Daily Cyber Briefing

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptToday’s cyber and AI risk landscape is evolving at an unprecedented pace. We’re seeing not just more attacks, but smarter, faster, and more automated threats—driven by the same artificial intelligence that’s transforming business operations worldwide. The lines between attacker and defender are blurring, as both sides leverage AI to outmaneuver each other. This is no longer a theoretical arms race; it’s playing out in real time, with immediate implications for every organization, regardless of size or sector.Let’s start with one of the most significant developments in recent memory: the confirmed use of artificial intelligence to create zero-day exploits in the wild. Google and other sources have validated that criminals are now using AI to automate the discovery and weaponization of new vulnerabilities—zero-days that have never been seen before. This marks a fundamental shift in the threat landscape. In the past, finding a zero-day required specialized expertise, patience, and luck. Now, AI can systematically probe software, identify weaknesses, and generate exploit code at a scale and speed that simply wasn’t possible before.For security leaders, this means the old playbook for vulnerability management is no longer enough. Traditional cycles—identify, patch, repeat—are being outpaced by adversaries who can unleash new exploits faster than defenders can respond. The implication is clear: organizations must invest in AI-driven detection and response tools, not just to keep up, but to avoid falling dangerously behind. This isn’t about replacing human expertise; it’s about augmenting it with automation that can match the scale and speed of modern attacks.While AI-generated zero-days grab headlines, the day-to-day reality of cyber defense remains rooted in the basics—like patch management. This month, Microsoft, Fortinet, and Ivanti collectively released patches for over 120 vulnerabilities. No zero-days were reported in this cycle, but the sheer volume and severity of these flaws highlight a persistent truth: unpatched systems remain one of the most common entry points for attackers. Security teams should treat these updates as urgent, especially for internet-facing assets and critical infrastructure. Rapid patching reduces the window of exposure, but it’s only part of the equation.Even in well-patched environments, attackers are finding new ways in. Take the BitUnlocker downgrade attack, for example. Researchers have demonstrated that Windows 11 disk encryption—BitLocker—can be bypassed in under five minutes by exploiting downgrade vulnerabilities. If an attacker gains physical access to a device, or can leverage certain remote management flaws, encrypted data can be exposed. For organizations relying on BitLocker, it’s time to review deployment configurations, monitor for related advisories, and consider additional layers of protection for sensitive endpoints.Supply chain risk is another area that’s drawing increasing scrutiny. The recent emergence of the Mini Shai-Hulud worm is a case in point. This worm has compromised several widely used open-source packages, including TanStack, Mistral AI, and Guardrails AI. The implications are serious: any application or AI model that depends on these packages could be at risk of downstream compromise. It’s a reminder that your security is only as strong as the weakest link in your software supply chain. Security leaders should take stock of their dependencies, monitor for indicators of compromise, and build security controls into their development pipelines.Let’s talk about the human element—specifically, the challenge of identity and credential governance. A new report finds that 74% of UK businesses suffered at least three identity breaches in the past year. The main culp

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptToday’s cyber and AI risk landscape is in a state of rapid transformation, with the convergence of artificial intelligence and cybersecurity fundamentally changing the threat environment. The pace, scale, and sophistication of attacks have all accelerated, and the risks are no longer just technical—they’re strategic, impacting trust, compliance, and the resilience of entire organizations.Let’s start by looking at the major trends shaping the risk environment right now. First, we’re seeing a surge in supply chain attacks, with both open-source and enterprise software ecosystems being targeted. Attackers are leveraging vulnerabilities in software distribution channels, injecting malicious code into widely used packages and tools. This is raising serious concerns about the integrity of development pipelines and the software that organizations rely on every day.At the same time, AI is playing a dual role. On one hand, it’s accelerating the speed and effectiveness of attacks—ransomware, for example, is becoming more automated and evasive thanks to AI. On the other hand, AI is also enhancing defense, enabling earlier detection of threats and supporting more robust governance frameworks. This arms race is intensifying, and the window for defenders to respond is shrinking fast.Regulatory and ethical scrutiny is also on the rise, especially as AI systems are deployed for surveillance and autonomous decision-making. Organizations are under increasing pressure to ensure transparency, security, and compliance—not just in their own operations, but across their entire supply chains and partner networks.Let’s dive into the top stories and what they mean for security leaders and risk executives.First up, a critical vulnerability in cPanel—tracked as CVE-2026-41940—is being actively exploited in the wild. Attackers are using this flaw to deploy the Filemanager backdoor, which gives them persistent access and control over compromised servers. cPanel is a widely used web hosting platform, making it a high-value target. The exploit highlights the ongoing risks posed by unpatched environments and the attractiveness of popular platforms to threat actors. For organizations, this underscores the need for immediate patching, continuous monitoring, and a careful review of third-party hosting providers’ security postures. If you’re running cPanel in your environment or relying on a hosting provider that does, now is the time to act—don’t wait for the next scheduled maintenance window.Next, we’re seeing a fresh wave of supply chain attacks impacting some major players: TanStack, Mistral AI, and UiPath. Attackers have managed to compromise software distribution channels, injecting malicious code into both open-source and enterprise software ecosystems. This incident is a wake-up call for anyone relying on third-party code or development tools. It’s not enough to trust that a package or framework is safe just because it’s widely used or has an active community. Rigorous supply chain risk management is essential, including enhanced code provenance verification and regular audits of dependencies. The integrity of your software supply chain is only as strong as its weakest link.Building on that, Microsoft has issued a warning about the compromise of the MistralAI PyPI package. This package was altered to include malicious code, potentially impacting any organization that relies on it. The risk here isn’t just theoretical—if you’ve pulled that package into your environment, you could be exposed to data exfiltration or further compromise. Security teams should be auditing their dependencies, monitoring for anomalous package behavior, and ensuring that incident response plans are ready to go. The key takeaway: don’t assume that your dependenc

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptToday’s cyber and AI risk environment is evolving at a pace that challenges even the most prepared organizations. We’re seeing a surge in both technical exploits and governance dilemmas, with multiple zero-day vulnerabilities under active attack and a wave of high-profile breaches making headlines. At the same time, the rapid integration of artificial intelligence into enterprise and physical security systems is creating new opportunities—but also introducing new risks. Global regulators and industry leaders are emphasizing the need for stronger governance, more robust identity controls, and, crucially, human oversight.Let’s start with the most urgent technical threat on the radar: the Ivanti Endpoint Manager Mobile, or EPMM, zero-day vulnerability. The Cybersecurity and Infrastructure Security Agency, CISA, has issued an emergency directive requiring all federal agencies to patch this critical flaw—tracked as CVE-2026-6973—within just four days. This is a direct response to reports of active exploitation in the wild, where attackers are leveraging the vulnerability to gain unauthorized access to sensitive systems. The urgency of CISA’s directive highlights a broader truth: rapid vulnerability management isn’t just a best practice, it’s now a baseline requirement for resilience.If you’re in the private sector, don’t assume this is just a government problem. Ivanti’s EPMM is widely deployed across industries, and attackers are opportunistic. Security leaders need to assess their organization’s exposure immediately, prioritize patching, and accelerate patch cycles. Delays in remediation can open the door to lateral movement, data exfiltration, and even ransomware. The lesson here is clear: in today’s environment, the window between vulnerability disclosure and exploitation is shrinking. Organizations that can’t keep up with rapid patching are at heightened risk.Now, let’s turn to the Trellix breach, which underscores a different but equally significant risk: the security of security vendors themselves. The ransomware group RansomHouse claims to have breached Trellix and accessed portions of the company’s source code. This is a sobering reminder that even the companies building the tools we rely on for defense are not immune to compromise. When a security vendor is breached, the downstream risk extends to every customer using their products. Exposure of source code can facilitate further exploits, enable attackers to identify new vulnerabilities, or even launch supply chain attacks.For CISOs and security teams, this means monitoring for vendor advisories is critical. Don’t just assume your tools are safe because they come from a reputable provider. Consider additional controls around third-party software, and be ready to respond quickly if your vendors are affected. Supply chain security is no longer a theoretical risk—it’s an operational reality.Moving to cloud and container environments, we’re seeing a new wave of sophisticated malware campaigns. A modular remote access trojan, or RAT, is currently targeting cloud credentials and capturing screenshots, while the PCPJack worm is actively going after Docker, Kubernetes, Redis, and MongoDB deployments, stealing credentials wherever it can. These attacks highlight a growing trend: adversaries are getting smarter about targeting cloud-native and containerized environments, which often have complex configurations and, sometimes, overlooked security gaps.If your organization relies on these platforms, it’s time to review your segmentation strategies, credential management policies, and monitoring capabilities. Segmentation can limit the blast radius of an attack, strong credential management reduces the risk of compromise, and robust monitoring helps detect anomalous acti

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptToday’s cyber and AI risk environment is defined by a mix of persistent vulnerabilities, evolving attack techniques, and the accelerating integration of artificial intelligence into business operations. The stakes are high for organizations across sectors, as attackers—especially state-sponsored groups—continue to exploit weaknesses in critical infrastructure, identity systems, and supply chains. At the same time, the convergence of AI and cybersecurity is reshaping both the threat landscape and the governance models required to manage risk.Let’s start with one of the most significant developments: the exploitation of a zero-day vulnerability in Palo Alto Networks firewalls. For almost a month before the issue was publicly disclosed, state-sponsored threat actors had been actively targeting this flaw. The vulnerability allowed attackers to gain root access to affected devices, effectively giving them the keys to the kingdom for organizations that rely on these firewalls as a primary line of defense.This incident is a stark reminder of how quickly adversaries can move—and how critical it is for organizations to have rapid patch management processes in place. When perimeter devices are compromised, the potential impact can cascade across entire networks, putting sensitive data and operations at risk. Continuous monitoring, robust network segmentation, and a layered defense strategy are essential to limit exposure and contain the blast radius when, not if, vulnerabilities are exploited.The Palo Alto Networks case also highlights the importance of timely threat intelligence sharing. Organizations that were plugged into active threat feeds or maintained close relationships with vendors and peer groups were better positioned to respond quickly. But even with the best information, the window between vulnerability discovery and exploitation is shrinking. This means that patching can no longer be a quarterly or even monthly exercise for critical infrastructure—it needs to be as close to real-time as possible.Moving from infrastructure to identity, another key development centers on Azure Active Directory Conditional Access. Researchers recently identified a method to bypass these policies by registering phantom devices and abusing Primary Refresh Tokens, or PRTs. This technique allows attackers to circumvent multi-factor authentication and gain unauthorized access to cloud resources.The implications here are significant. Many organizations rely on Conditional Access as a cornerstone of their cloud security posture, assuming that device compliance and MFA are sufficient barriers. But this new bypass method shows that attackers are finding creative ways to exploit gaps in device registration and token management.To address this, organizations need to strengthen device management processes, monitor for unusual or unauthorized device registrations, and regularly review their Conditional Access configurations. It’s also a good time to revisit assumptions about identity security—especially as AI-driven attacks become more sophisticated and capable of mimicking legitimate user behavior.Supply chain risk is another area that continues to generate headlines. Panorama Studios International recently disclosed a cybersecurity incident at a third-party service provider. While the details are still emerging, the incident underscores a hard truth: even if your own defenses are strong, your exposure is only as limited as the weakest link in your supply chain.Third-party breaches can lead to data exposure, operational disruption, and reputational damage. This is why robust third-party risk assessments, contractual security requirements, and incident response plans that include vendors are no longer optional—they’re essential.

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptToday’s cyber and AI risk landscape is defined by rapid change, persistent threats, and a growing convergence between traditional cybersecurity and artificial intelligence. As we look at the state of play right now, it’s clear that organizations face a complex mix of technical vulnerabilities, regulatory pressures, and operational challenges—many of which are being amplified by the explosive growth of AI in both attack and defense.Let’s start with the most urgent development: a critical zero-day vulnerability in Palo Alto Networks firewalls, tracked as CVE-2026-0300. This is a root-level remote code execution flaw in PAN-OS, and it’s being actively exploited in the wild. What makes this particularly dangerous is that attackers don’t need to authenticate—meaning they can execute arbitrary code on affected firewalls from anywhere. For organizations relying on Palo Alto firewalls to secure their network perimeters, this is a severe risk.Palo Alto Networks is planning to release patches starting May 13, but that’s still several days away. In the meantime, organizations are being urged to implement all available mitigations immediately. This situation highlights the ongoing need for rapid vulnerability management and continuous monitoring of perimeter devices. If you’re responsible for security operations, now is the time to double-check your exposure, ensure temporary mitigations are in place, and prepare for urgent patch deployment as soon as updates become available.This incident isn’t happening in isolation. Just this week, a Department of Defense contractor was exposed by a zero-authentication flaw that enabled cross-tenant data access in a multi-tenant cloud environment. Attackers, in this case, could potentially access sensitive data across organizational boundaries—without proper authentication. This is a stark reminder of the risks inherent in shared cloud architectures and the critical importance of rigorous identity and access management.Multi-tenancy is a core feature of many modern cloud services, but it also introduces new attack surfaces. When authentication controls fail, the blast radius can be significant—potentially exposing data from multiple customers or business units. For security leaders, this means prioritizing not only strong authentication and authorization controls but also continuous monitoring for anomalous access patterns that might indicate cross-tenant compromise.The risks aren’t limited to digital assets. In Taiwan, a sophisticated radio signal spoofing attack disrupted the country’s high-speed rail network. Attackers manipulated train control signals, forcing emergency stops and halting three trains. This is a textbook example of a cyber-physical exploit—where digital manipulation leads to real-world disruption. For organizations operating critical infrastructure, this event underscores the need to prioritize operational technology security and robust incident response planning.OT environments, such as rail networks, power grids, and manufacturing plants, often have unique security challenges. Legacy systems, proprietary protocols, and a lack of segmentation can make these environments particularly vulnerable to targeted attacks. The Taiwan incident should serve as a wake-up call: cyber-physical risks are not theoretical. They can—and do—result in tangible disruption, safety concerns, and reputational damage.Turning to AI, the landscape is evolving at a breakneck pace. A recent report from Gigamon found that AI was implicated in 83% of recent security breaches. In other words, the vast majority of breaches now involve AI—either as a tool used by attackers or as a factor in defensive gaps. This is a dramatic shift from even a year ago. Attackers are leveraging AI to automate rec

