Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.

Transcript

Welcome to today’s cyber and AI risk briefing. I’m Michael Housch, and in the next 15 minutes, we’ll unpack the most pressing developments shaping the risk landscape for CISOs, security leaders, and organizations navigating an increasingly complex digital environment. We’ll cover the latest active threats, emerging attack techniques, and the strategic shifts required to maintain resilience and trust as both cyber and AI risks evolve.

Let’s start with the big picture. The cyber threat landscape is moving faster than ever. Attackers are exploiting vulnerabilities in critical infrastructure—often before those vulnerabilities are even publicly disclosed. We’re seeing a marked increase in attacks targeting identity and cloud platforms, and, notably, adversaries are now turning their attention to the very AI security tools designed to protect us. This convergence of threats means that traditional perimeter defenses are no longer enough. Organizations need adaptive, layered controls that address both technical and human risks.

Governance, particularly around AI, is emerging as a central pillar of organizational resilience. It’s not just about adopting AI, but about how you govern it—how you measure risk, ensure compliance, and build trust with stakeholders. New metrics and independent assessments are quickly becoming the standard for responsible AI and cyber risk management.

With that context, let’s dive into the top items shaping today’s risk environment.

First up: CISA has issued an urgent alert regarding a newly discovered SD-WAN vulnerability. This flaw affects Cisco Catalyst SD-WAN Manager, a platform widely used to manage distributed network environments. Attackers are actively exploiting this vulnerability to gain unauthorized access, with the potential to move laterally within enterprise networks. Given how central SD-WAN is to remote connectivity and network segmentation, this is not a theoretical risk—it’s a real and present danger.

If your organization relies on SD-WAN, especially Cisco Catalyst, patching should be your top priority. But patching alone isn’t enough. Review your network segmentation policies and monitor for unusual activity around SD-WAN controllers. The goal is to prevent attackers from using this foothold to access sensitive parts of your network. This is a textbook example of how attackers exploit the complexity of modern infrastructure, and why rapid patch management and continuous monitoring are critical.

Next, let’s talk about Apache ActiveMQ. There’s a critical vulnerability—CVE-2026-34197—currently being exploited in the wild. Over 6,000 servers are exposed online, giving attackers a broad attack surface. The flaw allows for remote code execution, which can lead to data exfiltration or lateral movement across your environment. What’s striking here is the prevalence of unpatched systems, especially given how widely ActiveMQ is used for messaging and integration.

For organizations using ActiveMQ, immediate action is needed. Patch your systems, reduce unnecessary exposure, and review your incident response plans. This is a clear illustration of the challenges organizations face in managing vulnerabilities in open-source components. Attackers are counting on slow patch cycles and overlooked systems—don’t give them that opportunity.

Now, a concerning trend: GreyNoise has reported a surge in attacker activity immediately before public vulnerability disclosures. What does this mean? Adversaries are watching for early signals—maybe a researcher’s tweet, a commit in an open-source repo, or a subtle change in vendor documentation. They’re exploiting vulnerabilities before defenders even know what’s coming. This underscores the importance of integrating threat intelligence into your workflow

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.

Transcript

Today, we’re navigating a cyber risk environment that’s more complex than ever. The convergence of escalating cyber threats, rapid AI adoption, and shifting regulatory expectations is reshaping the way organizations approach risk and resilience. If you’re a security leader, a business executive, or just someone interested in the evolving digital landscape, today’s insights are going to be especially relevant.

Let’s start with the big picture. Across sectors, we’re seeing innovation outpace oversight, especially where artificial intelligence is involved. The healthcare sector, for instance, is feeling the pressure as AI-driven supply chains become more sophisticated, but the cybersecurity defenses meant to protect them are struggling to keep up. This isn’t just a technical issue—it’s a governance challenge. The gap between what’s possible and what’s protected is widening, and that creates real-world risk.

At the same time, we’re witnessing major exploits in decentralized finance, or DeFi, and persistent state-sponsored cyber campaigns. These aren’t isolated incidents. They’re reminders that even as we push forward with new technologies, the fundamentals of risk management—like incident response and supply chain vigilance—are more important than ever.

