This week’s Security Weekly podcast covers a packed slate of vulnerabilities and threats, from Cisco SD-WAN zero-days to a 29-year-old Squid bug.
First up: Cisco’s Catalyst SD-WAN Manager has seen seven vulnerabilities added to the CISA KEV in less than a year. All were exploited in the wild, almost certainly as zero-days. Sandy Bird says the only real defensive recommendation is to treat all Cisco SD-WAN devices as already compromised.
Then there’s Fortibleed. The threat actor behind the Fortinet campaign left all their tools and data exposed online. They used scan-and-exploit tactics targeting network edges, ran a GPU cluster to crack SHA-256 hashes, and lived off the land on Fortinet devices. If you’re running FortiOS prior to 7.2.11, 7.4.8, or 7.6.1, your passwords can be cracked. Even after upgrading, the old SHA-256 hashes persist in full config backups until every admin account logs in.
Also on the show: a Mitsubishi WiFi adapter vulnerability (CVE-2026-5667) where devices broadcast probe requests forever, Squidbleed (CVE-2026-47729) hiding in the Squid proxy for 29 years, an OpenClinic GA XSS-to-RCE (CVE-2026-25860) that earned only a 5.8 CVSS but is far more dangerous than that score suggests, and Cloudflare’s response to the Copy Fail Linux vulnerability (CVE-2026-31431).
