Cybersecurity leaders face a fast-moving threat landscape this week as exploited infrastructure flaws, cloud-based espionage, and ransomware affiliate models converge into broader enterprise risk. Cisco has patched CVE-2026-20262, a Catalyst SD-WAN Manager vulnerability now actively exploited in the wild and added to CISA's Known Exploited Vulnerabilities catalog, underscoring the strategic importance of rapid patching, asset visibility, and resilient hybrid network governance. The episode also examines a China-linked espionage campaign against U.S. medical research networks, where attackers abused Google Workspace mail rules to maintain stealthy access, move laterally, and exfiltrate sensitive intellectual property and medical data. For healthcare, pharma, and research leaders, the incident highlights the growing risk of trusted SaaS platforms as high-value attack surfaces.

This briefing also covers the rise of Gentlemen Ransomware-as-a-Service, which now claims at least 166 victims and demonstrates how affiliate-driven ransomware operations are reshaping supply chain risk, incident response, cyber insurance, and board-level reporting. Additional updates include new CISA KEV additions, Windows variants of the Chinese SprySocks backdoor, initial access broker activity tied to Rhysida and Interlock ransomware, and Kodak's reported breach. Stay informed on the latest cybersecurity threats, cyber risk trends, and leadership implications shaping enterprise resilience.