On the AI front, organizations are in a balancing act. There’s enormous potential to drive efficiency and innovation, but that comes with challenges around privacy, data authenticity, and regulatory compliance. New solutions are emerging to help address third-party risk and identity security, but governance is still a moving target. Regulatory frameworks, like the EU AI Act, are starting to take shape, but many organizations are still figuring out how to embed privacy and accountability throughout the AI lifecycle.

And we can’t ignore the human element. Reports are surfacing of security professionals being pressured to conceal incidents, and there’s a growing temptation to blame AI for operational failures. These trends reinforce the need for a strong security culture, transparent reporting, and executive-level engagement in risk governance.

Let’s dig into some of the most significant developments shaping today’s cyber and AI risk landscape.

First up is a major incident in the decentralized finance space. KelpDAO, a prominent DeFi platform, suffered a $292 million exploit. The impact was immediate and severe, causing a significant drop in DeFi’s total value locked. What does this mean for risk leaders? It’s a stark reminder that vulnerabilities in DeFi platforms can have outsized effects, not just on individual organizations, but on the broader ecosystem. The lesson here is clear: continuous monitoring, robust smart contract audits, and well-rehearsed incident response plans are non-negotiable for anyone exposed to crypto and DeFi risks. The pace of innovation in this space is relentless, but so are the attackers.

Turning to healthcare, the Healthcare Sector Coordinating Council has issued a warning that should be on every CISO’s radar. AI-driven supply chains are evolving faster than the cybersecurity defenses designed to protect them. This creates a growing risk of supply chain compromise, data breaches, and regulatory non-compliance. For healthcare and adjacent sectors, the call to action is to prioritize supply chain risk assessments, conduct thorough vendor due diligence, and align with emerging oversight frameworks. The complexity of AI-driven supply chains means that traditional security models are no longer sufficient. It’s about building resilience into every link of the chain.

State-sponsored cyber campaigns remain a persistent threat. Researchers have linked Iran’s Ministry of Intelligence and Security to a coordinated operation using multiple hacker p

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.

Transcript

Welcome to today’s cyber and AI risk briefing. The landscape we’re navigating is moving faster than ever, and the convergence of advanced cyber threats with rapid AI innovation is fundamentally changing the way organizations must think about risk. Whether you’re a CISO, a risk executive, or anyone responsible for safeguarding your enterprise, the stakes are rising—and so is the complexity.

Let’s start with the big picture. We’re seeing an accelerated arms race between attackers and defenders, fueled by AI-powered tools on both sides. Threat actors are leveraging increasingly sophisticated, autonomous attack methods, while defenders are deploying machine-speed responses and AI-driven analytics. This dynamic is no longer theoretical—it’s playing out in real time, and it’s reshaping the fundamentals of cyber risk management.

At the same time, critical vulnerabilities in widely used enterprise platforms continue to be a persistent source of risk. Today, we’ll break down several high-impact flaws in Microsoft’s core offerings—Active Directory, SharePoint, and BitLocker—that are being actively exploited or have the potential for significant damage if left unaddressed. We’ll also look at sector-specific trends, especially the manufacturing sector’s exposure to ransomware, and the evolving tactics attackers are using to weaponize trusted software components and cloud services.

On the AI front, we’re witnessing the rollout of specialized cybersecurity large language models, or LLMs, and a broader industry push toward secure AI architectures. These developments offer tremendous opportunity, but they also introduce new risks, from prompt injection attacks to governance challenges around autonomous AI systems.

So, what does this all mean for security leaders? The imperative is clear: prioritize rapid patching and vulnerability management, invest in AI-driven defense capabilities, and strengthen governance frameworks to address both traditional and emerging risks. The interplay between AI innovation and adversarial adaptation demands a proactive, strategic approach to resilience.

Let’s dive into the top items shaping the risk landscape today.

First, a critical vulnerability has been identified in Windows Active Directory. For those unfamiliar, Active Directory is the backbone of authentication and access management in most enterprise environments. This new flaw allows attackers to execute arbitrary malicious code, which is about as serious as it gets. If exploited, attackers could escalate privileges, move laterally across your network, and potentially compromise your entire environment. The practical implication here is simple but urgent: patch immediately. Beyond patching, review your Active Directory monitoring for any signs of anomalous activity. Privilege escalation and lateral movement often leave traces—look for them. This is not a vulnerability you can afford to deprioritize.

