco AsyncOS (CVE-2025-20393), an actively exploited, unauthenticated remote-code-execution flaw affecting Cisco Secure Email Gateway and Secure Email and Web Manager deployments. The hosts explain why email gateways must be treated as Tier-Zero assets, outline post-patch hunting requirements, and discuss the real-world risk of persistence on perimeter infrastructure.

Next, the conversation turns to Microsoft’s January Patch Tuesday, including CVE-2026-20805, an actively exploited Windows zero-day now listed in CISA’s Known Exploited Vulnerabilities catalog. While the vulnerability appears low-severity on paper, Grant and Sloane explain how information-disclosure bugs are routinely chained into full compromise—especially on jump hosts, VDI, and privileged systems.

The episode also examines a ransomware attack on the AZ Monica hospital network in Belgium, highlighting the operational and patient-safety consequences when healthcare infrastructure goes offline. The discussion focuses on availability planning, segmentation, paper-mode readiness, and the importance of rehearsed downtime procedures.

In the Vulnerability Spotlight, the hosts cover active exploitation of a high-severity flaw in Gogs, a self-hosted Git service, and an unauthenticated denial-of-service condition impacting Palo Alto Networks GlobalProtect. Both cases reinforce a central theme: development and remote-access infrastructure must be treated as production-critical systems.

The Trend to Watch explores a growing supply-chain risk in workflow automation platforms like n8n, where compromised community plugins can expose stored credentials and API tokens—effectively turning automation tools into high-value credential vaults.

The episode closes with a practical Actionable Defense Move of the Week, urging teams to focus on one high-impact service class and validate patching, exposure, logging, and rapid containment capabilities—before the next advisory drops.

Key themes this week:

• Email gateways as Tier-Zero infrastructure
• Active exploitation outweighs CVSS scores
• Availability is a primary security concern
• Control planes and automation platforms are high-leverage targets

For full coverage, subscribe to the newsletter at infosec.watch and follow InfoSec.Watch on X, Facebook, and LinkedIn.

Welcome back to the InfoSec.Watch Podcast, your weekly briefing on the security threats that matter.

In Episode 120, we break down a clear and recurring theme across this week’s incidents: control planes have become prime attack planes.

We start with active exploitation of a critical flaw in HPE OneView, underscoring why management-plane software must be treated as Tier Zero infrastructure. From there, we examine unpatchable risk posed by actively exploited, end-of-life D-Link DSL gateways, and a critical unauthenticated RCE (CVSS 9.8) in Trend Micro Apex Central, where compromise could allow attackers to disable security controls at scale.

In the Vulnerability Spotlight, we cover:

• A jsPDF path traversal flaw highlighting real-world software supply chain risk
• Multiple Veeam Backup & Replication fixes, reinforcing why backup platforms remain high-value ransomware targets

Our Trend to Watch looks at a growing enterprise data-loss vector: prompt-poaching via malicious browser extensions, where entire GenAI conversations — including sensitive code and data — are being exfiltrated from tools like ChatGPT.

We also discuss:

• CISA’s move to formally retire early Emergency Directives in favor of a mature KEV-driven vulnerability process
• Why organizations should adopt their own “KEV-style” prioritization model
• Chainsaw, a high-performance open-source tool for rapid Windows EVTX triage

In this week’s Actionable Defense Move, we walk through a 30-minute management-plane exposure sweep — a fast, high-impact exercise to identify publicly exposed admin interfaces before attackers do.

Final takeaway: attackers will always gravitate toward systems where privileges are concentrated. If a control plane must exist, it must be tightly restricted, aggressively patched, and continuously monitored.

For a full written breakdown of these stories and more, subscribe to the InfoSec.Watch newsletter at infosec.watch, and follow us on X, Facebook, and LinkedIn for updates throughout the week.