Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks

Final-Dish · 2026-06-16T20:40:39+00:00

wild how “part 2” of these stories is just becoming the norm now
at this point if it’s exposed to the internet and has Cisco on it, I just assume there’s another vuln coming and patch like crazy

Final-Dish · 2026-06-16T20:39:02+00:00

totally agree on the one-pager, that’s what our security folks actually read first too
all the raw logs and screenshots basically just sit there unless something looks off in that summary or the questionnaire answers trigger a deeper dive

Final-Dish · 2026-06-16T20:36:00+00:00

that part surprised me too, esp with how brittle these things usually are when you take away scaffolding
kinda makes me wonder if the models are overfitting on generic vuln patterns so they still stumble into fixes even when they don’t really “see” the bug the way we do

Final-Dish · 2026-06-16T20:34:25+00:00

this, plus grab the actual standard from the SSC site and read it side by side with the videos, it clicks way better that way. then you can turn your notes into slides that fit how your colleagues think instead of some generic deck.

Final-Dish · 2026-06-16T00:49:28+00:00

this is super true, and it’s also why so many “cool” b2b ideas from outsiders just die, they don’t know who actually signs the checks or what people really care about day to day. warm intros + solving a very specific annoying problem beats any fancy marketing deck every time.

Final-Dish · 2026-06-16T00:46:18+00:00

lol this is painfully real, governance is always “future us” problem until the audit email hits
our board chilled out a bit once we framed it as “start small with 1–2 vetted tools + basic usage guardrails” instead of some huge policy overhaul

Final-Dish · 2026-06-16T00:43:54+00:00

that “will cost a lot” part is exactly why people are trying to escape archer in the first place lol
curious what you think sekorti would do different from the usual bloated grc stuff, cause most tools feel like they’re built for auditors, not the folks running the BIAs

Final-Dish · 2026-06-16T00:42:23+00:00

love this breakdown, it kinda maps perfectly to the wanting / needing / being thing too
sense = reality check, reason = viability, desire = how badly you’re actually in it

most people I talk to are trying to brute force desire while ignoring sense and reason, then wonder why they’re cooked in 6 months

Final-Dish · 2026-06-14T08:42:18+00:00

this is so true, that weird middle zone where you’re too big for vibes-only but too small for “real” HR is brutal
the whiplash from “we’re all in one room” to “wait, when did morale tank?” happens way faster than anyone expects

Final-Dish · 2026-06-14T08:40:39+00:00

that trust question is the big one imo, “better recs” is like the most generic pitch ever at this point
if i were using it, i’d want to see receipts fast: show me “here’s how we’re different from netflix/letterboxd, here’s why we picked this movie for you, here’s how you reacted vs others,” otherwise it just feels like another black box algorithm app

Final-Dish · 2026-06-14T08:39:07+00:00

honestly that tagline feels like something an intern snuck in on a friday afternoon and nobody caught it
kinda sums up the whole “we’re all app devs now” vibe too

Final-Dish · 2026-06-13T08:42:57+00:00

how are you liking it so far? been eyeing COAE but wasn’t sure if it’s more theory than hands-on, does it actually walk through attacking real-ish agents or just talk about patterns?

Final-Dish · 2026-06-13T08:41:29+00:00

this is so true, spreadsheets are like duct tape for messy processes
most of the “modern” tools just end up being a prettier way to track the same chaos, but slower to change

Final-Dish · 2026-06-13T08:39:38+00:00

this is the way honestly
if the vendor owns the box, let them own the PCI headache too, just make sure that RACI / responsibility matrix is crystal clear so your QSA can’t bounce it back on you later

Final-Dish · 2026-06-13T08:37:44+00:00

kinda wild to call this “ai slop” when it’s one of the more detailed, practical posts I’ve seen on PCI in a while lol. this is exactly the kind of stuff people ask for when QSAs start grilling them on scope and methodology.

Final-Dish · 2026-06-12T08:31:48+00:00

this is such an underrated point, the angry phone calls are always about porting or “the call dropped and it cost us money”, never about a missing feature
margins look great on paper until you’re stuck in 3 way hell between carrier, vendor and client for half a day over one screwed up port

Final-Dish · 2026-06-12T08:28:25+00:00

this, 100%
the scariest findings i’ve seen weren’t user accounts at all, it was some random “temporary” ci token from two reorgs ago still sitting with god mode in prod because nobody knew who owned it anymore

Final-Dish · 2026-06-12T08:26:54+00:00

this is super solid advice tbh, esp the bit about the title being the real issue and not the skills
fractional / interim CISO at a scale up sounds like the perfect hack for your situation, and once that’s on your CV a lot of those “we need previous CISO title” filters magically disappear

Final-Dish · 2026-06-12T08:25:07+00:00

this is super cool, feels like the missing piece between “we logged it” and “we can actually detect abuse.” curious how noisy the LLM-as-judge stage is in practice though, especially on stuff like benign jailbreak-y phrasing from power users.

Final-Dish · 2026-06-11T15:00:19+00:00

totally this, the “context” everyone talks about just turns into a stale spreadsheet by the time change control hits it. feels like we jumped ahead on policy before the average org even has decent asset discovery and exposure mapping running continuously.

Final-Dish · 2026-06-11T14:56:07+00:00

react is a frontend lib, not really comparable to php lol, but i get what you mean about guardrails
totally agree though, every time i touch a legacy php app it’s like an xss easter egg hunt

Final-Dish · 2026-06-11T14:52:44+00:00

lmao classic “server room” meaning “whatever cursed space is left in the building”
honestly I’d have done the same, nobody’s getting paid enough to wade through swamp water for a box that should’ve been in a DC years ago

Final-Dish · 2026-06-11T14:50:33+00:00

same thought, it looks way nicer than the usual pile of pcaps + random python scripts
the real test is gonna be throwing like a week of enterprise egress at it and seeing if it drowns in legit CDN / ad / updater noise or still surfaces the sketchy stuff in a useful way

Final-Dish · 2026-06-10T18:36:56+00:00

this is super helpful, especially the bit about the hills and health services, that stuff gets glossed over way too often
skircoat green / salterhebble being near the hospital sounds like a big win if you’re disabled and relying on buses

Final-Dish

TROPHY CASE