Next, we have a zero-day vulnerability in Microsoft SharePoint Server that’s being actively exploited in the wild. SharePoint is ubiquitous in enterprise collaboration, and this flaw allows attackers to gain unauthorized access and potentially exfiltrate sensitive data. The risk here is twofold: data confidentiality and data integrity. If you’re running SharePoint, your first step should be to apply any available patches without delay. Restrict external access where possible and review your access controls. The window between disclosure and exploitation is shrinking, so speed is of the essence.

Moving on to Windows BitLocker—a tool many organizations rely on to protect data, especially on lost or stolen devices. A newly disclosed vulnerability allows attackers to bypass BitLocker’s encryption protections. This undermines a critical security

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.

Transcript

Welcome to today’s cyber and AI risk briefing. I’m Michael Housch. Let’s get right into the developments shaping the security landscape right now, because the pace of change—especially with AI and cloud—isn’t slowing down for anyone.

Let’s start with the big picture. We’re seeing a convergence of rapid AI innovation, tightening regulatory oversight, and persistent exploitation of vulnerabilities across both cloud and software supply chains. This is creating a dynamic risk environment where security leaders need to be both proactive and adaptive.

A central theme today is the emergence of advanced AI agents and models—most notably Anthropic’s new ‘Mythos’ model. This isn’t just another incremental improvement in AI. Mythos has capabilities and a level of autonomy that’s drawing urgent attention from regulators, particularly in the financial sector. Global financial authorities are sounding the alarm, raising concerns about the systemic risks these kinds of autonomous AI models could pose to critical infrastructure and the stability of financial systems.

Why does this matter? Well, the financial sector is already one of the most heavily regulated industries when it comes to technology risk. The introduction of highly autonomous AI models like Mythos is a game-changer. These models can make decisions, execute transactions, and interact with other systems at a scale and speed that’s never been possible before. That’s great for efficiency, but it also means that any errors, misuse, or vulnerabilities could cascade rapidly through interconnected systems.

Regulators are responding with calls for urgent risk assessments and likely new compliance requirements. If you’re a CISO or risk executive in a regulated sector, this is your cue to review your AI governance frameworks. It’s not just about technical controls anymore—it’s about demonstrating to regulators that you have a handle on how AI is being deployed, monitored, and controlled within your organization.

Zooming in on the UK, financial regulators there are scrambling to assess the risks from Anthropic’s Mythos model. Their focus is on three main areas: potential misuse, lack of transparency, and the challenge of aligning AI behavior with regulatory expectations. The message here is clear—be prepared for increased engagement with regulators and anticipate new guidance or even mandates around AI risk management. If your organization is deploying or even experimenting with advanced AI, now is the time to get ahead of these conversations, not wait for the regulator’s letter to land on your desk.

While AI is dominating the headlines, attackers haven’t taken their foot off the gas when it comes to exploiting traditional vulnerabilities. In fact, we’re seeing a surge in sophisticated exploits, including the weaponization of developer platforms for phishing. Attackers are now leveraging trusted platforms like GitHub and Jira to deliver phishing payloads. This is a significant shift because these platforms are often implicitly trusted within organizations. Traditional email security controls don’t always inspect messages coming from these tools, which means phishing attempts can slip through the cracks.

The practical implication here is that security teams need to expand their monitoring and awareness training. It’s not enough to focus on email—collaboration and development platforms are now in the crosshairs. Make sure your teams understand the risks, and that your technical controls are able to flag suspicious activity, even if it’s coming from a source that’s typically considered safe.

Cloud security is another area where risks continue to materialize. Rockstar Games recently suffered a breach at a third-party cloud provider. This isn’t just a story about a high-profi

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.

Transcript

Welcome to today’s briefing on the evolving landscape of cyber and AI risk. If you’re a security leader, risk executive, or simply someone who wants to stay ahead of the curve, this episode will help you navigate the most pressing issues facing organizations right now. Let’s dive in.

