InfoSec.Watch

Infosec.Watch
  • 5.0 (1)
  • Technology

The InfoSec.Watch Podcast delivers the week’s most important cybersecurity news in a fast, clear, and actionable format. Each episode breaks down major incidents, vulnerabilities, threat-actor activity, and security trends affecting modern organizations — without the noise or hype. The show translates complex cyber topics into practical insights you can use immediately in your job, whether you work in security engineering, cloud security, threat detection, governance, or IT. If you want to stay ahead of emerging threats, sharpen your defensive mindset, and get a reliable summary of what actually matters each week, this is your new essential briefing. Actionable Cybersecurity Insights — Every Week.

  1. May 18

    138 - Security Leverage Points

    Send us Fan Mail We track the security stories that give attackers the most leverage, from AI-assisted exploit development to SaaS platform compromise, manufacturing ransomware, and high-impact vulnerabilities. We end with a practical defensive check: a short control plane exposure register that shows exactly which systems could change trust, access, routing, revenue, or production at scale.  • AI-assisted zero-day exploit and why admin tools move to the top of the patch queue  • Phishing-resistant MFA and reviewing trusted path assumptions for bypass risk  • Canvas incident and the need for tenant-level SaaS impact assessment  • Manufacturing ransomware as business disruption strategy across logistics and production  • Cisco Catalyst SD-WAN controller authentication bypass and control plane blast radius  • Exchange OWA KEV-driven mitigations and using deadlines for escalation  • WordPress FunnelKit exploit leading to WooCommerce checkout skimming and script audits  • Leverage-point thinking for modern asset inventory and exposure management  • Control plane exposure register fields, owners, logs, rollback paths, review cadence  If you want daily updates between episodes, you can find us on X, Facebook, and LinkedIn. Just search InfoSecWatch. And if you haven't already, head over to InfoSec.watch and grab the free weekly newsletter. It's concise, it's practitioner focused, and it lands every week.  Support the show Thanks for listening to InfoSec.Watch! Subscribe to our newsletter for in-depth analysis: https://infosec.watch Follow us for daily updates: - X (Twitter) - LinkedIn - Facebook - Stay secure out there!

    11 min

  2. Mar 26

    130 - When Trusted Tools Turn On You

    Send us Fan Mail We track how trust boundaries fail across the modern stack, from CI/CD supply chain compromise to phishing-driven account takeover and remote assistance abuse. We also break down actively exploited vulnerabilities and a practical tier 0 validation loop that treats patching like incident response, not routine maintenance. • supply chain compromise risk when trusted CI/CD tooling is abused for credential theft • behavior-based hunting on build systems, including anomalous execution and network egress • phishing campaigns against Signal and WhatsApp framed as identity compromise at scale • Microsoft Teams social engineering path to Quick Assist remote access and intrusion expansion • vulnerability triage for active exploitation, including Cisco FMC CVE-2026-20131 and rapid weaponization of new disclosures • mobile exploit kit reporting and why device takeover belongs in tier 0 thinking • IoT botnet disruption as a prompt to inventory unmanaged devices and validate network visibility • one-week tier 0 validation loop: verify versions, remove exposure, review logs, rotate secrets Follow the show on X, Facebook, and LinkedIn, and subscribe at https://infosec.watch. Support the show Thanks for listening to InfoSec.Watch! Subscribe to our newsletter for in-depth analysis: https://infosec.watch Follow us for daily updates: - X (Twitter) - LinkedIn - Facebook - Stay secure out there!

    18 min

  3. Mar 20

    129 - Quick Assist, Slow Panic

    Send us Fan Mail We track how attackers keep turning trusted channels into reliable intrusion paths, from extension marketplaces to chat platforms and developer dependencies. We also lay out what defenders should patch first and how to validate fixes so security work actually reduces risk. • Glasswarm escalation against Open VSX using a modular loader for stealthier propagation • Why defenders need full intrusion chain telemetry across execution, persistence and C2 • Microsoft Teams phishing that impersonates IT and abuses Quick Assist for remote access • Living off the land detection focused on behaviors rather than specific malware files • Astronata backdooring React Native packages to steal crypto wallets and developer credentials • Software supply chain hygiene through provenance checks and dependency trust path reviews • Chrome vulnerabilities exploited in the wild and why pre-patch hunting matters • Veeam critical flaws and treating backup infrastructure as a tier zero asset • VPN credential theft campaigns and enforcing MFA across every authentication path • Post-patching rigor with version checks, exposure validation, log review and secret rotation Support the show Thanks for listening to InfoSec.Watch! Subscribe to our newsletter for in-depth analysis: https://infosec.watch Follow us for daily updates: - X (Twitter) - LinkedIn - Facebook - Stay secure out there!