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptToday’s briefing focuses on the accelerating convergence of artificial intelligence and cyber risk, a trend that’s reshaping the threat landscape for organizations of all sizes and sectors. As AI adoption surges, the gap between implementation and effective governance is widening, exposing enterprises to new and often unanticipated risks. Meanwhile, cybercriminals are scaling up their operations, leveraging automation and machine-speed attacks to exploit vulnerabilities faster than ever before. Let’s break down the most pressing developments, their practical implications, and what risk leaders should prioritize right now.Let’s start with the big picture: AI is being integrated into business processes at a remarkable pace. According to new research from ISACA, organizations across industries are rapidly deploying AI solutions, but they’re struggling to keep up when it comes to governance and measuring return on investment. This disconnect is more than just an operational headache—it’s a direct risk amplifier. When AI systems are rolled out without clear oversight, organizations face increased exposure to issues like data leakage, algorithmic bias, and a growing list of regulatory compliance challenges.For risk executives, this means that AI governance can’t be an afterthought. Frameworks need to be established up front, and they should be tightly aligned with business objectives and the organization’s risk appetite. Without this alignment, the benefits of AI can be quickly overshadowed by the costs of unmanaged risk. The message from ISACA’s research is clear: prioritizing AI governance isn’t just about checking a box for compliance—it’s about ensuring that AI investments actually deliver value without opening the door to new vulnerabilities.Building on that, Infosecurity Magazine is highlighting a related concern: the speed of AI deployment is outpacing the development of safety and security policies. In other words, organizations are racing to implement AI, but they’re not putting the necessary controls in place to manage the associated risks. This is especially concerning as AI becomes embedded in critical business operations, from customer service to supply chain management and beyond.For CISOs and security leaders, the takeaway is straightforward: it’s time to accelerate the development and enforcement of AI-specific security controls. That includes updating incident response plans to account for AI-driven threats and ensuring that teams are trained to recognize and respond to incidents involving autonomous or semi-autonomous systems. The risks aren’t hypothetical—without robust policies, organizations are leaving themselves exposed to data breaches, manipulation of AI outputs, and even the possibility of AI systems being co-opted by malicious actors.Now, let’s turn to the threat landscape itself, which remains highly active and increasingly automated. Fortinet is sounding the alarm on what they describe as “industrial scale” cybercrime. Attackers are now operating at machine speed, using automation to continuously scan for and exploit vulnerabilities. This shift means that the traditional, manual approaches to threat detection and response are no longer sufficient. Organizations with slow patching cycles or limited monitoring capabilities are at particular risk, as attackers can now identify and exploit weaknesses within hours—or even minutes—of a vulnerability being disclosed.To keep pace, security leaders need to invest in automation, not just for offense but for defense. That means deploying automated patch management, real-time threat intelligence, and continuous monitoring solutions that can match the speed of adversaries. It’s also about building a culture of agility within security teams—empowering the

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptToday’s cyber and AI risk landscape is shaped by two converging forces: a surge in critical vulnerabilities across core infrastructure, and the rapid evolution of AI-driven threats and governance challenges. We’re seeing zero-day exploits in foundational platforms like the Linux kernel and cPanel, with active targeting of government and military systems. At the same time, the adoption of AI across enterprises is introducing new risks around data, identity, and autonomy—risks that traditional security models are struggling to keep up with.Let’s break down the most pressing developments and what they mean for security leaders and organizations navigating this complex environment.First, the Linux kernel zero-day vulnerability. CISA has issued an alert on a flaw that’s being actively exploited in the wild. This isn’t just another patch cycle—this vulnerability enables privilege escalation and remote code execution, which means attackers can gain deep access to Linux-based systems. Given Linux’s prevalence in everything from servers to cloud infrastructure, the risk is broad and immediate. Organizations relying on Linux should treat this as a top priority: patch now, and ensure your vulnerability management processes are continuous and adaptive. This is a textbook example of why real-time threat intelligence and rapid response capabilities are essential. If you’re not already monitoring for signs of exploitation or lateral movement, now is the time to start.Closely related is the critical cPanel and WHM vulnerability. This one’s particularly concerning because it’s not just theoretical—there are confirmed compromises of government and military servers. Attackers are exploiting this flaw to gain unauthorized access, potentially exfiltrating sensitive data. CISA’s alert underscores the urgency here. If your organization uses cPanel, especially in high-value or regulated environments, you need to review your exposure, apply patches immediately, and monitor for any signs of compromise. This incident also serves as a reminder: administrative interfaces are high-value targets, and they require the same level of scrutiny and protection as your core business systems.Moving to file transfer platforms, MOVEit is facing critical vulnerabilities that allow for authentication bypass. These flaws are being actively targeted, raising the risk of both data theft and ransomware attacks. MOVEit is widely used for secure file transfers, often handling sensitive or regulated data. The practical implication? Security teams need to expedite patching, review access logs for any suspicious activity, and reassess the third-party risk associated with these platforms. Don’t assume your file transfer solution is secure by default—regularly validate configurations and monitor for signs of abuse.Supply chain attacks are also evolving. Threat actors have hijacked SAP npm packages, using them to steal developer credentials and secrets. This is a classic supply chain compromise, but it’s targeting the software development pipeline itself. The risk here is twofold: not only can attackers gain access to sensitive internal systems, but they can also potentially insert malicious code into downstream applications. For CISOs, this means it’s time to double down on monitoring package repositories, enforcing least privilege for developer credentials, and implementing automated scanning for malicious code in dependencies. The days of trusting upstream packages without verification are over.On the law enforcement front, the Department of Justice has sentenced two Americans involved in ALPHV, also known as BlackCat, ransomware operations. While this is a positive step, it doesn’t mean the ransomware threat is going away. In fact, ransomware groups are highly res

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptToday’s cyber and AI risk landscape is shaped by two powerful and converging forces: the relentless exploitation of critical software vulnerabilities, and the rapid, sometimes unchecked, adoption of artificial intelligence across every sector. The risks are immediate and evolving, and the stakes are higher than ever. In this briefing, we’ll break down the most pressing threats, explore the latest regulatory and industry responses, and highlight what risk leaders need to do now to stay ahead.Let’s start with the cyber front, where attackers continue to exploit zero-day vulnerabilities in widely used platforms. The most urgent case right now is a critical authentication bypass vulnerability in cPanel & WHM. For context, cPanel is one of the most popular web hosting control panels, powering millions of websites and applications globally. This particular vulnerability allowed attackers to gain unauthorized access to administrative functions—essentially giving them the keys to the kingdom. What’s especially concerning is that this flaw was exploited as a zero-day for several months before it was publicly disclosed and patched.Proof-of-concept code is now available, making it even easier for opportunistic attackers to target unpatched systems. Active exploitation is ongoing. For organizations relying on cPanel, the implications are severe: data breaches, service disruptions, and the potential for widespread compromise. The immediate takeaway is clear—patching cannot wait. Security leaders must move quickly to apply available updates and, just as importantly, review access logs for any signs of compromise. Delayed response at this stage could mean the difference between a contained incident and a full-blown breach.A similar story is unfolding with ASUSTOR ADM, the operating system behind ASUSTOR’s network-attached storage devices. A proof-of-concept exploit for a critical remote code execution vulnerability has been released, allowing attackers to gain root access. For organizations using these NAS devices—often as central repositories for sensitive data—this is a direct path to full system compromise and data exfiltration. The risk is especially high for devices exposed to the internet.Here, too, the guidance is straightforward but urgent: patch immediately, and if possible, segment these devices from the broader network to limit exposure. For any internet-facing NAS, consider additional monitoring and, if feasible, restrict access to trusted IPs only. These incidents reinforce a hard truth: zero-days are not rare events, and attackers move quickly. Continuous vulnerability management and rapid incident response are not optional—they’re foundational to resilience.Shifting to the AI landscape, we’re seeing a dramatic acceleration in adoption, but the governance and compliance frameworks needed to manage AI risk are lagging behind. Senior industry leaders are sounding the alarm about a critical shortfall in AI compliance. Many organizations, especially outside of the tech sector, simply don’t have robust frameworks in place to ensure responsible AI deployment. The absence of clear ownership and governance structures creates a perfect storm for regulatory breaches, ethical lapses, and reputational harm.This isn’t just a theoretical concern. Australia’s financial regulator recently issued a stark warning to banks about the risks posed by ungoverned AI systems. The message: without robust oversight and governance, AI-driven decision-making can lead to systemic failures and regulatory non-compliance. The financial sector is often the canary in the coal mine for emerging risks, and this warning should resonate across industries. If you’re a risk leader in financial services—or any sector rapidly integrating AI—the time to

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptThe cyber and AI risk landscape is evolving at a pace that’s challenging even the most prepared organizations. Today, we’re seeing a rapid escalation in both the sophistication and industrialization of cyber threats, with artificial intelligence now playing a central role on both sides of the equation. AI is empowering defenders, but it’s also giving attackers unprecedented capabilities to automate, scale, and innovate their tactics.Europol’s latest Internet Organised Crime Threat Assessment, or IOCTA, is a stark reminder of how quickly the threat environment is changing. The report highlights a significant shift toward industrialized cybercrime, where AI isn’t just a tool—it’s a core enabler. Threat actors are using AI to automate everything from reconnaissance and phishing to malware development. This means attacks are not only faster, but they’re also more scalable and harder to detect using traditional methods.For security leaders, this is a call to action. The old playbook—relying on static defenses and manual processes—isn’t enough. Threat models need to be reassessed, and organizations must invest in AI-driven defensive capabilities. This includes advanced threat intelligence, automated detection, and response systems that can keep pace with adversaries who are leveraging AI at every stage of the attack lifecycle.Let’s talk about some of the specific threats making headlines right now. The Cybersecurity and Infrastructure Security Agency, or CISA, has issued an immediate directive for federal agencies to patch critical vulnerabilities in Windows and ConnectWise platforms. These aren’t hypothetical risks—these are zero-day vulnerabilities that are actively being exploited in the wild. They’ve been added to CISA’s Known Exploited Vulnerabilities catalog, which means attackers are already using them to compromise systems.This isn’t just a government problem. These vulnerabilities are likely to be targeted broadly, affecting organizations across sectors. The lesson here is simple: patch management is not optional. It’s foundational. Organizations need to prioritize patching, monitor for signs of compromise, and ensure they have robust processes in place to respond quickly when new vulnerabilities are disclosed.Another development to watch is the emergence of VECT 2.0, a new ransomware strain that’s targeting multiple operating systems. Unlike earlier generations of ransomware that focused mainly on Windows, VECT 2.0 has cross-platform capabilities. It can hit Windows, Linux, and macOS environments, which is a big concern for organizations with diverse IT infrastructures. This raises the stakes for endpoint protection. Security teams should review their coverage across all operating systems and double down on backup and recovery processes. With ransomware, the ability to restore systems quickly can mean the difference between a minor incident and a business-crippling event.But the technical threats are only half the story. There’s a growing recognition of what’s being called the “last-mile” problem in AI security. As AI systems become more autonomous—what we refer to as agentic AI—they’re increasingly making decisions and taking actions without direct human oversight. Traditional identity and access management, or IAM, solutions were designed for users and static applications. They’re simply not equipped to handle the unique risks posed by AI agents that can act independently, sometimes outside of predefined workflows.This gap in controls exposes organizations to new attack vectors and compliance risks. Imagine an AI agent that’s authorized to access sensitive data, but then starts making decisions or sharing information in ways that weren’t anticipated. Legacy IAM can’t effectively govern or contain thes

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptToday’s cyber and AI risk landscape is defined by rapid change, persistent threats, and a growing gap between innovation and governance. Across industries, organizations are accelerating their adoption of AI, integrating it into business processes, customer engagement, and even critical infrastructure. Yet, as these technologies proliferate, so do the risks—many of which remain hidden beneath the surface.Let’s start with a stark statistic from a recent Lenovo study: 70% of enterprise AI is currently uncontrolled. What does “uncontrolled” mean in this context? Essentially, these are AI systems and tools operating outside of formal governance frameworks. They might be embedded in third-party applications, spun up by business units without IT involvement, or even integrated by employees through shadow IT. The implications are significant. Without oversight, these AI assets can introduce data leakage risks, compliance violations, and operational inefficiencies. They can also drive up costs and slow down return on investment, as organizations struggle to manage and optimize what they can’t see.For security and risk leaders, this is a call to action. Inventorying and monitoring all AI assets—whether internally developed, purchased, or hidden within third-party tools—must become a top priority. If organizations fail to address uncontrolled AI, they risk regulatory penalties, reputational damage, and the loss of trust among customers and partners. The message is clear: you can’t secure what you don’t know exists.While organizations grapple with hidden AI, threat actors are evolving their tactics as well. One recent example is the Silver Fox malware campaign. This campaign stands out for its use of highly convincing phishing emails, masquerading as tax audit alerts or urgent software updates. The attackers are leveraging social engineering to bypass traditional email defenses, luring both individuals and organizations into downloading malicious payloads. The sophistication of these lures means that even well-trained users can be caught off guard.The practical takeaway here is twofold. First, user awareness training remains essential, but it must be ongoing and adaptive to new threat vectors. Second, technical controls—such as advanced email filtering and rapid incident response capabilities—are critical to containing the damage when, inevitably, someone clicks. Silver Fox is a reminder that phishing campaigns continue to be a primary entry point for attackers, and that layered defenses are more important than ever.But phishing isn’t the only game in town. Attackers are also exploiting technical vulnerabilities at a rapid pace. A newly discovered zero-click vulnerability in Windows, for example, allows attackers to bypass Microsoft Defender SmartScreen protections without any user interaction. This means malware can be delivered simply by visiting a compromised website or opening a malicious file—no clicks required. The risk of drive-by infections and targeted attacks increases significantly in this scenario.For organizations, the response must be proactive. Patch management is critical—vulnerabilities like this are often exploited within days of disclosure. Monitoring for suspicious activity at the endpoint level, and deploying layered defenses that go beyond a single security control, can help reduce exposure to zero-day threats. The reality is that attackers are always looking for the path of least resistance, and zero-click exploits are among the most dangerous tools in their arsenal.Visibility is a recurring theme in today’s risk environment, and it’s not just a technical issue. Recent research shows that two-thirds of UK organizations lack visibility into what their staff are sharing with AI systems. With the w