We’re living in a time where the adoption of artificial intelligence across enterprises is accelerating at a pace that’s frankly outstripping the maturity of our security controls and governance frameworks. This isn’t just a matter of playing catch-up; it’s about recognizing that the scale and subtlety of risk are changing, and the old playbooks aren’t enough. AI agents and AI-assisted development are multiplying the opportunities for both human error and oversight challenges. Meanwhile, the threat environment remains as active as ever, with state-sponsored actors exploiting vulnerabilities in critical infrastructure, and attackers leveraging increasingly sophisticated social engineering and malware delivery techniques.

Let’s start with a look at some of the most important developments shaping the risk landscape today.

First up, we have a significant alert regarding industrial control systems. Over 5,200 Rockwell programmable logic controllers—PLCs—have been found exposed to the internet. These devices are the backbone of manufacturing and infrastructure operations. Their exposure is not a hypothetical risk; it’s an open invitation for remote exploitation, sabotage, or ransomware attacks. Iranian advanced persistent threat actors have already been observed targeting these systems. For risk leaders, this is a wake-up call. Asset discovery, network segmentation, and continuous monitoring of operational technology environments are no longer optional—they’re essential. The potential for catastrophic disruption is real, and it’s immediate.

Now, let’s talk about AI agents operating within enterprises. There’s a growing trend of deploying AI agents without adequate oversight from security teams. In many organizations, there’s little to no visibility into what these agents are doing, what data they’re accessing, or how they’re interacting with other systems. This creates significant blind spots for data leakage, privilege escalation, and compliance violations. The practical implication is clear: CISOs must move quickly to implement AI asset inventories, enforce policy controls, and develop monitoring capabilities tailored to both autonomous and semi-autonomous agents. If you don’t know what your AI is doing, you can’t secure it.

Closely related to this is the rapid adoption of AI-assisted development tools. These tools are designed to accelerate software development, but they’re also amplifying the risk of human error. Faster code generation without sufficient guardrails can lead to the propagation of insecure code, misconfigurations, and vulnerabilities—often at scale. Security and risk leaders need to prioritize secure development lifecycle practices, automated code review, and AI-specific governance. The goal is not to slow down innovation, but to ensure that speed doesn’t come at the expense of security.

Let’s shift gears to the threat landscape in the Middle East, where we’re seeing a sophisticated espionage campaign leveraging fake secure messaging applications to deliver ProSpy malware. This attack vector combines social engineering with advanced malware delivery, targeting sensitive communications and data exfiltration. For organizations with operations or partners in high-risk regions, this underscores the importance of user awareness, rigorous application vetting, and robust endpoint detection capabilities. The lesson here is that even trusted communication channels can be weaponized, and vigilance is critical.

In Taiwan, attackers

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.

Transcript

Welcome to today’s cyber and AI risk briefing. We’re looking at a landscape that’s more complex and fast-moving than ever before, with critical vulnerabilities emerging in core infrastructure, a surge in AI-driven risks, and new regulatory expectations shaping the way organizations need to think about resilience. Over the next fifteen minutes, I’ll break down the most significant developments, what they mean for your organization, and how leaders should respond.

Let’s begin with a story that illustrates just how interconnected our risks have become. Security researchers recently discovered that several Android apps were shipping with hardcoded Google API keys, inadvertently exposing Gemini AI endpoints to anyone who knew where to look. This isn’t just a technical slip-up—it’s a window into sensitive AI services, potentially allowing attackers to interact with or even manipulate AI-driven processes. The practical upshot is clear: as AI becomes embedded in mobile and cloud environments, the old ways of managing secrets and credentials aren’t enough. Organizations need robust secrets management and continuous code review, especially as more business logic and sensitive data flow through AI-powered systems. If you’re leading security for a company with a mobile footprint, this is your cue to audit your apps, review your key management, and make sure you’re not exposing the keys to your AI kingdom.

Moving to the backbone of enterprise security, both Palo Alto Networks and SonicWall have released critical patches for high-severity vulnerabilities in their products. These aren’t obscure systems—these are the firewalls and gateways that sit at the heart of thousands of organizations’ networks. Left unpatched, these flaws could allow remote attackers to compromise your infrastructure, disrupt operations, or exfiltrate sensitive data. The lesson here is as old as cybersecurity itself: patch early, patch often, and don’t assume that just because a device is core to your security stack, it’s immune from exploitation. Attackers are watching for slow movers. If you haven’t already, prioritize patching these systems and double-check your vulnerability management processes. It’s not just about compliance—it’s about keeping your business running.

