Sign up to save your podcasts
Or
Share Daily Cyber & AI Briefing — 2026-06-22
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Daily Cyber & AI Briefing — 2026-06-22
Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.
TranscriptToday’s cyber and AI risk environment is defined by a relentless pace of change, escalating threats, and a growing complexity that challenges even the most mature security programs. As organizations accelerate digital transformation and integrate AI into core business functions, the attack surface is expanding—and so are the tactics of adversaries. Today, we’ll break down the most critical developments shaping enterprise risk, with a focus on ransomware, supply chain vulnerabilities, AI governance, and the evolving regulatory landscape.
Let’s start with ransomware, which continues to evolve in both sophistication and impact. The latest example comes from a variant known as GentleKiller. This ransomware is making headlines for its ability to exploit vulnerable drivers to disable more than 400 endpoint detection and response, or EDR, security processes. By targeting drivers—those low-level software components that interact directly with hardware—attackers are able to operate below the radar of traditional security tools. Once these EDR processes are terminated, ransomware can move quickly to encrypt files and demand payment, often before defenders even realize what’s happening.
What does this mean for organizations? First, it’s a wake-up call to the limitations of relying solely on endpoint security solutions. Attackers are now routinely developing techniques to bypass or disable these defenses, often by exploiting weaknesses in third-party drivers that may have been overlooked or left unpatched. Security leaders need to prioritize monitoring for unauthorized driver installations, enforce strict patch management, and implement layered defenses that can detect and respond to process tampering at the kernel level. Behavioral analytics and threat hunting are becoming essential, not optional, in the fight against modern ransomware.
But ransomware isn’t the only threat exploiting gaps in enterprise defenses. The FortiBleed campaign is a stark reminder of the ongoing risks posed by unpatched network infrastructure. In this campaign, attackers are targeting vulnerabilities in Fortinet firewalls and VPN gateways to steal credentials. International cybersecurity agencies have issued warnings, emphasizing just how attractive VPNs have become as initial access points for attackers. The lesson here is clear: patching is not just a routine task—it’s a critical control. Organizations must also review VPN access logs for anomalies and reinforce multi-factor authentication for all remote access points. The days of relying on a username and password to protect sensitive systems are long gone.
Supply chain attacks are another area where we’re seeing increased activity and sophistication. The recent compromise of the Mastra NPM package, attributed to North Korean threat actors, underscores the risks inherent in today’s software supply chains. Open-source components are the backbone of modern development, but they also present opportunities for attackers to inject malicious code that can propagate downstream to thousands of organizations. For security leaders, this means enhancing software supply chain risk assessments, implementing code provenance checks, and closely monitoring for anomalous package updates. The integrity of your software dependencies is now a first-order risk.
We’re also seeing a rise in cybercriminal groups like ShinyHunters, who are employing a blend of credential theft, data exfiltration, and cloud exploitation to breach organizations. Recent incidents linked to this group illustrate the importance of robust identity and access management. It’s not enough to protect the perimeter; attackers are increasingly targeting cloud environments and exploiting weak or stolen credentials to move laterally and access sensitive data. Continuous monitoring, rapid incident response, and regular validation of access controls are essential to mitigate the impact of these attacks.
Legacy infrastructure remains a persistent weak spot. Attackers behind the AryStinger botnet are exploiting vulnerabilities in routers that are more than a decade old—devices that, in many cases, are no longer supported or patched by manufacturers. This is a classic example of long-tail risk: the older a device gets, the more likely it is to be forgotten, unpatched, and vulnerable. Asset inventory and lifecycle management are critical here. Organizations need to know what’s on their networks, segment legacy devices wherever possible, and plan for timely replacement or isolation of unsupported hardware. The cost of ignoring these risks can be substantial, as botnets built on outdated infrastructure can be leveraged for everything from DDoS attacks to launching further intrusions.
Let’s shift to the intersection of AI and cybersecurity, which is rapidly becoming a defining issue for risk leaders. The partnership between Okta and Google Cloud is a case in point. These two companies are joining forces to deliver enhanced security for AI-powered workforces, with a particular focus on identity management and secure access to AI tools. As organizations deploy AI across business functions, managing both human and machine identities becomes a complex challenge. Integrated solutions that address identity, access, and data governance are increasingly necessary, especially in hybrid and cloud environments. Security leaders should evaluate how such partnerships align with their own identity and access management, or IAM, strategies—and ensure that AI adoption doesn’t inadvertently introduce new risks.
Governance and audit readiness for AI and machine learning systems is another area of rapid development. The introduction of SOC 2 audit frameworks tailored specifically for AI and ML is gaining traction, with vendors like Continuum GRC offering risk management solutions to support compliance. As AI becomes embedded in critical business processes, demonstrating effective governance and control over these systems will be essential—not just for regulatory compliance, but also for maintaining stakeholder trust. Security teams should be prepared to document how AI models are trained, how data is handled, and how risks are monitored and mitigated throughout the lifecycle of AI deployments.