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptThe risk landscape in cybersecurity and artificial intelligence is evolving at a pace that few could have predicted even a few years ago. Today, we’re seeing AI move from the periphery of security operations to the very heart of core infrastructure, especially in sectors like banking, financial services, and insurance. At the same time, the emergence of agentic AI—systems capable of making autonomous decisions—has fundamentally changed both the opportunities and the risks organizations face.Let’s start with the big picture. AI-driven security platforms are no longer just static tools that alert analysts to suspicious activity; they’re becoming self-learning, adaptive systems that form the backbone of cyber defense. Nowhere is this more apparent than in the BFSI sector. Here, the stakes are high, and the threat landscape is constantly shifting. These organizations are leveraging AI to enable real-time threat detection and adaptive response, which is critical when milliseconds can mean the difference between a contained incident and a full-blown breach.But this rapid adoption of AI brings new challenges. The complexity of these systems introduces fresh governance and operational risks. For security leaders, the imperative is to balance the undeniable benefits of innovation with the need for rigorous oversight. AI systems must remain aligned with an organization’s risk appetite and, crucially, with regulatory requirements that are themselves evolving in response to this new technology. The question isn’t just, “Can we do this?” but, “Should we—and how do we do it safely?”That brings us to agentic AI. These are systems that don’t just follow rules—they make decisions, sometimes in real time, and sometimes without direct human input. The promise is clear: agentic AI can help organizations respond faster and more effectively to threats. But the risks are equally significant. Unintended actions, compliance breaches, and the potential for AI to be manipulated or to make mistakes all demand a new level of vigilance.Security leaders are being advised to adopt robust frameworks for the safe deployment of agentic AI. This means continuous monitoring, ensuring a human is in the loop for critical decisions, and having clear escalation protocols when something unexpected happens. It’s not enough to set these systems loose and hope for the best. New policies, updated training, and a culture of accountability are essential to managing the unique risks that agentic AI brings to the table.The reality is that adversaries are not standing still. In fact, they’re moving faster than ever, leveraging AI to accelerate the pace and sophistication of their attacks. This is forcing defenders to operate at the same speed. The days of manual, reactive security operations are numbered. Instead, we’re seeing a surge in investment in automation, AI-driven security operations centers, and real-time analytics. For CISOs, the challenge is to evaluate where automation and AI can close the gap and to ensure that their teams are equipped to keep up with increasingly fast-moving threats.But as we race to keep up, we can’t lose sight of the basics. Critical vulnerabilities continue to surface, and sometimes the solutions aren’t as complete as we’d like. Take, for example, the recent Windows patch that was found to be incomplete. This left systems exposed to zero-click exploits—attacks that require no user interaction and can result in widespread compromise. The lesson here is clear: patch management isn’t just about applying updates; it’s about validating them, monitoring for exploit activity, and implementing compensating controls when necessary. Security teams need to stay vigilant, especially when the stakes are this high.Another case in point:

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptToday’s cyber and AI risk landscape is a complex and shifting terrain. We’re seeing a convergence of persistent technical threats—like high-profile breaches and deep-seated vulnerabilities—with a new wave of governance challenges brought on by rapid AI adoption. The headlines are clear: attackers are getting bolder, and organizations are being forced to rethink not just their technical defenses, but the very ways they govern technology and risk.Let’s break down what matters most today, starting with a look at some of the most significant incidents and trends shaping our risk environment.First, a major incident at a US federal agency has captured attention across the security community. Attackers managed to infect a Cisco firewall with a backdoor known as ‘Firestarter’. This isn’t just another malware case—this is a persistent backdoor planted in a piece of critical infrastructure, giving adversaries ongoing access to sensitive government networks. It’s a stark reminder that even the most robust organizations can fall victim to sophisticated supply chain and infrastructure attacks. For security leaders, this underscores the need for continuous monitoring, rapid incident response, and, crucially, rigorous patch management—especially for network appliances that are exposed to the internet or handle sensitive data. The lesson here is clear: if you’re not treating your network hardware as a frontline asset, you’re leaving the door open.Shifting gears, let’s talk about the SaaS landscape. Udemy, a major online learning platform, has reportedly suffered a breach affecting 1.4 million user records. The hacking group ShinyHunters claims responsibility, and while investigations are ongoing, it’s a reminder of the persistent threat to SaaS platforms and the value of user data to cybercriminals. For organizations that rely on third-party SaaS providers, this is another wake-up call to review your third-party risk management practices. Are you enforcing strong authentication for SaaS integrations? Are you monitoring for suspicious activity? And, just as importantly, are you communicating transparently with stakeholders when incidents occur? The reputational and regulatory fallout from these breaches can be significant, so preparation and transparency are key.Now, let’s turn to the AI front. The rapid deployment of AI and autonomous agents is exposing some old, familiar cracks in our security foundations. A senior executive at Mandiant recently warned that the current “AI rush” is causing organizations to repeat historical cybersecurity mistakes—things like skipping risk assessments, failing to implement adequate controls, and moving ahead without mature governance. The result? Increased risk of data leakage, model manipulation, and regulatory non-compliance. If you’re involved in AI initiatives, it’s time to ensure these projects are subject to the same rigorous risk management and oversight as any other critical technology. Don’t let the pace of innovation outstrip your ability to manage risk.Speaking of vulnerabilities, attackers are actively exploiting known, or “N-day,” flaws in Cisco Firepower devices to gain unauthorized access. This trend is particularly concerning because these are vulnerabilities that have already been disclosed—patches are available, but organizations are lagging in applying them. It’s a classic case of attackers moving faster than defenders. For CISOs, this highlights the need to prioritize vulnerability management for network security devices and ensure that vendor patches are applied in a timely fashion. The window between disclosure and exploitation is shrinking, and complacency can be costly.As AI agents become more autonomous, we’re seeing the emergence of what experts are calling a “delegation

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to today’s briefing on the evolving landscape of cyber and AI risk. Over the next several minutes, we’re going to break down the most pressing developments shaping how organizations must think about security, governance, and resilience in 2026. Whether you’re a CISO, a risk executive, or a technology leader, the implications of these trends are immediate and far-reaching.Let’s start with the big picture. Right now, we’re seeing a convergence of threats at the intersection of artificial intelligence, supply chain security, and cloud environments. The rise of autonomous, AI-driven cyber threats is fundamentally changing the game. Attackers are leveraging advanced automation and generative AI to increase both the scale and sophistication of their campaigns. Meanwhile, many organizations are still struggling to close persistent gaps in AI governance, even as awareness of these risks grows.Supply chain and identity-based attacks remain a constant concern, and the latest incidents show that adversaries are adapting quickly. Zero-day vulnerabilities and active exploitation are also on the rise, underscoring the need for organizations to move faster in patch management and proactive defense. All of these trends are converging to create a risk environment where trust, governance, and resilience are more critical than ever.For risk executives, the takeaways are clear: it’s time to accelerate the maturity of AI governance frameworks, strengthen supply chain and identity controls, and ensure your organization can respond rapidly to emerging vulnerabilities. The trust barrier—both in technology and governance—remains a central challenge, demanding a holistic approach that integrates technical, operational, and strategic risk management.Let’s dig into the top developments shaping today’s cyber and AI risk landscape.First, Anthropic’s Mythos is getting a lot of attention as a harbinger of a new era in cyber threats. What’s significant about Mythos is its ability to operate as an autonomous AI agent—independently identifying, exploiting, and adapting to vulnerabilities at machine speed. This isn’t just a step change in attack automation; it’s a leap. Traditional security controls may simply not be able to keep up with the speed and creativity of AI-driven attacks. For CISOs, this means it’s time to reassess your AI risk management strategies. Focus on detection, containment, and response capabilities that can match or exceed the agility of adversarial AI. The key is not just to react, but to anticipate and adapt.Next, let’s talk about supply chain security. The recent compromise of Namastex npm packages by the CanisterWorm malware is a stark reminder of the persistent risks posed by third-party software dependencies. In the open-source ecosystem, where code is shared and reused widely, a single compromised package can have downstream effects across thousands of organizations. For security leaders, the practical implication is clear: continuous monitoring, rigorous validation of software components, and robust supply chain security controls are non-negotiable. It’s not enough to trust the ecosystem; you have to verify every component.On the vulnerability front, the Cybersecurity and Infrastructure Security Agency—CISA—has issued a mandate for federal agencies to immediately patch the BlueHammer vulnerability, which is being actively exploited as a zero-day. This is a classic example of how unpatched vulnerabilities can quickly become a vector for widespread compromise. For CISOs, visibility into affected assets and the ability to deploy patches or mitigations swiftly are essential. Rapid patch management isn’t just a best practice—it’s a critical line of defense.Now, even as awareness of AI risks grows, there

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to today’s discussion on the evolving landscape of cyber and AI risk. Over the next several minutes, we’ll break down the most pressing vulnerabilities, shifts in AI security, and what these mean for organizations navigating digital transformation in 2026. Whether you’re a security leader, a risk manager, or simply someone interested in the intersection of technology and business, there’s a lot to unpack.Let’s start with the big picture. The cyber and AI risk environment right now is characterized by a surge in critical vulnerabilities, especially those affecting the very core of enterprise infrastructure. At the same time, we’re seeing rapid advancements in AI-driven security tools, but governance and oversight are struggling to keep up. The result? Organizations are facing a dual challenge: patching and defending against increasingly sophisticated threats, while also trying to responsibly scale their AI deployments.According to the latest Stanford AI Index, security has now overtaken data quality and talent shortages as the number one barrier to AI adoption and scaling. This is a significant shift. It means that, for most organizations, the question isn’t just about what AI can do, but how to do it securely, reliably, and in a way that meets regulatory expectations. Both public and private sectors are responding, with new initiatives focused on AI agent oversight, integrated defense strategies, and governance frameworks tailored specifically for agentic AI—those systems capable of autonomous action.But as AI capabilities continue to advance—think of new benchmarks like the recently previewed Claude Mythos—we’re confronted with fresh questions about data security, compliance, and the evolving responsibilities of security leaders, especially the CISO. The convergence of these trends demands a proactive, adaptive approach. Immediate attention to patch management, identity controls, and AI governance isn’t just recommended—it’s essential.Let’s dive into the top items shaping today’s risk landscape.First up, a newly disclosed vulnerability in Bamboo Data Center and Server products is making waves. This is a critical issue: attackers can exploit this vulnerability to execute command injection attacks, potentially gaining full control over affected systems. For organizations using Bamboo to manage CI/CD pipelines or automate infrastructure, the risk is particularly acute. An attacker who gains a foothold here can pivot deeper into enterprise networks, compromising not just the Bamboo server, but potentially a wide swath of connected systems. The practical takeaway is clear—if you’re running Bamboo, immediate patching is non-negotiable. Review your exposed instances, check for any signs of compromise, and ensure that lateral movement is contained.Next, let’s talk about Progress Software and a recently patched vulnerability tracked as CVE-2026-21876. This flaw allowed attackers to bypass web application firewall protections, essentially rendering a key layer of security ineffective. What’s especially concerning about this class of vulnerability is that it targets the very tools organizations rely on to defend their applications. Security appliances like WAFs are often seen as a last line of defense; when they’re compromised, attackers can exploit backend applications with little resistance. If you’re using Progress Software’s WAF, prioritize patch deployment and take a close look at your logs for any unusual activity—there’s a real possibility that attackers may have exploited this before the patch was released.Moving on, CrowdStrike LogScale has also made headlines due to a vulnerability that allows remote attackers to read arbitrary files from affected servers. For organizations depending on LogScale for

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to today’s cyber and AI risk briefing. I’m Michael Housch, and in the next 15 minutes, we’ll unpack the most pressing developments shaping the risk landscape for CISOs, security leaders, and organizations navigating an increasingly complex digital environment. We’ll cover the latest active threats, emerging attack techniques, and the strategic shifts required to maintain resilience and trust as both cyber and AI risks evolve.Let’s start with the big picture. The cyber threat landscape is moving faster than ever. Attackers are exploiting vulnerabilities in critical infrastructure—often before those vulnerabilities are even publicly disclosed. We’re seeing a marked increase in attacks targeting identity and cloud platforms, and, notably, adversaries are now turning their attention to the very AI security tools designed to protect us. This convergence of threats means that traditional perimeter defenses are no longer enough. Organizations need adaptive, layered controls that address both technical and human risks.Governance, particularly around AI, is emerging as a central pillar of organizational resilience. It’s not just about adopting AI, but about how you govern it—how you measure risk, ensure compliance, and build trust with stakeholders. New metrics and independent assessments are quickly becoming the standard for responsible AI and cyber risk management.With that context, let’s dive into the top items shaping today’s risk environment.First up: CISA has issued an urgent alert regarding a newly discovered SD-WAN vulnerability. This flaw affects Cisco Catalyst SD-WAN Manager, a platform widely used to manage distributed network environments. Attackers are actively exploiting this vulnerability to gain unauthorized access, with the potential to move laterally within enterprise networks. Given how central SD-WAN is to remote connectivity and network segmentation, this is not a theoretical risk—it’s a real and present danger.If your organization relies on SD-WAN, especially Cisco Catalyst, patching should be your top priority. But patching alone isn’t enough. Review your network segmentation policies and monitor for unusual activity around SD-WAN controllers. The goal is to prevent attackers from using this foothold to access sensitive parts of your network. This is a textbook example of how attackers exploit the complexity of modern infrastructure, and why rapid patch management and continuous monitoring are critical.Next, let’s talk about Apache ActiveMQ. There’s a critical vulnerability—CVE-2026-34197—currently being exploited in the wild. Over 6,000 servers are exposed online, giving attackers a broad attack surface. The flaw allows for remote code execution, which can lead to data exfiltration or lateral movement across your environment. What’s striking here is the prevalence of unpatched systems, especially given how widely ActiveMQ is used for messaging and integration.For organizations using ActiveMQ, immediate action is needed. Patch your systems, reduce unnecessary exposure, and review your incident response plans. This is a clear illustration of the challenges organizations face in managing vulnerabilities in open-source components. Attackers are counting on slow patch cycles and overlooked systems—don’t give them that opportunity.Now, a concerning trend: GreyNoise has reported a surge in attacker activity immediately before public vulnerability disclosures. What does this mean? Adversaries are watching for early signals—maybe a researcher’s tweet, a commit in an open-source repo, or a subtle change in vendor documentation. They’re exploiting vulnerabilities before defenders even know what’s coming. This underscores the importance of integrating threat intelligence into your workflow