But the threat landscape isn’t limited to technical vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency—CISA—has issued an alert for a critical flaw in Ivanti Endpoint Manager Mobile, or EPMM. This isn’t a theoretical risk; attackers are actively exploiting this vulnerability in the wild. If you’re using Ivanti EPMM, you need to patch immediately and monitor for signs of compromise. The broader lesson is that attackers are increasingly targeting the tools we use to manage our own devices and endpoints. Compromising a management platform gives them a foothold across your entire environment. As we rely more heavily on endpoint management, especially with hybrid and remote work, these platforms become high-value targets. Make sure your patching cadence matches the speed of exploitation we’re seeing in the wild.

Now, let’s zoom out and look at the global picture. Reports suggest that China has just suffered what may be the largest cyberattack in the country’s history, with massive volumes of sensitive data reportedly compromised. Details are still emerging, but the scale of this breach is a stark reminder that no nation, no matter how sophisticated, is immune from large-scale cyber operations. For organizations everywhere, this is a call to revisit your incident response plans and ensure you’re plugged into cross-border threat intelligence sharing. Nation-state actors and criminal groups are targeting critical infrastructure and government assets worldwide. The ripple effects from a brea

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.

Transcript

Welcome to the daily cyber and AI risk briefing. Today, we’re taking a close look at the evolving landscape of threats and challenges that organizations are facing in 2026. The pace of change in both cyber and artificial intelligence risk is relentless, and the stakes are higher than ever—especially for critical infrastructure, high-profile organizations, and sectors rapidly adopting AI.

Let’s start with the big picture. We’re seeing a surge in both traditional cyber threats and new governance challenges tied to AI. Critical infrastructure—think energy grids, healthcare systems, and financial institutions—remains a top target for sophisticated cybercriminals. At the same time, law firms, IoT devices, and edge infrastructure are facing heightened risks. The rapid adoption of AI, often outpacing the implementation of security and governance controls, is creating significant gaps that chief information security officers need to address urgently.

We’ll break down the most important developments you need to know about today, unpack their practical implications, and highlight what matters most for risk leaders.

Let’s begin with one of the most high-profile incidents making headlines: a sophisticated phishing campaign that’s hit a leading U.S. law firm, Jones Day. The attack is attributed to the cybercriminal group known as ‘Silent.’ Here’s what happened: attackers used targeted phishing emails to gain unauthorized access to the firm’s systems. The potential exposure includes sensitive client data and legal documents—assets that are incredibly valuable, not just to the firm, but to their clients as well. This breach is a stark reminder that professional services firms, especially those handling confidential or regulated information, are prime targets.

For CISOs and risk executives, this incident reinforces several priorities. First, advanced email security is non-negotiable. Basic spam filters are no longer enough; organizations need layered defenses that include threat intelligence, anomaly detection, and real-time response capabilities. Second, user training is essential. Even the most sophisticated technical controls can be undermined by a single click on a malicious link. Regular, realistic phishing simulations and ongoing awareness campaigns can help build a culture of vigilance. And finally, rapid incident response is critical. The faster you can detect and contain a breach, the more you can limit the damage—especially in environments where sensitive data is at stake.

Shifting gears, let’s talk about the evolving threat to IoT devices and edge infrastructure. The Masjesu botnet is making waves with its ability to launch distributed denial-of-service, or DDoS, attacks by compromising IoT devices and commercial routers. What makes Masjesu particularly concerning is its use of evasive techniques that make detection and mitigation challenging, even for well-defended organizations. We’re seeing these botnets being used in large-scale attacks against enterprise networks, leveraging the sheer number of vulnerable IoT endpoints.

The practical implication here is clear: as organizations deploy more connected devices—everything from smart sensors in manufacturing plants to connected medical equipment in hospitals—the attack surface expands dramatically. Security leaders need to prioritize three things. First, maintain a comprehensive inventory of all IoT assets. You can’t protect what you don’t know you have. Second, implement regular patching and firmware updates. Many IoT devices ship with default credentials or unpatched vulnerabilities, making them easy targets. And third, use network segmentation to isolate IoT devices from critical systems. This limits the ability of attackers to move laterally if a device is compromised.

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.