    9 min

  4. Mar 12

    128 - AI Malware Floods And Patch Tsunamis

    Send us Fan Mail We track a clear theme across this week’s security headlines: everything is getting bigger, faster, and harder to manage, from AI-generated malware to massive patch waves. We focus on cutting blast radius with risk-based patching, resilience-first strategy, and automation that can keep up with machine-scale attacks.  • AI-assisted malware as a volume play that strains signature-based detection  • CISA KEV additions affecting physical security tech and industrial OT environments  • Cisco firewall patch surge and why perfect-10 bugs demand rapid edge triage  • Risk-based prioritization starting with the most exposed internet-facing devices  • VMware ARIA Operations auth bypass as a high-impact management-plane risk  • Nginx UI remote code execution as a supply chain style weak link  • Resilience mindset built on detection, response, and rehearsed incident response plans  • Automated sandboxing and modern EDR to counter high-volume malware  • Continuous security awareness training that teaches and builds security culture  Don't forget to follow us on X, Facebook, or LinkedIn, and be sure to subscribe to our newsletter at infosec.watch for the latest updates.  Support the show Thanks for listening to InfoSec.Watch! Subscribe to our newsletter for in-depth analysis: https://infosec.watch Follow us for daily updates: - X (Twitter) - LinkedIn - Facebook - Stay secure out there!

    9 min

  5. Mar 6

    127 - From Cisco To EV Chargers: Active Exploits And Urgent Patches

    Send us Fan Mail A wave of edge and control‑plane threats drives urgent patching and smarter validation across Cisco SD‑WAN, EV charging, FileZen, and Serve‑U. We map real exploits, spotlight APT28 tradecraft, unpack Google risk shifts, and share a post‑patch playbook that assumes breach. • Cisco SD‑WAN 10.0 authentication bypass and active exploitation • CISA KEV update for FileZen and patch prioritization • EV charging platform flaws enabling session hijack and station impersonation • APT28 targeting MSHTML and legacy components as modern vectors • One Uptime 10.0 root‑level exploit via traceroute probes • Google localhost WebSocket risk and policy reversals on token proxying • Governance for agentic AI with supervised fine‑tuning and oversight • Quick hits on North Korean air‑gap tools and UNC2814 disruption • Serve‑U critical updates and file transfer exposure • EU CRA impacts on open source supply chains • Post‑patch validation: verify versions, confirm exposure is gone, hunt logs, rotate secrets • Continuous exposure management for control planes and edge systems For more in-depth analysis and links to everything we discussed today, be sure to subscribe to our newsletter at infosec.watch Support the show Thanks for listening to InfoSec.Watch! Subscribe to our newsletter for in-depth analysis: https://infosec.watch Follow us for daily updates: - X (Twitter) - LinkedIn - Facebook - Stay secure out there!

    10 min

  6. Feb 23

    126: Click The CAPTCHA, Adopt Malware, Regret Everything

    Send us Fan Mail We track a wave of high-impact vulnerabilities and social engineering campaigns that target management planes and edge devices, then lay out a concrete four-step validation playbook. The theme is simple: initial access is cheap, but control plane compromise multiplies damage. • Windows Admin Center privilege escalation and urgent patching • IceWarp critical flaws enabling total takeover paths • Fake CAPTCHA campaigns delivering Letrodyctus, Supers, and new RATs • BeyondTrust RCE exploited in the wild with VShell and SparkRat • Grandstream VoIP unauthenticated buffer overflow and asset hygiene • Dell RecoverPoint zero day linked to suspected state activity • CISA KEV additions signaling active exploitation and patch deadlines • Fake adversary-built RMM tools and software due diligence • Device code phishing abusing OAuth to bypass MFA • Four-step patch validation and assumed-breach log review • Final theme: protect control planes and edge surfaces Be sure to follow us on X, Facebook, or LinkedIn for daily updates And don't forget to subscribe to our newsletter for all this and more right in your inbox You can find that at infosec.watch Support the show Thanks for listening to InfoSec.Watch! Subscribe to our newsletter for in-depth analysis: https://infosec.watch Follow us for daily updates: - X (Twitter) - LinkedIn - Facebook - Stay secure out there!

    14 min

  7. Feb 16

    InfoSec.Watch Podcast — Episode 125: Vendor choke points, BridgePay fallout, and the KEV patch race

