InfoSec.Watch
The InfoSec.Watch Podcast delivers the week’s most important cybersecurity news in a fast, clear, and actionable format.
Each episode breaks down major incidents, vulnerabilities, threat-actor activity, and security trends affecting modern organizations — without the noise or hype.
The show translates complex cyber topics into practical insights you can use immediately in your job, whether you work in security engineering, cloud security, threat detection, governance, or IT.
If you want to stay ahead of emerging threats, sharpen your defensive mindset, and get a reliable summary of what actually matters each week, this is your new essential briefing.
Actionable Cybersecurity Insights — Every Week.
InfoSec.Watch
InfoSec.Watch Podcast — Episode 125: Vendor choke points, BridgePay fallout, and the KEV patch race
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
This week on the InfoSec.Watch Podcast, we examine a growing risk that many organizations still underestimate: operational choke points.
The episode opens with the BridgePay ransomware attack, which forced the payment gateway offline and disrupted credit card processing for multiple municipalities and utilities. The incident highlights a harsh reality—third-party processors are effectively critical infrastructure. When they go down, downstream governments and businesses lose revenue, disrupt services, and erode public trust. The key question: do you have a plan B?
Next, the discussion turns to a critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access (CVE-2026-1731). With exploitation observed almost immediately after disclosure, defenders faced a race against mass internet scanning. The hosts emphasize an “assume-breach” posture for internet-facing control plane appliances and outline why patching alone is not enough—you must hunt for persistence and validate trust after remediation.
The episode also revisits Ivanti Endpoint Manager Mobile (EPMM), where additional critical vulnerabilities continue to surface. With MDM platforms inherently exposed to the internet by design, attackers increasingly view them as high-leverage entry points. The takeaway is clear: reduce direct exposure wherever possible and treat MDM platforms as Tier-Zero assets.
The broader trend? Choke-point targeting. Payment gateways, remote support tools, MDM systems—these services sit between organizations and their users. For ransomware operators and initial access brokers, compromising one appliance can yield access to dozens or hundreds of downstream victims.
The conversation then shifts to the KEV-driven patch treadmill, as CISA’s Known Exploited Vulnerabilities catalog continues to grow. With time-to-exploitation shrinking to hours in some cases, organizations must implement emergency patch processes for internet-facing appliances instead of waiting for standard change windows.
Tool of the Week highlights GreyNoise, a powerful platform for distinguishing background scanning from meaningful exploitation activity—helping security teams prioritize response when new vulnerabilities drop.
The episode closes with a practical and high-impact Actionable Defense Move of the Week: identify your top three vendor choke points and document failover steps, key rotation procedures, required log sources, and communications plans before an outage forces your hand.
Key themes this week:
- Third-party services as operational single points of failure
- Pre-auth RCEs in internet-facing control planes
- KEV-driven emergency patch processes
- Planning for vendor compromise and outage
As the hosts conclude: If it sits between you and your users—payments, support, identity, or device control—it is part of your perimeter. Plan for its failure as rigorously as you defend your own firewall.
For full coverage and links to everything discussed, subscribe at infosec.watch and follow InfoSec.Watch on X, Facebook, and LinkedIn.
Thanks for listening to InfoSec.Watch! Subscribe to our newsletter for in-depth analysis: https://infosec.watch Follow us for daily updates: - X (Twitter) - LinkedIn - Facebook - Stay secure out there!