Transcript

Welcome to today’s deep dive into the evolving landscape of cyber and AI risk. The pace of change in this space is nothing short of remarkable, and as we look at the headlines and underlying trends, it’s clear that both the threats and the expectations for how organizations manage them are accelerating. Whether you’re a CISO, a risk executive, or a business leader with even a passing interest in digital resilience, there’s a lot to unpack. Let’s get right into it.

We’re seeing a surge in sophisticated exploits and a rapid-fire tempo from ransomware operators. At the same time, AI is fundamentally reshaping both the risk landscape and the regulatory environment. The convergence of these trends means that traditional approaches to cybersecurity and risk management are being tested as never before.

Let’s start with a story that really captures the urgency of the moment. The Medusa ransomware group has been making headlines for its ability to exploit zero-day vulnerabilities within just 24 hours of their public disclosure. Think about that for a second. The time between a vulnerability being made public and it being weaponized by threat actors has shrunk to almost nothing. Medusa, along with actors like Storm-1175, is targeting web-facing systems—those critical assets that are often the first line of exposure for an organization. The implication here is stark: defenders have less time than ever to identify, patch, and mitigate new vulnerabilities before attackers are already inside.

This isn’t just a theoretical risk. SecurityWeek, TechNadu, and other leading sources are reporting that Medusa’s campaigns are leveraging these newly discovered flaws with unprecedented speed. The window for effective defense and response is compressing, and that means organizations need to rethink their vulnerability management strategies. Real-time intelligence, automated patching, and a clear understanding of your most exposed assets are now table stakes.

And it’s not just Medusa. The U.S. Cybersecurity and Infrastructure Security Agency—CISA—has issued an alert on an actively exploited zero-day vulnerability in Fortinet products. Fortinet is a mainstay of perimeter defense for thousands of organizations worldwide. When a flaw in such a widely used platform is being exploited in the wild, the risk is immediate and significant. If you rely on Fortinet, the message is clear: patch now, review your deployments, and monitor for signs of unauthorized access or lateral movement. The consequences of delay can be severe, ranging from data breaches to ransomware infections that can cripple operations.

Now, while software vulnerabilities have long been the main focus, we’re seeing attackers innovate at the hardware level as well. A recent report from SecurityWeek details a novel attack called “GPUBreach.” In this case, researchers achieved root shell access—a level of control that essentially gives an attacker the keys to the kingdom—using a GPU-based Rowhammer exploit. Traditionally, Rowhammer attacks have targeted CPU memory, but this new variant shows that GPUs in servers and workstations are now viable targets for privilege escalation. For security teams, this means reviewing hardware configurations and monitoring for unusual GPU activity is becoming just as important as patching software.

The attack surface is also expanding through cloud services and SaaS components. Over 15,000 Flowise instances remain exposed to a critical injection vulnerability, according to gbhackers.com, and attackers are actively exploiting these weaknesses. This highlights a persistent challenge: unpatched cloud-native assets can be discovered and compromised at scale. Continuous asset discovery, vulnerability scanning, and automated remediation are essential, especially

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.

Transcript

Welcome to today’s cyber and AI risk update. I’m Michael Housch. Let’s get right into the major developments shaping the risk landscape as of April 6th, 2026.

The cyber and AI threat environment continues to evolve at a rapid pace. We’re seeing a convergence of advanced adversaries, new vulnerabilities, and the accelerating adoption of artificial intelligence across critical sectors. These trends are creating both operational and strategic challenges for risk leaders, especially as regulatory and workforce pressures mount.

Let’s start with one of the most pressing issues: the cybersecurity skills crisis. The latest SANS 2026 report paints a stark picture. The shortage of skilled cybersecurity professionals is deepening, with critical infrastructure and operational technology—often referred to as OT—bearing the brunt. Organizations in these sectors are struggling to fill essential security roles, and that’s translating directly into increased breach risk. The impact isn’t theoretical; it’s measurable and growing.

The implications here are significant. For leaders in risk, security, and operations, this isn’t just a staffing problem—it’s an operational risk that can undermine business continuity. The traditional approach of hiring more talent simply isn’t keeping up with demand. To address this, organizations are increasingly turning to automation, workforce development programs, and managed security services. The bottom line is clear: without a focused strategy to close the skills gap, critical systems remain exposed, and the risk of disruptive incidents climbs.

