This week on the InfoSec.Watch Podcast, we break down a series of high-impact threats targeting the systems organizations rely on most—email gateways, Windows endpoints, and operational infrastructure that does not fail gracefully.

The episode opens with an urgent look at Cisco AsyncOS (CVE-2025-20393), an actively exploited, unauthenticated remote-code-execution flaw affecting Cisco Secure Email Gateway and Secure Email and Web Manager deployments. The hosts explain why email gateways must be treated as Tier-Zero assets, outline post-patch hunting requirements, and discuss the real-world risk of persistence on perimeter infrastructure.

Next, the conversation turns to Microsoft’s January Patch Tuesday, including CVE-2026-20805, an actively exploited Windows zero-day now listed in CISA’s Known Exploited Vulnerabilities catalog. While the vulnerability appears low-severity on paper, Grant and Sloane explain how information-disclosure bugs are routinely chained into full compromise—especially on jump hosts, VDI, and privileged systems.

The episode also examines a ransomware attack on the AZ Monica hospital network in Belgium, highlighting the operational and patient-safety consequences when healthcare infrastructure goes offline. The discussion focuses on availability planning, segmentation, paper-mode readiness, and the importance of rehearsed downtime procedures.

In the Vulnerability Spotlight, the hosts cover active exploitation of a high-severity flaw in Gogs, a self-hosted Git service, and an unauthenticated denial-of-service condition impacting Palo Alto Networks GlobalProtect. Both cases reinforce a central theme: development and remote-access infrastructure must be treated as production-critical systems.

The Trend to Watch explores a growing supply-chain risk in workflow automation platforms like n8n, where compromised community plugins can expose stored credentials and API tokens—effectively turning automation tools into high-value credential vaults.

The episode closes with a practical Actionable Defense Move of the Week, urging teams to focus on one high-impact service class and validate patching, exposure, logging, and rapid containment capabilities—before the next advisory drops.

Key themes this week:

• Email gateways as Tier-Zero infrastructure
• Active exploitation outweighs CVSS scores
• Availability is a primary security concern
• Control planes and automation platforms are high-leverage targets

For full coverage, subscribe to the newsletter at infosec.watch and follow InfoSec.Watch on X, Facebook, and LinkedIn.