The market for AI security solutions is maturing quickly. F5’s launch of a new AI Security Platform, along with its acquisition of SurePath AI, signals a broader industry trend toward specialized tools for securing AI-driven applications and infrastructure. These platforms promise advanced threat detection and policy enforcement tailored to the unique characteristics of AI workloads. For organizations, the key is to assess the maturity, interoperability, and fit of these solutions within existing security architectures. Not every tool will be right for every environment, and integration challenges can introduce their own risks if not managed carefully.
AI is also fundamentally transforming the nature of enterprise data risk. With the adoption of AI, organizations face new challenges around data privacy, model integrity, and regulatory compliance. Security leaders are responding by updating risk frameworks, investing in AI-specific controls, and collaborating more closely with business units to ensure responsible AI use. Ongoing education is critical—both for security teams and for the broader workforce. Traditional security practices need to be adapted to account for the ways AI can be used to manipulate data, automate attacks, or inadvertently expose sensitive information.
Returning to ransomware, it’s worth noting that GentleKiller isn’t acting alone. The Prinz Eugen ransomware campaign is another example of attackers focusing on evading EDR solutions and targeting critical infrastructure. These developments reinforce the need for enhanced behavioral analytics, proactive threat hunting, and regular validation of EDR efficacy against emerging threats. Security teams can’t afford to take a set-it-and-forget-it approach to endpoint protection. Continuous improvement and validation are necessary to stay ahead of attackers who are constantly innovating.
We’re also seeing new entrants in the AI-driven cybersecurity space. TrendAI’s official launch in the UAE marks the arrival of another player offering advanced analytics and automation capabilities for enterprise security. The competitive landscape is heating up, and organizations need to assess the maturity and interoperability of these platforms before making significant investments. The right AI security tools can offer significant advantages, but only if they fit the organization’s risk profile and integrate smoothly with existing processes.
Legacy infrastructure risks are not limited to routers and endpoints. Recent analysis highlights that AI agents themselves can be vulnerable to hijacking when integrated with legacy systems. Technical debt—the accumulation of outdated code, unsupported platforms, and ad hoc integrations—can create hidden attack surfaces that are easily overlooked. Organizations must prioritize modernization and ensure that AI integrations do not inadvertently expand the attack surface. This means regular reviews of legacy systems, careful planning for upgrades, and a focus on secure-by-design principles when deploying new AI capabilities.
Stepping back, several strategic implications emerge from these developments. First, ransomware actors are escalating their ability to bypass traditional defenses, which means organizations must shift toward layered, behavior-based security controls. Relying on signature-based detection or static rules is no longer sufficient. Instead, organizations need to invest in technologies that can identify anomalous behavior, respond q
View all episodes
By Mike HouschDaily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.
TranscriptToday’s cyber and AI risk environment is defined by a relentless pace of change, escalating threats, and a growing complexity that challenges even the most mature security programs. As organizations accelerate digital transformation and integrate AI into core business functions, the attack surface is expanding—and so are the tactics of adversaries. Today, we’ll break down the most critical developments shaping enterprise risk, with a focus on ransomware, supply chain vulnerabilities, AI governance, and the evolving regulatory landscape.
Let’s start with ransomware, which continues to evolve in both sophistication and impact. The latest example comes from a variant known as GentleKiller. This ransomware is making headlines for its ability to exploit vulnerable drivers to disable more than 400 endpoint detection and response, or EDR, security processes. By targeting drivers—those low-level software components that interact directly with hardware—attackers are able to operate below the radar of traditional security tools. Once these EDR processes are terminated, ransomware can move quickly to encrypt files and demand payment, often before defenders even realize what’s happening.
What does this mean for organizations? First, it’s a wake-up call to the limitations of relying solely on endpoint security solutions. Attackers are now routinely developing techniques to bypass or disable these defenses, often by exploiting weaknesses in third-party drivers that may have been overlooked or left unpatched. Security leaders need to prioritize monitoring for unauthorized driver installations, enforce strict patch management, and implement layered defenses that can detect and respond to process tampering at the kernel level. Behavioral analytics and threat hunting are becoming essential, not optional, in the fight against modern ransomware.
But ransomware isn’t the only threat exploiting gaps in enterprise defenses. The FortiBleed campaign is a stark reminder of the ongoing risks posed by unpatched network infrastructure. In this campaign, attackers are targeting vulnerabilities in Fortinet firewalls and VPN gateways to steal credentials. International cybersecurity agencies have issued warnings, emphasizing just how attractive VPNs have become as initial access points for attackers. The lesson here is clear: patching is not just a routine task—it’s a critical control. Organizations must also review VPN access logs for anomalies and reinforce multi-factor authentication for all remote access points. The days of relying on a username and password to protect sensitive systems are long gone.
Supply chain attacks are another area where we’re seeing increased activity and sophistication. The recent compromise of the Mastra NPM package, attributed to North Korean threat actors, underscores the risks inherent in today’s software supply chains. Open-source components are the backbone of modern development, but they also present opportunities for attackers to inject malicious code that can propagate downstream to thousands of organizations. For security leaders, this means enhancing software supply chain risk assessments, implementing code provenance checks, and closely monitoring for anomalous package updates. The integrity of your software dependencies is now a first-order risk.
