Welcome back to the InfoSec.Watch Podcast, your weekly briefing on the security threats that matter.

In Episode 120, we break down a clear and recurring theme across this week’s incidents: control planes have become prime attack planes.

We start with active exploitation of a critical flaw in HPE OneView, underscoring why management-plane software must be treated as Tier Zero infrastructure. From there, we examine unpatchable risk posed by actively exploited, end-of-life D-Link DSL gateways, and a critical unauthenticated RCE (CVSS 9.8) in Trend Micro Apex Central, where compromise could allow attackers to disable security controls at scale.

In the Vulnerability Spotlight, we cover:

• A jsPDF path traversal flaw highlighting real-world software supply chain risk
• Multiple Veeam Backup & Replication fixes, reinforcing why backup platforms remain high-value ransomware targets

Our Trend to Watch looks at a growing enterprise data-loss vector: prompt-poaching via malicious browser extensions, where entire GenAI conversations — including sensitive code and data — are being exfiltrated from tools like ChatGPT.

We also discuss:

• CISA’s move to formally retire early Emergency Directives in favor of a mature KEV-driven vulnerability process
• Why organizations should adopt their own “KEV-style” prioritization model
• Chainsaw, a high-performance open-source tool for rapid Windows EVTX triage

In this week’s Actionable Defense Move, we walk through a 30-minute management-plane exposure sweep — a fast, high-impact exercise to identify publicly exposed admin interfaces before attackers do.

Final takeaway: attackers will always gravitate toward systems where privileges are concentrated. If a control plane must exist, it must be tightly restricted, aggressively patched, and continuously monitored.

For a full written breakdown of these stories and more, subscribe to the InfoSec.Watch newsletter at infosec.watch, and follow us on X, Facebook, and LinkedIn for updates throughout the week.