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptToday, we’re navigating a cyber risk environment that’s more complex than ever. The convergence of escalating cyber threats, rapid AI adoption, and shifting regulatory expectations is reshaping the way organizations approach risk and resilience. If you’re a security leader, a business executive, or just someone interested in the evolving digital landscape, today’s insights are going to be especially relevant.Let’s start with the big picture. Across sectors, we’re seeing innovation outpace oversight, especially where artificial intelligence is involved. The healthcare sector, for instance, is feeling the pressure as AI-driven supply chains become more sophisticated, but the cybersecurity defenses meant to protect them are struggling to keep up. This isn’t just a technical issue—it’s a governance challenge. The gap between what’s possible and what’s protected is widening, and that creates real-world risk.At the same time, we’re witnessing major exploits in decentralized finance, or DeFi, and persistent state-sponsored cyber campaigns. These aren’t isolated incidents. They’re reminders that even as we push forward with new technologies, the fundamentals of risk management—like incident response and supply chain vigilance—are more important than ever.On the AI front, organizations are in a balancing act. There’s enormous potential to drive efficiency and innovation, but that comes with challenges around privacy, data authenticity, and regulatory compliance. New solutions are emerging to help address third-party risk and identity security, but governance is still a moving target. Regulatory frameworks, like the EU AI Act, are starting to take shape, but many organizations are still figuring out how to embed privacy and accountability throughout the AI lifecycle.And we can’t ignore the human element. Reports are surfacing of security professionals being pressured to conceal incidents, and there’s a growing temptation to blame AI for operational failures. These trends reinforce the need for a strong security culture, transparent reporting, and executive-level engagement in risk governance.Let’s dig into some of the most significant developments shaping today’s cyber and AI risk landscape.First up is a major incident in the decentralized finance space. KelpDAO, a prominent DeFi platform, suffered a $292 million exploit. The impact was immediate and severe, causing a significant drop in DeFi’s total value locked. What does this mean for risk leaders? It’s a stark reminder that vulnerabilities in DeFi platforms can have outsized effects, not just on individual organizations, but on the broader ecosystem. The lesson here is clear: continuous monitoring, robust smart contract audits, and well-rehearsed incident response plans are non-negotiable for anyone exposed to crypto and DeFi risks. The pace of innovation in this space is relentless, but so are the attackers.Turning to healthcare, the Healthcare Sector Coordinating Council has issued a warning that should be on every CISO’s radar. AI-driven supply chains are evolving faster than the cybersecurity defenses designed to protect them. This creates a growing risk of supply chain compromise, data breaches, and regulatory non-compliance. For healthcare and adjacent sectors, the call to action is to prioritize supply chain risk assessments, conduct thorough vendor due diligence, and align with emerging oversight frameworks. The complexity of AI-driven supply chains means that traditional security models are no longer sufficient. It’s about building resilience into every link of the chain.State-sponsored cyber campaigns remain a persistent threat. Researchers have linked Iran’s Ministry of Intelligence and Security to a coordinated operation using multiple hacker p

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to today’s cyber and AI risk briefing. The landscape we’re navigating is moving faster than ever, and the convergence of advanced cyber threats with rapid AI innovation is fundamentally changing the way organizations must think about risk. Whether you’re a CISO, a risk executive, or anyone responsible for safeguarding your enterprise, the stakes are rising—and so is the complexity.Let’s start with the big picture. We’re seeing an accelerated arms race between attackers and defenders, fueled by AI-powered tools on both sides. Threat actors are leveraging increasingly sophisticated, autonomous attack methods, while defenders are deploying machine-speed responses and AI-driven analytics. This dynamic is no longer theoretical—it’s playing out in real time, and it’s reshaping the fundamentals of cyber risk management.At the same time, critical vulnerabilities in widely used enterprise platforms continue to be a persistent source of risk. Today, we’ll break down several high-impact flaws in Microsoft’s core offerings—Active Directory, SharePoint, and BitLocker—that are being actively exploited or have the potential for significant damage if left unaddressed. We’ll also look at sector-specific trends, especially the manufacturing sector’s exposure to ransomware, and the evolving tactics attackers are using to weaponize trusted software components and cloud services.On the AI front, we’re witnessing the rollout of specialized cybersecurity large language models, or LLMs, and a broader industry push toward secure AI architectures. These developments offer tremendous opportunity, but they also introduce new risks, from prompt injection attacks to governance challenges around autonomous AI systems.So, what does this all mean for security leaders? The imperative is clear: prioritize rapid patching and vulnerability management, invest in AI-driven defense capabilities, and strengthen governance frameworks to address both traditional and emerging risks. The interplay between AI innovation and adversarial adaptation demands a proactive, strategic approach to resilience.Let’s dive into the top items shaping the risk landscape today.First, a critical vulnerability has been identified in Windows Active Directory. For those unfamiliar, Active Directory is the backbone of authentication and access management in most enterprise environments. This new flaw allows attackers to execute arbitrary malicious code, which is about as serious as it gets. If exploited, attackers could escalate privileges, move laterally across your network, and potentially compromise your entire environment. The practical implication here is simple but urgent: patch immediately. Beyond patching, review your Active Directory monitoring for any signs of anomalous activity. Privilege escalation and lateral movement often leave traces—look for them. This is not a vulnerability you can afford to deprioritize.Next, we have a zero-day vulnerability in Microsoft SharePoint Server that’s being actively exploited in the wild. SharePoint is ubiquitous in enterprise collaboration, and this flaw allows attackers to gain unauthorized access and potentially exfiltrate sensitive data. The risk here is twofold: data confidentiality and data integrity. If you’re running SharePoint, your first step should be to apply any available patches without delay. Restrict external access where possible and review your access controls. The window between disclosure and exploitation is shrinking, so speed is of the essence.Moving on to Windows BitLocker—a tool many organizations rely on to protect data, especially on lost or stolen devices. A newly disclosed vulnerability allows attackers to bypass BitLocker’s encryption protections. This undermines a critical security

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to today’s cyber and AI risk briefing. I’m Michael Housch. Let’s get right into the developments shaping the security landscape right now, because the pace of change—especially with AI and cloud—isn’t slowing down for anyone.Let’s start with the big picture. We’re seeing a convergence of rapid AI innovation, tightening regulatory oversight, and persistent exploitation of vulnerabilities across both cloud and software supply chains. This is creating a dynamic risk environment where security leaders need to be both proactive and adaptive.A central theme today is the emergence of advanced AI agents and models—most notably Anthropic’s new ‘Mythos’ model. This isn’t just another incremental improvement in AI. Mythos has capabilities and a level of autonomy that’s drawing urgent attention from regulators, particularly in the financial sector. Global financial authorities are sounding the alarm, raising concerns about the systemic risks these kinds of autonomous AI models could pose to critical infrastructure and the stability of financial systems.Why does this matter? Well, the financial sector is already one of the most heavily regulated industries when it comes to technology risk. The introduction of highly autonomous AI models like Mythos is a game-changer. These models can make decisions, execute transactions, and interact with other systems at a scale and speed that’s never been possible before. That’s great for efficiency, but it also means that any errors, misuse, or vulnerabilities could cascade rapidly through interconnected systems.Regulators are responding with calls for urgent risk assessments and likely new compliance requirements. If you’re a CISO or risk executive in a regulated sector, this is your cue to review your AI governance frameworks. It’s not just about technical controls anymore—it’s about demonstrating to regulators that you have a handle on how AI is being deployed, monitored, and controlled within your organization.Zooming in on the UK, financial regulators there are scrambling to assess the risks from Anthropic’s Mythos model. Their focus is on three main areas: potential misuse, lack of transparency, and the challenge of aligning AI behavior with regulatory expectations. The message here is clear—be prepared for increased engagement with regulators and anticipate new guidance or even mandates around AI risk management. If your organization is deploying or even experimenting with advanced AI, now is the time to get ahead of these conversations, not wait for the regulator’s letter to land on your desk.While AI is dominating the headlines, attackers haven’t taken their foot off the gas when it comes to exploiting traditional vulnerabilities. In fact, we’re seeing a surge in sophisticated exploits, including the weaponization of developer platforms for phishing. Attackers are now leveraging trusted platforms like GitHub and Jira to deliver phishing payloads. This is a significant shift because these platforms are often implicitly trusted within organizations. Traditional email security controls don’t always inspect messages coming from these tools, which means phishing attempts can slip through the cracks.The practical implication here is that security teams need to expand their monitoring and awareness training. It’s not enough to focus on email—collaboration and development platforms are now in the crosshairs. Make sure your teams understand the risks, and that your technical controls are able to flag suspicious activity, even if it’s coming from a source that’s typically considered safe.Cloud security is another area where risks continue to materialize. Rockstar Games recently suffered a breach at a third-party cloud provider. This isn’t just a story about a high-profi

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to today’s briefing on the evolving landscape of cyber and AI risk. If you’re a security leader, risk executive, or simply someone who wants to stay ahead of the curve, this episode will help you navigate the most pressing issues facing organizations right now. Let’s dive in.We’re living in a time where the adoption of artificial intelligence across enterprises is accelerating at a pace that’s frankly outstripping the maturity of our security controls and governance frameworks. This isn’t just a matter of playing catch-up; it’s about recognizing that the scale and subtlety of risk are changing, and the old playbooks aren’t enough. AI agents and AI-assisted development are multiplying the opportunities for both human error and oversight challenges. Meanwhile, the threat environment remains as active as ever, with state-sponsored actors exploiting vulnerabilities in critical infrastructure, and attackers leveraging increasingly sophisticated social engineering and malware delivery techniques.Let’s start with a look at some of the most important developments shaping the risk landscape today.First up, we have a significant alert regarding industrial control systems. Over 5,200 Rockwell programmable logic controllers—PLCs—have been found exposed to the internet. These devices are the backbone of manufacturing and infrastructure operations. Their exposure is not a hypothetical risk; it’s an open invitation for remote exploitation, sabotage, or ransomware attacks. Iranian advanced persistent threat actors have already been observed targeting these systems. For risk leaders, this is a wake-up call. Asset discovery, network segmentation, and continuous monitoring of operational technology environments are no longer optional—they’re essential. The potential for catastrophic disruption is real, and it’s immediate.Now, let’s talk about AI agents operating within enterprises. There’s a growing trend of deploying AI agents without adequate oversight from security teams. In many organizations, there’s little to no visibility into what these agents are doing, what data they’re accessing, or how they’re interacting with other systems. This creates significant blind spots for data leakage, privilege escalation, and compliance violations. The practical implication is clear: CISOs must move quickly to implement AI asset inventories, enforce policy controls, and develop monitoring capabilities tailored to both autonomous and semi-autonomous agents. If you don’t know what your AI is doing, you can’t secure it.Closely related to this is the rapid adoption of AI-assisted development tools. These tools are designed to accelerate software development, but they’re also amplifying the risk of human error. Faster code generation without sufficient guardrails can lead to the propagation of insecure code, misconfigurations, and vulnerabilities—often at scale. Security and risk leaders need to prioritize secure development lifecycle practices, automated code review, and AI-specific governance. The goal is not to slow down innovation, but to ensure that speed doesn’t come at the expense of security.Let’s shift gears to the threat landscape in the Middle East, where we’re seeing a sophisticated espionage campaign leveraging fake secure messaging applications to deliver ProSpy malware. This attack vector combines social engineering with advanced malware delivery, targeting sensitive communications and data exfiltration. For organizations with operations or partners in high-risk regions, this underscores the importance of user awareness, rigorous application vetting, and robust endpoint detection capabilities. The lesson here is that even trusted communication channels can be weaponized, and vigilance is critical.In Taiwan, attackers

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to today’s cyber and AI risk briefing. We’re looking at a landscape that’s more complex and fast-moving than ever before, with critical vulnerabilities emerging in core infrastructure, a surge in AI-driven risks, and new regulatory expectations shaping the way organizations need to think about resilience. Over the next fifteen minutes, I’ll break down the most significant developments, what they mean for your organization, and how leaders should respond.Let’s begin with a story that illustrates just how interconnected our risks have become. Security researchers recently discovered that several Android apps were shipping with hardcoded Google API keys, inadvertently exposing Gemini AI endpoints to anyone who knew where to look. This isn’t just a technical slip-up—it’s a window into sensitive AI services, potentially allowing attackers to interact with or even manipulate AI-driven processes. The practical upshot is clear: as AI becomes embedded in mobile and cloud environments, the old ways of managing secrets and credentials aren’t enough. Organizations need robust secrets management and continuous code review, especially as more business logic and sensitive data flow through AI-powered systems. If you’re leading security for a company with a mobile footprint, this is your cue to audit your apps, review your key management, and make sure you’re not exposing the keys to your AI kingdom.Moving to the backbone of enterprise security, both Palo Alto Networks and SonicWall have released critical patches for high-severity vulnerabilities in their products. These aren’t obscure systems—these are the firewalls and gateways that sit at the heart of thousands of organizations’ networks. Left unpatched, these flaws could allow remote attackers to compromise your infrastructure, disrupt operations, or exfiltrate sensitive data. The lesson here is as old as cybersecurity itself: patch early, patch often, and don’t assume that just because a device is core to your security stack, it’s immune from exploitation. Attackers are watching for slow movers. If you haven’t already, prioritize patching these systems and double-check your vulnerability management processes. It’s not just about compliance—it’s about keeping your business running.But the threat landscape isn’t limited to technical vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency—CISA—has issued an alert for a critical flaw in Ivanti Endpoint Manager Mobile, or EPMM. This isn’t a theoretical risk; attackers are actively exploiting this vulnerability in the wild. If you’re using Ivanti EPMM, you need to patch immediately and monitor for signs of compromise. The broader lesson is that attackers are increasingly targeting the tools we use to manage our own devices and endpoints. Compromising a management platform gives them a foothold across your entire environment. As we rely more heavily on endpoint management, especially with hybrid and remote work, these platforms become high-value targets. Make sure your patching cadence matches the speed of exploitation we’re seeing in the wild.Now, let’s zoom out and look at the global picture. Reports suggest that China has just suffered what may be the largest cyberattack in the country’s history, with massive volumes of sensitive data reportedly compromised. Details are still emerging, but the scale of this breach is a stark reminder that no nation, no matter how sophisticated, is immune from large-scale cyber operations. For organizations everywhere, this is a call to revisit your incident response plans and ensure you’re plugged into cross-border threat intelligence sharing. Nation-state actors and criminal groups are targeting critical infrastructure and government assets worldwide. The ripple effects from a brea