    Send us Fan Mail This week on the InfoSec.Watch Podcast, we examine a growing risk that many organizations still underestimate: operational choke points. The episode opens with the BridgePay ransomware attack, which forced the payment gateway offline and disrupted credit card processing for multiple municipalities and utilities. The incident highlights a harsh reality—third-party processors are effectively critical infrastructure. When they go down, downstream governments and businesses lose revenue, disrupt services, and erode public trust. The key question: do you have a plan B? Next, the discussion turns to a critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access (CVE-2026-1731). With exploitation observed almost immediately after disclosure, defenders faced a race against mass internet scanning. The hosts emphasize an “assume-breach” posture for internet-facing control plane appliances and outline why patching alone is not enough—you must hunt for persistence and validate trust after remediation. The episode also revisits Ivanti Endpoint Manager Mobile (EPMM), where additional critical vulnerabilities continue to surface. With MDM platforms inherently exposed to the internet by design, attackers increasingly view them as high-leverage entry points. The takeaway is clear: reduce direct exposure wherever possible and treat MDM platforms as Tier-Zero assets. The broader trend? Choke-point targeting. Payment gateways, remote support tools, MDM systems—these services sit between organizations and their users. For ransomware operators and initial access brokers, compromising one appliance can yield access to dozens or hundreds of downstream victims. The conversation then shifts to the KEV-driven patch treadmill, as CISA’s Known Exploited Vulnerabilities catalog continues to grow. With time-to-exploitation shrinking to hours in some cases, organizations must implement emergency patch processes for internet-facing appliances instead of waiting for standard change windows. Tool of the Week highlights GreyNoise, a powerful platform for distinguishing background scanning from meaningful exploitation activity—helping security teams prioritize response when new vulnerabilities drop. The episode closes with a practical and high-impact Actionable Defense Move of the Week: identify your top three vendor choke points and document failover steps, key rotation procedures, required log sources, and communications plans before an outage forces your hand. Key themes this week: Third-party services as operational single points of failurePre-auth RCEs in internet-facing control planesKEV-driven emergency patch processesPlanning for vendor compromise and outageAs the hosts conclude: If it sits between you and your users—payments, support, identity, or device control—it is part of your perimeter. Plan for its failure as rigorously as you defend your own firewall. For full coverage and links to everything discussed, subscribe at infosec.watch and follow InfoSec.Watch on X, Facebook, and LinkedIn. Support the show Thanks for listening to InfoSec.Watch! Subscribe to our newsletter for in-depth analysis: https://infosec.watch Follow us for daily updates: - X (Twitter) - LinkedIn - Facebook - Stay secure out there!

    9 min

  8. Feb 10

    InfoSec.Watch Podcast — Episode 124: Edge Devices Under Fire

    Send us Fan Mail Edges are where attackers thrive—and where many teams see the least. We dive into how identity-adjacent features, single sign-on, and device management planes have become high-impact targets, and why routers, VPNs, and firewalls now sit at the center of modern intrusion campaigns. From unsupported hardware to multi-terabit DDoS events, we break down what matters most and the steps that actually change your risk. We walk through CISA’s directive to remove end-of-life edge devices and translate it into a practical playbook: inventory every public IP, map models and firmware to vendor support, and set non-negotiable retirement deadlines. Then we stress-test DDoS readiness at today’s scale, with concrete checks for always-on scrubbing, runbooks, and confirmed capacity with your CDN, WAF, and upstream providers. On the software side, we examine fresh NPM and PyPI compromises and outline a developer-first defense: dependency pinning, integrity checks, SBOM usage, mirrored registries, and CI/CD policies that block unknown maintainers by default. Urgency ramps up with active exploits added to CISA’s Known Exploited Vulnerabilities list. We prioritize SmarterMail, SolarWinds Web Help Desk, and GitLab SSRF with rapid patching, strict segmentation, emergency hardening, token rotation, and egress controls. We also spotlight a trend to watch: adversary-in-the-middle frameworks targeting routers and edge devices to hijack traffic. The counter is clear—treat the edge as a tier-one detection surface with telemetry for config drift, new admins, DNS and NTP anomalies, and require phishing-resistant MFA like FIDO2 or passkeys for all admin access. To help teams move faster, we highlight the KEV catalog’s machine-readable feed and show how to wire it into vulnerability management to auto-open tickets and enforce tight SLAs based on real-world exploitation. We close with an actionable one-week project: enumerate public edges, flag end-of-support gear, and either replace it, shield it behind managed services, or lock its management plane behind VPN with strict allow lists. Subscribe, share with your team, and leave a review with the one control you’ll implement first—what’s your next move to harden the edge? Support the show Thanks for listening to InfoSec.Watch! Subscribe to our newsletter for in-depth analysis: https://infosec.watch Follow us for daily updates: - X (Twitter) - LinkedIn - Facebook - Stay secure out there!

    9 min
See All (20)

About

The InfoSec.Watch Podcast delivers the week’s most important cybersecurity news in a fast, clear, and actionable format. Each episode breaks down major incidents, vulnerabilities, threat-actor activity, and security trends affecting modern organizations — without the noise or hype. The show translates complex cyber topics into practical insights you can use immediately in your job, whether you work in security engineering, cloud security, threat detection, governance, or IT. If you want to stay ahead of emerging threats, sharpen your defensive mindset, and get a reliable summary of what actually matters each week, this is your new essential briefing. Actionable Cybersecurity Insights — Every Week.

Information

  • Creator
    Infosec.Watch
  • Years Active
    2025 - 2026
  • Episodes
    20
  • Rating
    Clean
  • Copyright
    © 2026 InfoSec.Watch
  • Show Website
    InfoSec.Watch