This episode examines a fast-moving cyber risk landscape where software supply chain compromise, active exploitation, ransomware growth, OT exposure, mobile vulnerabilities, and AI security are converging into board-level priorities. We begin with a new supply chain attack targeting Red Hat npm packages in the @redhat-cloud-services namespace, using a variant of the Mini Shai-Hulud malware and reinforcing the need for stronger software provenance, third-party risk management, and continuous monitoring of open-source dependencies. The briefing also covers CISA's addition of Oracle WebLogic CVE-2024-21182 to its Known Exploited Vulnerabilities catalog after confirmed active exploitation, underscoring the operational and regulatory urgency around vulnerability management, automated patching, and legacy asset inventory. Ransomware remains a central enterprise threat, with Qilin and INC driving a reported 30% surge in attacks through tactics such as MFA fatigue bypass and targeting cloud backup APIs. Additional developments include cyberattacks against U.S. tank gauge systems, Google's June Android security update addressing 124 vulnerabilities including an actively exploited zero-day, Anthropic's expansion of Project Glasswing for critical infrastructure and NATO-aligned partners, and a new HTTP/2 denial-of-service risk affecting widely used web servers. Stay informed on the latest cybersecurity threats and the leadership implications shaping resilience, governance, and cyber risk strategy.