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to the daily cyber and AI risk briefing. Today, we’re taking a close look at the evolving landscape of threats and challenges that organizations are facing in 2026. The pace of change in both cyber and artificial intelligence risk is relentless, and the stakes are higher than ever—especially for critical infrastructure, high-profile organizations, and sectors rapidly adopting AI.Let’s start with the big picture. We’re seeing a surge in both traditional cyber threats and new governance challenges tied to AI. Critical infrastructure—think energy grids, healthcare systems, and financial institutions—remains a top target for sophisticated cybercriminals. At the same time, law firms, IoT devices, and edge infrastructure are facing heightened risks. The rapid adoption of AI, often outpacing the implementation of security and governance controls, is creating significant gaps that chief information security officers need to address urgently.We’ll break down the most important developments you need to know about today, unpack their practical implications, and highlight what matters most for risk leaders.Let’s begin with one of the most high-profile incidents making headlines: a sophisticated phishing campaign that’s hit a leading U.S. law firm, Jones Day. The attack is attributed to the cybercriminal group known as ‘Silent.’ Here’s what happened: attackers used targeted phishing emails to gain unauthorized access to the firm’s systems. The potential exposure includes sensitive client data and legal documents—assets that are incredibly valuable, not just to the firm, but to their clients as well. This breach is a stark reminder that professional services firms, especially those handling confidential or regulated information, are prime targets.For CISOs and risk executives, this incident reinforces several priorities. First, advanced email security is non-negotiable. Basic spam filters are no longer enough; organizations need layered defenses that include threat intelligence, anomaly detection, and real-time response capabilities. Second, user training is essential. Even the most sophisticated technical controls can be undermined by a single click on a malicious link. Regular, realistic phishing simulations and ongoing awareness campaigns can help build a culture of vigilance. And finally, rapid incident response is critical. The faster you can detect and contain a breach, the more you can limit the damage—especially in environments where sensitive data is at stake.Shifting gears, let’s talk about the evolving threat to IoT devices and edge infrastructure. The Masjesu botnet is making waves with its ability to launch distributed denial-of-service, or DDoS, attacks by compromising IoT devices and commercial routers. What makes Masjesu particularly concerning is its use of evasive techniques that make detection and mitigation challenging, even for well-defended organizations. We’re seeing these botnets being used in large-scale attacks against enterprise networks, leveraging the sheer number of vulnerable IoT endpoints.The practical implication here is clear: as organizations deploy more connected devices—everything from smart sensors in manufacturing plants to connected medical equipment in hospitals—the attack surface expands dramatically. Security leaders need to prioritize three things. First, maintain a comprehensive inventory of all IoT assets. You can’t protect what you don’t know you have. Second, implement regular patching and firmware updates. Many IoT devices ship with default credentials or unpatched vulnerabilities, making them easy targets. And third, use network segmentation to isolate IoT devices from critical systems. This limits the ability of attackers to move laterally if a device is compromised.

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to today’s deep dive into the evolving landscape of cyber and AI risk. The pace of change in this space is nothing short of remarkable, and as we look at the headlines and underlying trends, it’s clear that both the threats and the expectations for how organizations manage them are accelerating. Whether you’re a CISO, a risk executive, or a business leader with even a passing interest in digital resilience, there’s a lot to unpack. Let’s get right into it.We’re seeing a surge in sophisticated exploits and a rapid-fire tempo from ransomware operators. At the same time, AI is fundamentally reshaping both the risk landscape and the regulatory environment. The convergence of these trends means that traditional approaches to cybersecurity and risk management are being tested as never before.Let’s start with a story that really captures the urgency of the moment. The Medusa ransomware group has been making headlines for its ability to exploit zero-day vulnerabilities within just 24 hours of their public disclosure. Think about that for a second. The time between a vulnerability being made public and it being weaponized by threat actors has shrunk to almost nothing. Medusa, along with actors like Storm-1175, is targeting web-facing systems—those critical assets that are often the first line of exposure for an organization. The implication here is stark: defenders have less time than ever to identify, patch, and mitigate new vulnerabilities before attackers are already inside.This isn’t just a theoretical risk. SecurityWeek, TechNadu, and other leading sources are reporting that Medusa’s campaigns are leveraging these newly discovered flaws with unprecedented speed. The window for effective defense and response is compressing, and that means organizations need to rethink their vulnerability management strategies. Real-time intelligence, automated patching, and a clear understanding of your most exposed assets are now table stakes.And it’s not just Medusa. The U.S. Cybersecurity and Infrastructure Security Agency—CISA—has issued an alert on an actively exploited zero-day vulnerability in Fortinet products. Fortinet is a mainstay of perimeter defense for thousands of organizations worldwide. When a flaw in such a widely used platform is being exploited in the wild, the risk is immediate and significant. If you rely on Fortinet, the message is clear: patch now, review your deployments, and monitor for signs of unauthorized access or lateral movement. The consequences of delay can be severe, ranging from data breaches to ransomware infections that can cripple operations.Now, while software vulnerabilities have long been the main focus, we’re seeing attackers innovate at the hardware level as well. A recent report from SecurityWeek details a novel attack called “GPUBreach.” In this case, researchers achieved root shell access—a level of control that essentially gives an attacker the keys to the kingdom—using a GPU-based Rowhammer exploit. Traditionally, Rowhammer attacks have targeted CPU memory, but this new variant shows that GPUs in servers and workstations are now viable targets for privilege escalation. For security teams, this means reviewing hardware configurations and monitoring for unusual GPU activity is becoming just as important as patching software.The attack surface is also expanding through cloud services and SaaS components. Over 15,000 Flowise instances remain exposed to a critical injection vulnerability, according to gbhackers.com, and attackers are actively exploiting these weaknesses. This highlights a persistent challenge: unpatched cloud-native assets can be discovered and compromised at scale. Continuous asset discovery, vulnerability scanning, and automated remediation are essential, especially

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to today’s cyber and AI risk update. I’m Michael Housch. Let’s get right into the major developments shaping the risk landscape as of April 6th, 2026.The cyber and AI threat environment continues to evolve at a rapid pace. We’re seeing a convergence of advanced adversaries, new vulnerabilities, and the accelerating adoption of artificial intelligence across critical sectors. These trends are creating both operational and strategic challenges for risk leaders, especially as regulatory and workforce pressures mount.Let’s start with one of the most pressing issues: the cybersecurity skills crisis. The latest SANS 2026 report paints a stark picture. The shortage of skilled cybersecurity professionals is deepening, with critical infrastructure and operational technology—often referred to as OT—bearing the brunt. Organizations in these sectors are struggling to fill essential security roles, and that’s translating directly into increased breach risk. The impact isn’t theoretical; it’s measurable and growing.The implications here are significant. For leaders in risk, security, and operations, this isn’t just a staffing problem—it’s an operational risk that can undermine business continuity. The traditional approach of hiring more talent simply isn’t keeping up with demand. To address this, organizations are increasingly turning to automation, workforce development programs, and managed security services. The bottom line is clear: without a focused strategy to close the skills gap, critical systems remain exposed, and the risk of disruptive incidents climbs.Now, let’s talk about technical vulnerabilities—and specifically, zero-day exploits. Fortinet, a key player in endpoint management and security, has just released emergency patches for actively exploited zero-day vulnerabilities in its FortiClient EMS product. These flaws have been targeted in the wild, putting organizations that rely on Fortinet solutions at immediate risk. If your organization uses Fortinet for endpoint management, patching should be at the top of your priority list. The prevalence of Fortinet in critical environments means that attackers see these platforms as high-value targets. Quick action is essential to prevent compromise.This isn’t an isolated incident. We’re seeing a broader trend of supply chain attacks and zero-day exploits affecting major vendors and platforms. Just this past week, a supply chain attack targeted Guardarian users through malicious Strapi NPM packages. This highlights the persistent risk associated with third-party software dependencies—especially in cloud and identity services. The lesson here is that continuous monitoring of third-party components, strict controls on package sourcing, and robust integrity verification are no longer optional. They’re foundational to any modern security program.On the regulatory front, the landscape is getting more complex, not less. The OECD is pushing for risk-based regulatory frameworks for software, with a particular focus on AI, energy, and supply chain vulnerabilities. This reflects a growing international consensus: not all risks are created equal, and controls should be tailored to the specific risk profile of each system or application. However, for multinational organizations, this means compliance is becoming more granular and sector-specific. Keeping up with evolving standards—like the new ISO/IEC 42001 for AI governance—will require dedicated resources and cross-functional alignment.But regulatory fragmentation is a real and growing challenge, especially in the United States. Despite mounting pressure, Congress has yet to pass any comprehensive federal AI legislation. Meanwhile, 40 states are actively drafting their own rules. The result is a patchwork of requirem

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to today’s cyber and AI risk briefing. I’m Michael Housch, and over the next fifteen minutes, I’ll walk you through the most significant developments shaping the risk landscape right now. We’re seeing a surge in high-impact cyber incidents, a rapidly evolving threat environment, and growing pressure on organizations to rethink how they manage both cyber and AI risks. Let’s dive in.Let’s start with a story that’s sending shockwaves through the AI industry: the recent breach at Mercor, an AI-driven recruiting platform. Attackers managed to exfiltrate a staggering four terabytes of sensitive data. To put that in perspective, that’s millions of files—potentially including resumes, employment records, proprietary algorithms, and communications between employers and candidates. This isn’t just a headline; it’s a wake-up call for any organization leveraging AI platforms to handle large volumes of personal or business-critical information.The Mercor breach underscores three core issues. First, the sheer scale of data managed by AI platforms means a single breach can have outsized consequences. Second, many organizations still treat their AI vendors as black boxes, assuming security is someone else’s problem. And third, incident response plans often don’t account for the unique data flows and integration points that AI services introduce. If your business is using AI-driven tools—whether for recruiting, analytics, or customer service—now is the time to revisit your vendor due diligence, ensure you have clear contractual security requirements, and rehearse your incident response playbook with these new realities in mind.Unfortunately, Mercor isn’t alone. Another incident making headlines involves a money-transfer application that exposed customer passport images for nearly five years. The cause? Sensitive documents were stored on an unencrypted, publicly accessible cloud server. This isn’t a sophisticated attack; it’s a basic misconfiguration—a mistake that left highly sensitive identity documents open to anyone who knew where to look. The implications are severe: not only does this create a goldmine for identity thieves, but it also puts the company at risk of regulatory penalties, lawsuits, and lasting reputational damage.What’s the lesson here? Cloud security is not a “set it and forget it” proposition. Even mature organizations can fall victim to simple mistakes—especially when cloud environments are complex, and responsibilities are split between internal teams and third-party vendors. Regular cloud security assessments, strict access controls, and continuous monitoring are not optional. They’re essential for protecting both your business and your customers.Shifting gears, let’s talk about a vulnerability that’s being actively exploited right now: React2Shell. Attackers are leveraging this flaw to compromise over 700 Next.js hosts in a large-scale credential harvesting campaign. For those less familiar, Next.js is a popular web framework used by thousands of organizations to build modern applications. The React2Shell vulnerability allows attackers to execute malicious code and steal user credentials, often before defenders even know what’s happening.This campaign highlights the speed at which attackers weaponize new vulnerabilities. Within days of the flaw being disclosed, threat actors had automated their attacks and were targeting organizations at scale. If your organization uses Next.js or related frameworks, it’s critical to prioritize patching, monitor for indicators of compromise, and review your application security practices. This isn’t just about one vulnerability—it’s about building the muscle for rapid response as new threats emerge.On a related note, Google recently released an emergency patc

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to today’s deep dive into the evolving world of cyber and AI risk. I’m Michael Housch, and over the next several minutes, we’ll break down the most critical developments shaping the digital threat landscape, with a focus on practical implications for security leaders, executives, and anyone responsible for managing organizational risk.Let’s start by zooming out for a moment. The digital risk environment right now is marked by a surge in high-impact vulnerabilities, active exploitations, and a growing number of supply chain attacks. At the same time, concerns over AI governance and the intersection of technology with geopolitical risk are moving to the forefront. If you’re a CISO or a risk executive, the message is clear: the pace and complexity of threats demand agile, coordinated action across your organization.Let’s dig into the top stories and what they mean for your risk posture.First, a major alert from the Cybersecurity and Infrastructure Security Agency, or CISA. They’ve flagged a zero-day vulnerability in Google Chrome that’s currently being exploited in the wild. Google moved quickly to release a patch, but the sheer speed and scale of these attacks highlight just how challenging it is to keep widely used browsers secure. For organizations, this is a textbook case of why timely patch management is so critical. Browsers are often the first point of contact for attackers looking to gain initial access, and any lag in updates can translate directly into exposure. If you haven’t already, prioritize rolling out the latest Chrome updates across your environment, and keep an eye out for any indicators of compromise. This isn’t just about Chrome—browser vulnerabilities as a whole remain a favored vector for threat actors, so make sure your patching processes are both efficient and well-communicated to end users.Shifting gears to Europe, the European Commission recently suffered a significant breach of its cloud infrastructure. Hundreds of gigabytes of sensitive data were exposed in the incident. This breach serves as a stark reminder of the persistent risks tied to cloud misconfigurations and third-party dependencies. Even organizations with robust internal controls can be undermined by gaps in vendor management or cloud architecture. For risk leaders, this is a call to action: review your cloud security posture, scrutinize your vendor risk management processes, and remember that regulated or mission-critical data in the cloud demands an extra layer of diligence. The cloud offers agility and scale, but it also expands the attack surface—especially when configuration drift or unclear responsibility lines creep in.Now, let’s talk about the software supply chain—a topic that’s only grown in importance with the rise of open-source components and AI-driven platforms. Mercor, an AI platform, was recently hit by a supply chain attack through the LiteLLM library. This event highlights a growing risk in the AI and machine learning ecosystem: dependency attacks. When a widely used library is compromised, the effects can ripple rapidly across many organizations, often before anyone realizes what’s happening. Security teams need to double down on software composition analysis and keep a close watch for anomalous behavior in their package dependencies. The days of trusting open-source libraries by default are over. Instead, continuous monitoring and proactive vetting are now table stakes.On a related note, there’s been a possible breach involving Cisco, with the ShinyHunters group reportedly exposing three million records. The breach appears to be tied to a compromise of Trivy, an open-source security tool. This is a particularly troubling scenario—when the very tools you rely on for security become vectors for attack