We’re also seeing a rise in cybercriminal groups like ShinyHunters, who are employing a blend of credential theft, data exfiltration, and cloud exploitation to breach organizations. Recent incidents linked to this group illustrate the importance of robust identity and access management. It’s not enough to protect the perimeter; attackers are increasingly targeting cloud environments and exploiting weak or stolen credentials to move laterally and access sensitive data. Continuous monitoring, rapid incident response, and regular validation of access controls are essential to mitigate the impact of these attacks.
Legacy infrastructure remains a persistent weak spot. Attackers behind the AryStinger botnet are exploiting vulnerabilities in routers that are more than a decade old—devices that, in many cases, are no longer supported or patched by manufacturers. This is a classic example of long-tail risk: the older a device gets, the more likely it is to be forgotten, unpatched, and vulnerable. Asset inventory and lifecycle management are critical here. Organizations need to know what’s on their networks, segment legacy devices wherever possible, and plan for timely replacement or isolation of unsupported hardware. The cost of ignoring these risks can be substantial, as botnets built on outdated infrastructure can be leveraged for everything from DDoS attacks to launching further intrusions.
Let’s shift to the intersection of AI and cybersecurity, which is rapidly becoming a defining issue for risk leaders. The partnership between Okta and Google Cloud is a case in point. These two companies are joining forces to deliver enhanced security for AI-powered workforces, with a particular focus on identity management and secure access to AI tools. As organizations deploy AI across business functions, managing both human and machine identities becomes a complex challenge. Integrated solutions that address identity, access, and data governance are increasingly necessary, especially in hybrid and cloud environments. Security leaders should evaluate how such partnerships align with their own identity and access management, or IAM, strategies—and ensure that AI adoption doesn’t inadvertently introduce new risks.
Governance and audit readiness for AI and machine learning systems is another area of rapid development. The introduction of SOC 2 audit frameworks tailored specifically for AI and ML is gaining traction, with vendors like Continuum GRC offering risk management solutions to support compliance. As AI becomes embedded in critical business processes, demonstrating effective governance and control over these systems will be essential—not just for regulatory compliance, but also for maintaining stakeholder trust. Security teams should be prepared to document how AI models are trained, how data is handled, and how risks are monitored and mitigated throughout the lifecycle of AI deployments.
The market for AI security solutions is maturing quickly. F5’s launch of a new AI Security Platform, along with its acquisition of SurePath AI, signals a broader industry trend toward specialized tools for securing AI-driven applications and infrastructure. These platforms promise advanced threat detection and policy enforcement tailored to the unique characteristics of AI workloads. For organizations, the key is to assess the maturity, interoperability, and fit of these solutions within existing security architectures. Not every tool will be right for every environment, and integration challenges can introduce their own risks if not managed carefully.
AI is also fundamentally transforming the nature of enterprise data risk. With the adoption of AI, organizations face new challenges around data privacy, model integrity, and regulatory compliance. Security leaders are responding by updating risk frameworks, investing in AI-specific controls, and collaborating more closely with business units to ensure responsible AI use. Ongoing education is critical—both for security teams and for the broader workforce. Traditional security practices need to be adapted to account for the ways AI can be used to manipulate data, automate attacks, or inadvertently expose sensitive information.
Returning to ransomware, it’s worth noting that GentleKiller isn’t acting alone. The Prinz Eugen ransomware campaign is another example of attackers focusing on evading EDR solutions and targeting critical infrastructure. These developments reinforce the need for enhanced behavioral analytics, proactive threat hunting, and regular validation of EDR efficacy against emerging threats. Security teams can’t afford to take a set-it-and-forget-it approach to endpoint protection. Continuous improvement and validation are necessary to stay ahead of attackers who are constantly innovating.
We’re also seeing new entrants in the AI-driven cybersecurity space. TrendAI’s official launch in the UAE marks the arrival of another player offering advanced analytics and automation capabilities for enterprise security. The competitive landscape is heating up, and organizations need to assess the maturity and interoperability of these platforms before making significant investments. The right AI security tools can offer significant advantages, but only if they fit the organization’s risk profile and integrate smoothly with existing processes.
Legacy infrastructure risks are not limited to routers and endpoints. Recent analysis highlights that AI agents themselves can be vulnerable to hijacking when integrated with legacy systems. Technical debt—the accumulation of outdated code, unsupported platforms, and ad hoc integrations—can create hidden attack surfaces that are easily overlooked. Organizations must prioritize modernization and ensure that AI integrations do not inadvertently expand the attack surface. This means regular reviews of legacy systems, careful planning for upgrades, and a focus on secure-by-design principles when deploying new AI capabilities.
Stepping back, several strategic implications emerge from these developments. First, ransomware actors are escalating their ability to bypass traditional defenses, which means organizations must shift toward layered, behavior-based security controls. Relying on signature-based detection or static rules is no longer sufficient. Instead, organizations need to invest in technologies that can identify anomalous behavior, respond q