InfoSec.Watch
The InfoSec.Watch Podcast delivers the week’s most important cybersecurity news in a fast, clear, and actionable format.
Each episode breaks down major incidents, vulnerabilities, threat-actor activity, and security trends affecting modern organizations — without the noise or hype.
The show translates complex cyber topics into practical insights you can use immediately in your job, whether you work in security engineering, cloud security, threat detection, governance, or IT.
If you want to stay ahead of emerging threats, sharpen your defensive mindset, and get a reliable summary of what actually matters each week, this is your new essential briefing.
Actionable Cybersecurity Insights — Every Week.
InfoSec.Watch
InfoSec.Watch Podcast — Episode 119: WatchGuard VPN RCE, MongoDB MongoBleed, and WebRAT GitHub traps
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
In this week’s episode of the InfoSec.Watch Podcast, hosts Grant Lawson and Sloane Parker break down the security stories that defenders can’t afford to ignore.
The episode opens with urgent patching guidance for an actively exploited WatchGuard IKEv2 VPN remote code execution flaw, followed by analysis of “MongoBleed” (CVE-2025-14847)—a memory disclosure vulnerability in MongoDB now seeing real-world exploitation. Grant and Sloane walk through not just why these issues matter, but what defenders should be doing after patching, including log review, threat hunting, and hardening exposed services.
The discussion then turns to a growing threat targeting security teams themselves: malicious GitHub proof-of-concept repositories that masquerade as exploit code but actually deploy WebRAT malware. The hosts explain how researchers and blue teams can safely handle PoCs without becoming the next breach.
Other highlights include:
- A breakdown of the Aflac breach notification affecting 22.65 million individuals and why incident response doesn’t end at containment
- Ongoing DDoS disruptions impacting French postal and banking services, with a focus on operational resilience and customer communication
- A Vulnerability Spotlight on a critical SmarterMail flaw enabling arbitrary file upload and likely RCE
- Tool of the Week: Praetorian’s Gato, which maps attack paths in CI/CD environments using GitHub Actions and self-hosted runners
- A Deep Dive into the accelerating weaponization of AI-driven phishing campaigns
The episode wraps with an Actionable Defense Move of the Week, outlining a formal, repeatable process for safely handling exploit code, and a Final Word on why fundamentals—patching, exposure management, and disciplined workflows—still define the fastest path to compromise.
For full analysis, links, and takeaways, subscribe to the newsletter at infosec.watch and follow along on X, LinkedIn, and Facebook.
Thanks for listening to InfoSec.Watch! Subscribe to our newsletter for in-depth analysis: https://infosec.watch Follow us for daily updates: - X (Twitter) - LinkedIn - Facebook - Stay secure out there!