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to today’s deep dive into the evolving world of cyber and AI risk. The landscape is shifting quickly, with attackers and defenders both raising their game. If you’re responsible for information security, risk management, or technology leadership, you know the stakes are higher than ever. Let’s break down the most important developments, what they mean for your organization, and how you can respond with confidence.Let’s start with the big picture. We’re seeing a rapid escalation in both the sophistication of cyberattacks and the complexity of defending against them. Zero-day vulnerabilities are emerging in widely used platforms, and attackers are leveraging artificial intelligence to bypass traditional security controls. Meanwhile, organizations are racing to adopt AI, often faster than their security and compliance frameworks can keep up. The result? A risk environment that’s more dynamic, more challenging, and more consequential than ever before.So, what’s at the top of the risk agenda today? First, let’s talk about zero-day vulnerabilities. These are flaws in software that are exploited before developers have a chance to issue a fix. They’re a favorite tool of advanced attackers because they can be used to compromise systems at scale, often with little warning.Today, one of the most pressing examples is a new zero-day vulnerability in Google Chrome, tracked as CVE-2026-5281. This isn’t just a theoretical risk; it’s under active exploitation right now. Attackers are using this flaw to execute arbitrary code on victims’ machines, which can lead to full system compromise. Google has responded quickly by releasing a patch, but the window for attackers to exploit unpatched systems remains open. Given how ubiquitous Chrome is in enterprise environments, delayed patching could expose organizations to widespread attacks. The takeaway here is clear: prioritize rapid patch management. Make sure your teams are deploying the Chrome update immediately, and review your browser security policies to ensure you’re not leaving any gaps.But Chrome isn’t the only platform in the crosshairs. Another vulnerability has been discovered in Vim, the popular text editor used by developers and IT professionals worldwide. The issue lies in Vim’s modeline feature, which can be exploited to execute arbitrary operating system commands when a user opens a malicious file. This is particularly concerning for environments where Vim is used in production or for administrative tasks. If you haven’t already, apply the available patches and consider disabling modeline parsing where possible. These steps can help prevent attackers from gaining a foothold through what might seem like a routine workflow.Now, let’s shift gears to the role of artificial intelligence in today’s threat landscape. Attackers are increasingly using AI to outsmart traditional defenses, and one of the most notable examples is in email security. Phishing remains a top attack vector, but the game has changed. Threat actors are now using AI to generate emails that can evade even sophisticated filtering technologies. These AI-generated phishing campaigns are more convincing, more targeted, and harder to detect than ever before. The risk of credential theft and business email compromise is rising as a result.For security leaders, this means it’s time to reassess your email security stack. Relying solely on traditional filters is no longer enough. Consider integrating AI-driven detection capabilities that can spot subtle anomalies in message content and context. But technology alone isn’t the answer—user awareness training remains critical. Employees need to be equipped to recognize and report suspicious messages, even when they look legitimate. A layered approach that combines

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to today’s cyber and AI risk update. I’m Michael Housch, and I’ll be guiding you through the latest developments shaping our threat landscape as of March 31st, 2026. If you’re a CISO, risk executive, or anyone with a stake in enterprise security, these are the issues that should be top of mind right now.Let’s start with a broad view. We’re seeing a surge in high-impact vulnerabilities and active exploitation of technologies that form the backbone of enterprise IT. At the same time, the intersection of artificial intelligence and cybersecurity is producing new risks, both technical and regulatory. Ransomware actors are evolving, supply chain attacks are increasing, and legal decisions are starting to reshape the AI governance landscape. The pace of change is relentless, and the implications are significant for organizations of all sizes.Let’s break down the most pressing issues you need to be aware of.First up, Citrix NetScaler appliances are under active attack. The Cybersecurity and Infrastructure Security Agency, or CISA, has flagged a vulnerability—suspected to be CVE-2026-3055—that’s being actively exploited in the wild. NetScaler is widely used in enterprise environments for application delivery and remote access, so this is not a niche problem. Attackers are probing and exploiting this flaw to gain unauthorized access or execute code on affected systems. The risk here isn’t just initial compromise. Once inside, attackers can move laterally, escalate privileges, and potentially access sensitive data or critical systems.What does this mean for your organization? If you’re running NetScaler, you need to prioritize patching—now. Don’t wait for the next scheduled maintenance window. You should also be monitoring your environment for signs of exploitation, such as unusual authentication attempts or unexpected changes in system behavior. The window between vulnerability disclosure and active exploitation is shrinking, so rapid response is essential.Next, let’s talk about F5 BIG-IP. A vulnerability in these devices has just been reclassified as a remote code execution issue, which is as serious as it gets. Attackers can potentially take full control of affected devices, and exploitation is already underway. F5 BIG-IP is a critical component for load balancing and security in many enterprise networks. If your organization relies on BIG-IP, you need to apply available patches immediately and review your device configurations for any indicators of compromise.This is a good moment to reflect on patch management in general. The days when you could afford to wait weeks or months to apply critical patches are over. Attackers are moving faster, and the cost of delay is rising. Make sure your vulnerability management processes are up to the challenge.Let’s shift gears to ransomware. Threat actors are getting more creative, and one of the latest tactics involves abusing legitimate Windows tools to disable antivirus protections before launching ransomware attacks. This approach allows them to fly under the radar, evading traditional security controls and maximizing their impact. It’s a reminder that attackers don’t always need zero-day exploits—sometimes, they just need to use the tools already present in your environment.So, what can you do? Enhance your monitoring for suspicious use of native Windows utilities, like PowerShell or Windows Management Instrumentation. Consider implementing application whitelisting and invest in robust endpoint detection and response solutions. The goal is to spot and stop malicious activity before it can do real damage.Now, let’s talk about supply chain risk, which continues to be a major concern. The axios NPM library, which is downloaded over 100 million times and

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to today’s deep dive into the evolving world of cyber and AI risk. I’m Michael Housch, and over the next several minutes, we’re going to break down the latest threats, innovations, and strategic shifts shaping how organizations defend their assets, manage compliance, and adapt to a landscape that’s moving faster than ever.Let’s start by setting the stage. The cyber risk environment right now is defined by convergence—advanced threats, regulatory momentum, and rapid technological change are all colliding. Artificial intelligence is at the heart of this transformation, powering both new security tools and, unfortunately, new attack methods. On one side, we have defenders leveraging AI to spot and stop threats faster. On the other, attackers are using automation and machine learning to find vulnerabilities and scale their operations. It’s a high-stakes arms race, and the implications for businesses are profound.Today, we’ll cover a dozen of the most important developments, from mobile exploits and supply chain attacks to the rise of zero trust and sovereign AI frameworks. Along the way, I’ll share context and practical takeaways to help you navigate the shifting terrain.Let’s get started with the first headline.A new campaign by the threat actor TA446 is making waves in the mobile security world. They’re using what’s called the DarkSword exploit kit to target iPhone users. Now, exploit kits aren’t new, but what’s notable here is the focus on iOS—an ecosystem often considered more secure than most, but far from invulnerable. The DarkSword kit enables attackers to exploit vulnerabilities in iOS, potentially giving them full control over the device. That means attackers can exfiltrate data, install malicious apps, or use the device as a launchpad for further attacks inside an organization.For security leaders, this is a wake-up call. Mobile endpoints are everywhere—often less protected than laptops or servers, but just as connected to sensitive data and systems. If you’re responsible for enterprise security, it’s time to take a hard look at your mobile device management policies. Are your iOS devices being patched promptly? Is monitoring in place to catch unusual behavior? And does your incident response plan cover mobile-specific scenarios? The lesson here is clear: don’t let mobile become your weakest link.Staying on the theme of persistent threats, let’s talk about supply chain risk—specifically, open-source software dependencies. This week, a malicious version of the Telnyx Python SDK was discovered on PyPI, the Python Package Index. This backdoored package was designed to steal cloud credentials from anyone who installed it. For developers and organizations relying on open-source, this is a classic supply chain attack. The attacker doesn’t need to break into your systems directly—they just wait for you to invite them in by installing compromised software.The practical risk here is huge. Once cloud credentials are exfiltrated, attackers can access sensitive data, spin up resources, or even pivot to other targets in your environment. What can you do? First, reinforce your software supply chain controls. That means automated dependency scanning, verifying the provenance of code, and making sure credentials aren’t unnecessarily exposed in development environments. Credential hygiene is more important than ever—use secrets management tools, rotate keys regularly, and audit access to cloud services.Speaking of credentials, the problem of secrets sprawl continues to grow. A new report on the state of secrets sprawl in 2026 highlights just how pervasive this issue has become. Secrets sprawl refers to the unintentional exposure of credentials, API keys, and other sensitive information across codebases,

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to today’s cyber and AI risk briefing. I’m Michael Housch, and over the next 15 minutes, I’ll walk you through the most pressing developments shaping the risk landscape for security leaders, technology executives, and anyone responsible for safeguarding digital assets in this rapidly evolving environment.Let’s start with a theme that’s front and center for every organization exploring advanced AI: the intersection of AI governance and national security. This week, we saw a pair of landmark legal victories for Anthropic, a leading AI vendor, in its ongoing disputes with the U.S. government. These cases are about much more than one company—they’re setting the tone for how AI innovation, regulation, and national interests will interact moving forward.First, a U.S. court blocked the Pentagon from imposing a risk label on Anthropic’s AI systems. The Pentagon had sought to restrict commercial AI usage based on perceived security risks, but the court sided with Anthropic, limiting the government’s ability to unilaterally impose such constraints. This is significant. For organizations deploying or developing AI, it signals a more complex and potentially contentious regulatory environment. The days of straightforward compliance are over—now, legal readiness and proactive policy engagement are essential when rolling out advanced AI systems. You can expect more negotiation and, likely, more litigation as both public and private sectors define the boundaries of acceptable AI use.In a related case, Anthropic also secured a win against the Trump administration, overturning federal restrictions on its AI models. The court’s decision affirms the rights of AI developers to operate without blanket government-imposed constraints, provided they meet existing compliance standards. This outcome is likely to embolden other AI vendors and enterprises. We’ll probably see more challenges to regulatory actions and more organizations negotiating the terms of AI oversight. For CISOs and compliance teams, this means the regulatory playbook is in flux. If you’re deploying AI, you need a legal and compliance strategy that’s agile, informed, and ready to adapt to shifting requirements.Let’s shift gears to technical threats, where the pace and sophistication of attacks continue to accelerate. One of the most concerning developments this week is a new campaign by the hacking group TeamPCP, which is targeting AI developers with malicious code injections. Their goal is to compromise development environments and propagate malware through AI toolchains. This isn’t just an attack on code—it’s an attack on the entire AI supply chain. If these attacks succeed, they can undermine the integrity of AI models and the security of downstream applications. For organizations building or integrating AI, this raises the stakes for secure software development. It’s not enough to check code at the end; you need continuous code integrity checks, robust developer security training, and enhanced monitoring of your development pipelines. The threat is real, and the consequences can be far-reaching.Supply chain risk isn’t limited to AI development. Red Hat recently issued a critical warning about malware embedded in a widely used Linux tool. This isn’t just a theoretical risk—attackers are using compromised open-source software to gain unauthorized access to enterprise systems. If your organization relies on open-source components, this is a wake-up call. Rigorous software provenance checks and rapid patching are now non-negotiable. Continuous monitoring for anomalous behavior in production environments is also essential. The reality is that software supply chain attacks are persistent, and attackers are getting better at hiding their tracks.Staying with the theme

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to today’s cyber and AI risk briefing. I want to dive right in, because the landscape we’re seeing right now is both fast-moving and increasingly complex. We’re not just talking about the usual technical exploits—though there’s plenty of that—but also a real acceleration in AI governance, security frameworks, and regulatory scrutiny. For CISOs and security leaders, it’s a dual challenge: defending against evolving technical threats while building out robust, trustworthy AI systems that can withstand both internal and external scrutiny.Let’s start with the most immediate concerns—critical vulnerabilities that have been disclosed in some of the most widely used platforms across enterprise environments.First up is Google Chrome. Google has just released a critical update to patch eight high-risk vulnerabilities in the Chrome browser. Now, Chrome is everywhere—on desktops, laptops, and mobile devices across nearly every organization. These vulnerabilities aren’t theoretical; they could allow attackers to execute arbitrary code or compromise user data directly through the browser. That means the window for zero-day exploits is wide open until you patch. If you’re responsible for endpoint security, rapid deployment of this update should be a top priority. It’s also a good moment to reinforce browser security policies and remind users about the importance of keeping software up to date. The lesson here is clear: browser vulnerabilities are a persistent risk, and timely remediation is the only way to keep exposure to a minimum.Next, let’s talk about Synology’s DiskStation Manager, or DSM. A newly disclosed vulnerability here allows remote attackers to execute arbitrary commands on affected NAS devices. For organizations relying on Synology for storage—and that’s a lot of small and mid-sized businesses—this is a significant risk. If exploited, attackers could steal data, deploy ransomware, or use the compromised device as a foothold for lateral movement within your network. The immediate recommendation is twofold: patch DSM as soon as possible, and review your network segmentation. If your NAS devices are accessible from less trusted segments, you’re increasing your risk profile. This is a textbook example of how a single unpatched device can become an entry point for a much larger breach.Moving on to endpoint backup solutions, IDrive for Windows has also been found vulnerable. This particular flaw allows for privilege escalation, meaning a local attacker could gain elevated access on a compromised system. While this requires some level of initial access, it’s exactly the kind of vulnerability that threat actors look for when moving laterally or establishing persistence. If you’re running IDrive, prioritize patching and take this opportunity to review your endpoint monitoring. Look for any signs of suspicious privilege escalation activity, and make sure your detection rules are up to date.Now, beyond direct vulnerabilities, we’re seeing a continued surge in supply chain attacks. Microsoft has just issued new guidance on defending against the Trivy supply chain attack. For those not familiar, Trivy is a popular open-source vulnerability scanner used in CI/CD pipelines and container environments. Attackers have been targeting the supply chain itself, compromising the tools organizations use to build and deploy software. Microsoft’s guidance emphasizes the importance of robust identity and access controls, as well as artifact validation. In practical terms, this means reviewing who has access to your build pipelines, ensuring that only trusted sources are allowed, and validating every artifact before it’s deployed. Supply chain attacks are notoriously difficult to detect until it’s too late, so proactive assessment and harde

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to the daily cyber and AI risk briefing. Today, we’re diving into a landscape that’s shifting faster than ever—one marked by a surge in sophisticated cyber exploits, supply chain attacks, and a rapidly changing regulatory environment around AI safety and governance. If you’re responsible for risk, security, or technology strategy, these developments aren’t just headlines—they’re practical signals to adapt your approach.Let’s start with the big picture. The high-tech sector remains the most targeted industry, and we’re seeing new malware campaigns and advanced persistent threats exploiting both cloud and on-premises environments. AI security is under intense scrutiny, with both private sector innovation and government oversight shaping the risk management agenda. And critically, the convergence of advanced cyber threats and the rapid deployment of AI technologies means that organizations need a holistic, adaptive security posture.So, what’s driving this sense of urgency? Let’s break down the most significant developments shaping today’s risk landscape.First up: Google has disclosed the DarkSword iOS exploit chain. This is a sophisticated, multi-stage attack that’s been active since late 2025. What makes DarkSword particularly alarming is its ability to silently compromise iPhones—especially those used to store cryptographic keys and wallet apps. In other words, if your executives or employees are handling sensitive financial or cryptographic data on their mobile devices, they’re in the crosshairs.The attack’s stealth and focus on high-value crypto assets mean it’s not just a theoretical risk. For CISOs and risk executives, this is a wake-up call to reassess mobile device security policies. That includes enforcing strong device management, mandatory updates, and perhaps even restricting the use of personal devices for sensitive tasks. The days of treating mobile as a secondary risk vector are over—especially as attackers increasingly target the intersection of finance and technology.Moving to the cloud, another major incident has emerged: TeamPCP has deployed a new Kubernetes-targeted wiper known as CanisterWorm. This malware was used in an attack against Iranian infrastructure, and it’s designed specifically to disrupt containerized environments. The significance here is clear—attackers are shifting their focus to cloud-native architectures. Kubernetes clusters, which underpin much of today’s scalable infrastructure, are now prime targets.If your organization relies on containerized workloads, it’s time to double down on segmentation, robust backup strategies, and incident response planning. The ability to quickly restore affected clusters and isolate compromised workloads could make the difference between a minor disruption and a major operational crisis.Let’s talk about the bigger trend: the high-tech sector’s ongoing exposure. According to Mandiant, the high-tech industry remains the top target for cyber attacks in 2025. Both financially motivated and nation-state actors are in play, with a particular focus on intellectual property theft and supply chain compromise. This isn’t just about protecting your own assets—it’s about understanding that your vendors, partners, and even customers can be vectors for attack.Layered defenses are essential. That means combining technical controls, like endpoint detection and response, with robust threat intelligence and third-party risk management. If you’re in a technology-driven organization, expect continued targeting and make sure your defenses are as dynamic as the threats you face.Now, let’s turn to cloud security. A new study from Red Hat found that an astonishing 97% of organizations have suffered cloud security incidents. That’s nearly uni

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome back, everyone. Today, we’re looking at the cyber and AI risk landscape as of March 23, 2026—a landscape that’s growing more complex by the day. The convergence of technical threats and governance challenges is creating a perfect storm for organizations across every sector. We’re seeing a surge in high-severity vulnerabilities, active exploitation of critical software platforms, and a rapid expansion of AI deployments that are outpacing the frameworks meant to keep them in check.Let’s break down what’s happening and, more importantly, what it means for security leaders and organizations trying to navigate these turbulent waters.We’ll start with the technical threats making headlines. This week, we’ve seen a series of high-impact vulnerabilities being actively exploited, affecting some of the most widely used platforms in enterprise and government environments.First up is Cisco. The Cybersecurity and Infrastructure Security Agency, or CISA, has issued an emergency directive requiring all US government agencies to immediately patch a critical vulnerability in Cisco products. This flaw has been rated at the highest severity level and, if left unaddressed, could allow remote attackers to take full control of affected devices. Given Cisco’s widespread presence in both public and private sector networks, this isn’t just a government problem—it’s a wake-up call for any organization relying on Cisco infrastructure.What’s the practical takeaway here? Patch management needs to be at the top of your priority list. Security teams should not only apply the latest patches but also review their exposure to Cisco products across their environments. This is about more than compliance—it’s about preventing potentially catastrophic breaches.Moving on to Oracle Identity Manager. Oracle has released an emergency fix for a zero-day vulnerability—specifically, a pre-authentication remote code execution flaw. This means attackers can compromise identity infrastructure without even needing credentials. For organizations using Oracle for access management, the risk is significant. Identity systems are the keys to the kingdom; if they’re compromised, attackers can move laterally and escalate privileges with little resistance. The recommendation here is clear: patch immediately and review your identity system logs for any signs of suspicious activity.Next, let’s talk about Craft CMS. CISA has also issued a warning about a code injection vulnerability in Craft CMS that’s being actively exploited. Attackers are using this flaw to execute arbitrary code on vulnerable systems. Content management systems like Craft are frequent targets because they often sit at the intersection of business operations and the public internet. If you’re running Craft CMS, make sure patches are applied and keep an eye out for unusual system behavior.But it’s not just about direct exploitation anymore. We’re seeing attackers increasingly target the supply chain, compromising the very tools organizations use to secure themselves. A recent example is the breach of the Trivy vulnerability scanner. Attackers managed to inject credential-stealing scripts into Trivy, turning a security tool into a potential vector for compromise. This kind of supply chain attack highlights the importance of verifying the integrity of third-party tools and monitoring them for unexpected changes. If you’re using Trivy, check your installations and rotate any credentials that may have been exposed.Ransomware actors are also upping their game. Traditionally, they’ve relied on exploiting vulnerable drivers to bypass endpoint detection and response—EDR—solutions. But now, they’re expanding their methods, finding new ways to evade detection and disable security controls. Thi

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to today’s cyber and AI risk briefing. I’m Michael Housch. Over the next 15 minutes, we’ll unpack the most pressing developments shaping the risk landscape as of March 20th, 2026. Whether you’re a security leader, a business executive, or just someone interested in how technology is evolving, I’ll walk you through what’s happening, why it matters, and what you can do about it.Let’s start with the big picture. The cyber threat landscape right now is defined by a surge in critical vulnerabilities—especially zero-days—being actively exploited in both infrastructure and endpoint technologies. We’re seeing ransomware actors and other threat groups move quickly to weaponize these flaws, often before patches are even available or widely deployed. At the same time, new strains of malware are hijacking legitimate software, and high-profile data breaches are exposing millions of sensitive records. This all underscores a persistent challenge: managing identity and access in an environment where the attack surface keeps expanding.On the AI front, the risks are accelerating. Both Gartner and Microsoft have sounded the alarm that organizations are adopting AI agents at a pace that far outstrips the implementation of adequate security controls. This rapid deployment, combined with the looming threat of quantum computing, is forcing organizations to rethink their risk models and governance frameworks. The convergence of these trends means that CISOs are being pulled in two directions: they need to react quickly to urgent vulnerabilities, while also making strategic investments in identity, AI, and supply chain security.So, what’s the practical takeaway for risk leaders? It’s clear: prioritize remediation of actively exploited vulnerabilities, strengthen identity-centric defenses, and ensure that AI deployments are governed by robust security policies. The evolving threat landscape demands a proactive, layered approach to both cyber and AI risk management.Let’s dig into the top stories shaping today’s risk environment.First up: CISA has issued a critical alert regarding a zero-day vulnerability in Cisco Secure Firewall Management Center. Ransomware actors are actively exploiting this flaw to gain unauthorized access. Multiple sources confirm that exploitation is ongoing, and Cisco’s recent disclosures suggest this isn’t an isolated case—it’s part of a broader pattern of weaknesses across their product line. For organizations relying on Cisco firewalls, this is a wake-up call. These devices often serve as the last line of defense for enterprise networks. Immediate patching is essential, but it doesn’t stop there. It’s also critical to review firewall configurations and ensure that only necessary services and ports are exposed. This incident is a reminder that perimeter defenses are only as strong as their weakest link, and attackers are relentless in probing for those weaknesses.Next, researchers have disclosed critical vulnerabilities in Jenkins, the widely used CI/CD automation server. These flaws allow remote code execution, meaning that attackers can take control of build pipelines and inject malicious code into software releases. The implications here are significant. CI/CD infrastructure sits at the heart of modern software development, and a compromise can lead to widespread supply chain attacks—potentially impacting not just your organization, but your customers and partners as well. If you’re running Jenkins, prioritize patching and review access controls. Make sure that only authorized users have access to build environments, and consider implementing additional monitoring to detect suspicious activity in your pipelines.Moving to the mobile front, a severe vulnerability has been discovered in the UNISOC T61

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptToday, we’re diving into the evolving world of cyber and AI risk—a landscape that’s growing more complex by the day. If you’re leading security, managing IT, or simply trying to keep your organization’s digital assets safe, the news from the past 24 hours offers plenty to pay attention to. We’re seeing a surge in sophisticated exploit activity, large-scale data breaches, and new challenges around AI governance. I’m Michael Housch, and over the next 15 minutes, I’ll walk you through the most critical developments, what they mean in practice, and how organizations can adapt to stay resilient.Let’s start with the headline that’s making waves across the cybersecurity community: the rise of advanced exploit campaigns targeting widely used platforms. This isn’t just a technical concern—it’s a direct threat to business continuity, data privacy, and even reputational trust.First up, the Darksword exploit kit. This is a new campaign that’s specifically targeting iPhone devices, and it’s notable for both its sophistication and its speed. Attackers are leveraging six different vulnerabilities, including three zero-days, to achieve full device takeover. For those less familiar, a zero-day is a vulnerability that’s unknown to the vendor and for which no patch exists at the time of discovery. These are the crown jewels for attackers, and when multiple zero-days are chained together—as we’re seeing with Darksword—the impact can be devastating.What’s particularly concerning is how quickly these exploits are being weaponized. The window between vulnerability discovery and active exploitation is shrinking, putting immense pressure on security teams to patch devices rapidly. For organizations with bring-your-own-device policies or executives traveling internationally, the risk is even higher. Mobile device management needs to be more than a checkbox—it should be an active, ongoing process. Rapid iOS patch deployment is essential, and organizations should consider tightening controls around device access, especially for users with elevated privileges or access to sensitive data.Shifting gears, let’s talk about network infrastructure. Cisco firewalls are a staple in enterprise environments, but even these robust systems aren’t immune. A zero-day vulnerability in Cisco firewalls is currently being exploited by the Interlock ransomware group. Attackers are bypassing security controls and deploying ransomware payloads directly onto networks. This is a classic example of attackers going after the “plumbing” of the internet—targeting the very devices meant to keep us safe.This trend—using network infrastructure as an initial access vector—underscores the importance of timely firmware updates. But patching alone isn’t enough. Network segmentation can help limit the blast radius of an attack, and continuous monitoring of firewall logs is critical for detecting anomalous activity early. If you’re not already reviewing your firewall logs for signs of compromise, now’s the time to start.Browsers are another high-value target, and Google Chrome is no exception. Google has just issued an urgent update for Chrome, version 146, to address an actively exploited zero-day. Given Chrome’s ubiquity in both consumer and enterprise environments, the risk here is widespread. Delayed patching can leave organizations open to drive-by attacks, where simply visiting a compromised website can result in malware infection or credential theft.Security teams should prioritize rolling out browser updates across all endpoints—laptops, desktops, and even mobile devices. But technology alone won’t solve the problem. User awareness is equally important. Employees need to recognize the risks of phishing emails and malicious downloads, as attackers often use social

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.TranscriptWelcome to today’s cyber and AI risk briefing. I’m Michael Housch, and over the next fifteen minutes, we’re going to unpack the latest developments shaping the risk landscape for organizations worldwide. The convergence of critical vulnerabilities, evolving nation-state threats, and the rapid advance of AI governance challenges is creating a complex environment for risk leaders, CISOs, and security teams. Let’s break down what’s happening, why it matters, and what you can do about it.Let’s start with the technical vulnerabilities making headlines today. These are not theoretical risks—they’re real, exploitable flaws that could allow attackers to gain deep access to enterprise networks if left unaddressed.First up is a critical vulnerability in Telnetd, the classic Telnet daemon. For those unfamiliar, Telnet is an old protocol used for remote management of devices and servers, especially in legacy environments and embedded systems. The newly disclosed flaw allows remote attackers to execute arbitrary code on affected systems. This means an attacker could potentially take full control of a device—installing ransomware, exfiltrating data, or using that foothold to move laterally across your network.What’s particularly concerning is that Telnet is still widely present in older infrastructure—think industrial control systems, network appliances, and some data center equipment. If you have any systems still using Telnet for remote management, now is the time to act. Immediate patching is essential, but that’s only part of the equation. Network segmentation can help limit the blast radius if a device is compromised. Don’t assume that legacy means low risk—attackers know these systems are often overlooked.Moving on, researchers have identified nine critical vulnerabilities in IP-based KVM devices—keyboard, video, mouse switches—from four major vendors. For context, KVMs are the backbone of data center management, allowing administrators to control multiple servers from a single console. These flaws allow unauthenticated attackers to gain root-level access, bypassing all authentication controls. In other words, someone on the network—or in some cases, even remotely—could take over your KVM devices without any credentials.This is a high-impact risk, especially for organizations with on-premises or hybrid environments. KVMs are often trusted implicitly, and compromising one can give an attacker a direct line to your most sensitive servers. The recommended action is clear: apply firmware updates from your vendors as soon as possible and restrict network access to these devices. Don’t leave KVMs exposed to broader internal networks or, worse, the internet.Next, let’s talk about Ubuntu Desktop. A newly disclosed vulnerability—tracked as CVE-2026-3888 and linked to the Snap package manager—allows local privilege escalation to root. This affects a wide range of Ubuntu deployments. The risk here is that a malicious insider, or malware that gains a foothold, could exploit this flaw to gain full control over an endpoint. Once an attacker has root access, they can disable security tools, move laterally, or escalate their attack.If you’re running Ubuntu Desktop in your environment, prioritize patching this vulnerability. It’s also a good time to review your endpoint monitoring for signs of privilege escalation. Don’t overlook the insider threat—while external attacks get the headlines, insiders with the right access and motivation can do just as much damage.Now, let’s shift to the software supply chain. The ForceMemo campaign is actively hijacking GitHub accounts and inserting backdoors into Python repositories. This is a classic supply chain attack, where attackers compromise developer accounts, alter open-source code,

Daily Cyber & AI Briefing with Michael Housch. This draft includes the assembled audio and full transcript for review before publication.TranscriptWelcome to today’s cyber and AI risk briefing. Let’s dive straight into the fast-moving landscape that’s redefining enterprise security in 2026. We’re seeing a convergence of critical vulnerabilities, rapid AI adoption, and increasingly sophisticated cyber threats. At the same time, defensive technologies are evolving—but so are the tactics of attackers. The stakes are high, and the imperative for security leaders is clear: act quickly, govern effectively, and stay ahead of both human and AI-driven risks.Let’s start with the most urgent items on the radar.First, Google Chrome is in the spotlight due to a critical zero-day vulnerability. Google has issued an urgent warning, urging all users—individuals and enterprises alike—to update immediately. This flaw is being actively exploited in the wild, which means attackers are already using it to compromise systems. Given Chrome’s dominance in enterprise environments, a delayed response could open the door to data theft, malware infections, or attackers moving laterally across your network. The takeaway here is straightforward: rapid patch management isn’t optional. Make sure your teams are monitoring browser security and pushing updates as soon as they’re available. This isn’t just about compliance—it’s about protecting your organization’s data and reputation.Staying with application vulnerabilities, let’s talk about Angular. A newly disclosed cross-site scripting, or XSS, vulnerability threatens thousands of web applications. Attackers can use this flaw to inject malicious scripts, steal data, hijack sessions, or escalate their attacks further. Angular is widely used in enterprise web development, so the risk is broad and real. If you’re running Angular-based applications, prioritize patching and review your application security controls. Don’t underestimate the potential for reputational and financial damage if this vulnerability is left unaddressed. Application security reviews and regular code audits should be part of your standard operating procedure.Moving to infrastructure, CISA has issued an alert about an actively exploited vulnerability in Wing FTP Server. Attackers are leveraging this flaw to gain unauthorized access, which can lead to data breaches or even ransomware incidents. If your organization is using Wing FTP, apply the latest patches immediately and monitor for any signs of compromise. This is another clear reminder that vulnerability management isn’t a one-off task—it’s a continuous process. Integrating threat intelligence into your operations can help you detect and respond to these kinds of incidents before they escalate.Let’s shift gears to the broader threat landscape, where AI is playing an increasingly central role. Booz Allen has issued a warning: AI-driven cyberattacks are now outpacing human-driven defenses, especially in critical infrastructure sectors. Attackers are using automation and machine learning to ramp up the speed, scale, and sophistication of their campaigns. For security leaders, this means traditional defenses aren’t enough. You need to adopt AI-enabled defense mechanisms and invest in continuous security operations automation. The goal is to keep pace with evolving threats, not just react to them. Automation isn’t just a buzzword—it’s an operational necessity.Now, let’s talk about the rise of agentic AI. This is a major shift in the enterprise environment. Agentic AI refers to AI agents capable of autonomous action—making decisions, accessing data, and interacting with critical systems without direct human oversight. Industry initiatives and vendor solutions, like those presented at RSAC 2026 and by companies such as Okta and SailPoint, are starting to address the governance and security challenges these agents introduce. For CI

Daily Cyber & AI Briefing with Michael Housch. This draft includes the assembled audio and full transcript for review before publication.TranscriptWelcome to today’s cyber and AI risk briefing. The landscape we’re operating in is evolving at a pace that’s both impressive and, frankly, concerning. If you’re a security leader, a risk executive, or anyone responsible for safeguarding digital assets, the message is clear: the game has changed, and it’s changing faster than most organizations can adapt.Let’s start with the big picture. Attackers are leveraging automation and artificial intelligence at a scale we haven’t seen before. They’re moving quickly, adapting their tactics, and using AI to bypass traditional defenses. Meanwhile, defenders are struggling to keep up. A new report out this week highlights just how significant this gap has become. Adversaries are using AI not only to automate attacks, but to make them more sophisticated, harder to detect, and faster to deploy.This is not just about more phishing emails or generic malware. We’re seeing AI being used to craft highly convincing phishing campaigns, generate malware that can morph and evade detection, and even bypass security controls that many organizations still rely on. For those of us responsible for defense, it’s a wake-up call. The imperative now is to invest in AI-driven defense tools, reassess incident response plans, and ensure teams are prepared to respond to threats that move at machine speed.One of the most striking examples of this new threat environment is the RondoDox botnet. This botnet has dramatically scaled up its operations, now exploiting 174 known vulnerabilities. What makes RondoDox especially dangerous is its use of residential IP addresses to fly under the radar. By blending in with regular internet traffic, it becomes much harder for traditional security tools to spot the malicious activity.For organizations, this means that unpatched systems are more exposed than ever. The botnet’s ability to pivot quickly across a wide range of vulnerabilities increases the risk of compromise, especially for those who haven’t kept up with patching. The practical takeaway here is simple: prioritize vulnerability management. Make sure you’re not just patching the most critical issues, but also monitoring for unusual outbound traffic patterns that could indicate botnet activity.Let’s shift gears to another area that’s seeing increased attention: analytics platforms. Google Looker Studio, a widely used tool for business analytics, was recently found to have multiple vulnerabilities. These flaws allow attackers to exfiltrate data from connected Google services. Given how many organizations rely on Looker Studio for their analytics and reporting, this is a significant risk.If you’re using Looker Studio, now is the time to review your configurations, apply any available patches, and monitor for unauthorized access. Data leakage from analytics platforms can be especially damaging because these systems often have access to sensitive business intelligence and customer data. The lesson here is that security for analytics tools should be treated with the same rigor as your core applications.The role of AI in cyber threats doesn’t stop at phishing or botnets. IBM researchers have uncovered a link between suspected AI-generated malware, specifically a strain called ‘Slopoly,’ and the Hive0163 ransomware operation. This connection is noteworthy because it shows how AI is being used to create malware that’s not only more evasive but also more adaptive.We’re entering an era where polymorphic malware—malware that changes its characteristics to avoid detection—will become the norm rather than the exception. Security leaders should anticipate this trend and invest in behavioral detection and threat intelligence capabilities. Signature-based detection is becoming less effective against these kinds of

Daily Cyber & AI Briefing with Michael Housch. This draft includes the assembled audio and full transcript for review before publication.TranscriptWelcome to today’s cyber and AI risk brief. I’m Michael Housch, and over the next several minutes, I’ll walk you through the most pressing developments shaping the security landscape right now. We’re seeing a convergence of urgent vulnerabilities, active exploitation, and a rapidly evolving mix of threats—from sophisticated supply chain attacks to the growing intersection of AI and cybersecurity. Let’s dive in.First, let’s talk about what’s dominating headlines: a surge in critical software vulnerabilities and active zero-day exploits. If your organization relies on Chrome, Veeam, or OpenSSH—and let’s be honest, that’s most of us—you need to pay close attention.Google Chrome, the world’s most widely used browser, is under active attack. Security researchers and Google have disclosed several zero-day vulnerabilities in Chrome’s Skia and V8 components. These are not theoretical issues—attackers are exploiting them in the wild right now. The flaws allow remote execution of malicious code, meaning a user could visit a compromised website and inadvertently give an attacker a foothold on their machine. The takeaway here is simple: update Chrome immediately across your organization. Don’t wait for a scheduled maintenance window. Rapid patching is critical, especially given how central browsers are to daily business operations. For CISOs and IT leaders, this is a reminder that browser security is not just an endpoint issue—it’s a gateway to your enterprise.Moving on to backup infrastructure, Veeam has released urgent patches for multiple critical remote code execution vulnerabilities in its backup server platform. Veeam is a backbone for data protection in many enterprises, and these flaws could allow attackers to gain full control over backup systems. The risk isn’t just data theft—it’s the potential for ransomware actors to destroy or encrypt your backups, undermining your ability to recover from an attack. If you’re running Veeam, prioritize these patches and review who has access to your backup environment. This is about more than compliance; it’s about business continuity.Let’s shift to the threat landscape on the malware front. Researchers have uncovered a sophisticated campaign leveraging Remcos RAT, a remote access Trojan, using multi-stage payloads hidden in JavaScript and PowerShell scripts. This approach helps attackers evade traditional detection tools and establish persistent access. What’s notable here is the blending of scripting languages and the use of multiple stages to slip past defenses. The practical implication is clear: organizations need layered endpoint protection, robust script monitoring, and ongoing user awareness training. Attackers are getting smarter about bypassing signature-based defenses, so our detection strategies must evolve as well.Now, let’s talk about data breaches and reputational risk. Starbucks recently suffered a breach that exposed the personal information of hundreds of users. While the scale is limited compared to some mega-breaches, it’s a stark reminder that even well-resourced, consumer-facing brands remain vulnerable. The consequences of these incidents go beyond regulatory fines—they erode customer trust and can have lasting reputational impact. For security leaders, this is a cue to review data protection practices, especially around customer-facing platforms, and to ensure incident response plans are up to date and tested.Supply chain risk continues to escalate, and it’s not just a buzzword. Group-IB has profiled six supply chain attack groups that are expected to be major players in 2026. These groups are targeting software dependencies and third-party providers, exploiting the trust organizations place in their vendors. The SolarWinds attack a few years ago was a wake-up

Daily Cyber & AI Briefing with Michael Housch. This draft includes the assembled audio and full transcript for review before publication.TranscriptWelcome to today’s deep dive into the evolving world of cyber and AI risk. If you’re a security leader, risk executive, or simply someone who wants to understand the forces shaping enterprise security, you’re in the right place. Over the next several minutes, we’ll unpack the most pressing developments in cybersecurity and artificial intelligence, explore what they mean for organizations, and highlight practical steps you can take to stay ahead.Let’s start with the big picture. The cyber and AI risk landscape is more complex than ever. We’re seeing a convergence of advanced threats, a surge in regulatory activity, and rapid adoption of new technologies across industries. This isn’t just about more attacks or smarter hackers—it’s about the entire ecosystem shifting beneath our feet. The attack surface is expanding, adversaries are exploiting both technical and human vulnerabilities, and regulators are stepping up their scrutiny. To keep pace, organizations need not just technical vigilance, but also strategic governance, cross-functional risk management, and alignment with evolving compliance standards.Let’s break down the key developments shaping this environment.First up: Apple has released critical security updates for older iPhones and iPads, addressing active exploitation of what’s known as the Coruna vulnerability chain. Now, you might be thinking—why focus on legacy devices? The reality is, many organizations still have older hardware in their environments, whether it’s for compatibility, cost, or simply because those devices haven’t been inventoried and phased out. Attackers know this. The Coruna exploits allow adversaries to compromise devices running outdated software, which can then be used as a launchpad for lateral movement or data theft.The takeaway here is clear: comprehensive asset inventories and aggressive patch management are non-negotiable. It’s not enough to focus on the latest and greatest devices. Even end-of-life systems can become high-value targets if left unpatched. For CISOs and IT teams, this means regularly updating your inventory, ensuring you know exactly what’s connected to your network, and applying security updates across the board—regardless of device age.Moving on to Microsoft. This month’s Patch Tuesday included a fix for a critical zero-day vulnerability in Microsoft SQL Server, tracked as CVE-2026-21262. This flaw allowed attackers to execute arbitrary code, which is as serious as it gets for organizations relying on SQL Server for core business operations. Think about the potential impact: data breaches, ransomware attacks, or even the disruption of mission-critical services.Immediate patching is essential. If you’re running SQL Server, make sure your systems are up to date. Beyond that, this incident is a reminder of the importance of timely patch management for all critical infrastructure. Attackers move quickly once vulnerabilities are disclosed, and the window between discovery and exploitation is shrinking. Organizations that delay updates are putting themselves at unnecessary risk.Let’s talk about network infrastructure. Over 4,000 routers have been compromised by the KadNap malware, which exploits known vulnerabilities to gain persistent access to both corporate and home networks. This isn’t just a story about routers; it’s a broader lesson about the risks posed by unmanaged or poorly maintained network devices. Routers, switches, and other network hardware are often overlooked when it comes to patching and monitoring, but they can serve as footholds for broader attacks.For security leaders, the message is straightforward: prioritize network device patching, implement segmentation to limit the blast radius of a compromise, and monitor for anomalous traffic th

On today's episode of Cyber Scoops & Digital Shenanigans, host Mike Housch breaks down ten stories rattling the security world this week — from a Chrome zero-day already being exploited in the wild and a Chinese espionage group quietly living inside Dell infrastructure for 18 months, to ShinyHunters going car shopping at CarGurus and Texas AG Ken Paxton picking a legal fight with TP-Link over alleged CCP ties. It's a packed house — buckle up.

Today we dive into a wave of supply chain attacks hitting everything from Notepad++ to antivirus software, nation-state hackers targeting power grids, and why 175,000 exposed AI servers might be the next big headache for security teams. Plus, the White House just threw out software security rules—what could possibly go wrong?

In this eye-opening episode, Mike Housch covers the shocking story of US cybersecurity professionals who pleaded guilty to participating in ALPHV ransomware attacks, plus critical vulnerabilities like the React2Shell exploit affecting 85,000 systems, major data breaches at Covenant Health and the European Space Agency, WhatsApp metadata leaks, and a devastating $8.5M cryptocurrency wallet supply chain attack. From insider threats to IoT botnets, this episode covers the full spectrum of cybersecurity shenanigans kicking off the new year.

We're talking zero-days getting hammered left and right, embedded browsers that are more vintage than secure, and some serious exploitation happening in the wild.

We break down the newest frontiers of cyber defense and attack, including how Google is using a new User Alignment Critic to shield Chrome's agentic AI from prompt injection, and why a critical flaw in the Ruby SAML library demands immediate patching,. Plus, a deep dive into the sophisticated vishing campaign that weaponizes Microsoft Teams and QuickAssist to deploy fileless .NET malware,.

Host Mike Housch dives into the chaotic fallout from the maximum-severity React2Shell vulnerability, which caused a massive Cloudflare outage and rapid exploitation by threat actors. We also analyze another critical 10.0-rated flaw in Apache Tika, the surprising scale of global ransomware payouts, and the strategic shift toward phishing-resistant authentication like Passkeys.

This week, we dive deep into the sophisticated China-nexus threat WARP PANDA, which is relentlessly exploiting VMware vCenter environments with the BRICKSTORM malware, alongside urgent warnings about the actively exploited React2Shell vulnerability. We also analyze the destructive Shai-Hulud 2.0 supply chain attack that compromised thousands of repositories and review the latest defensive strategies unveiled at AWS re:Invent 2025.

We break down Google's urgent Android patches, including two actively exploited zero-days, and analyze the appearance of the new ShadowV2 IoT botnet leveraging known flaws. Plus, we look into why an AI-generated recipe card landed Google in hot water over content scraping and monetization.

Host Mike Housch dives into the latest major breaches, including 146,000 records stolen from Delta Dental of Virginia, and dissects critical zero-day exploitation confirmed by CISA. We also explore the emerging risks of Agentic AI, and hear from CISO experts aiming to retire cybersecurity myths, or "hacklore," that distract organizations from real threats.

Today we dive into Cloudflare's massive outage caused by a database mishap and track the alarming rise of ransomware targeting Amazon S3 misconfigurations. Plus, we uncover a global espionage network hidden inside 50,000 compromised Asus routers.

Threat actors are leveraging AI to run sophisticated phishing campaigns that mimic Fortune-500 marketing departments, making identity the most vulnerable target. We also dive into critical zero-day exploits impacting FortiWeb and the Ray AI framework, and explore the necessary shift toward behavior-based security defenses to counter modern threats.