Now, let’s talk about technical vulnerabilities—and specifically, zero-day exploits. Fortinet, a key player in endpoint management and security, has just released emergency patches for actively exploited zero-day vulnerabilities in its FortiClient EMS product. These flaws have been targeted in the wild, putting organizations that rely on Fortinet solutions at immediate risk. If your organization uses Fortinet for endpoint management, patching should be at the top of your priority list. The prevalence of Fortinet in critical environments means that attackers see these platforms as high-value targets. Quick action is essential to prevent compromise.

This isn’t an isolated incident. We’re seeing a broader trend of supply chain attacks and zero-day exploits affecting major vendors and platforms. Just this past week, a supply chain attack targeted Guardarian users through malicious Strapi NPM packages. This highlights the persistent risk associated with third-party software dependencies—especially in cloud and identity services. The lesson here is that continuous monitoring of third-party components, strict controls on package sourcing, and robust integrity verification are no longer optional. They’re foundational to any modern security program.

On the regulatory front, the landscape is getting more complex, not less. The OECD is pushing for risk-based regulatory frameworks for software, with a particular focus on AI, energy, and supply chain vulnerabilities. This reflects a growing international consensus: not all risks are created equal, and controls should be tailored to the specific risk profile of each system or application. However, for multinational organizations, this means compliance is becoming more granular and sector-specific. Keeping up with evolving standards—like the new ISO/IEC 42001 for AI governance—will require dedicated resources and cross-functional alignment.

But regulatory fragmentation is a real and growing challenge, especially in the United States. Despite mounting pressure, Congress has yet to pass any comprehensive federal AI legislation. Meanwhile, 40 states are actively drafting their own rules. The result is a patchwork of requirem

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.

Transcript

Welcome to today’s cyber and AI risk briefing. I’m Michael Housch, and over the next fifteen minutes, I’ll walk you through the most significant developments shaping the risk landscape right now. We’re seeing a surge in high-impact cyber incidents, a rapidly evolving threat environment, and growing pressure on organizations to rethink how they manage both cyber and AI risks. Let’s dive in.

Let’s start with a story that’s sending shockwaves through the AI industry: the recent breach at Mercor, an AI-driven recruiting platform. Attackers managed to exfiltrate a staggering four terabytes of sensitive data. To put that in perspective, that’s millions of files—potentially including resumes, employment records, proprietary algorithms, and communications between employers and candidates. This isn’t just a headline; it’s a wake-up call for any organization leveraging AI platforms to handle large volumes of personal or business-critical information.

The Mercor breach underscores three core issues. First, the sheer scale of data managed by AI platforms means a single breach can have outsized consequences. Second, many organizations still treat their AI vendors as black boxes, assuming security is someone else’s problem. And third, incident response plans often don’t account for the unique data flows and integration points that AI services introduce. If your business is using AI-driven tools—whether for recruiting, analytics, or customer service—now is the time to revisit your vendor due diligence, ensure you have clear contractual security requirements, and rehearse your incident response playbook with these new realities in mind.

Unfortunately, Mercor isn’t alone. Another incident making headlines involves a money-transfer application that exposed customer passport images for nearly five years. The cause? Sensitive documents were stored on an unencrypted, publicly accessible cloud server. This isn’t a sophisticated attack; it’s a basic misconfiguration—a mistake that left highly sensitive identity documents open to anyone who knew where to look. The implications are severe: not only does this create a goldmine for identity thieves, but it also puts the company at risk of regulatory penalties, lawsuits, and lasting reputational damage.

What’s the lesson here? Cloud security is not a “set it and forget it” proposition. Even mature organizations can fall victim to simple mistakes—especially when cloud environments are complex, and responsibilities are split between internal teams and third-party vendors. Regular cloud security assessments, strict access controls, and continuous monitoring are not optional. They’re essential for protecting both your business and your customers.

Shifting gears, let’s talk about a vulnerability that’s being actively exploited right now: React2Shell. Attackers are leveraging this flaw to compromise over 700 Next.js hosts in a large-scale credential harvesting campaign. For those less familiar, Next.js is a popular web framework used by thousands of organizations to build modern applications. The React2Shell vulnerability allows attackers to execute malicious code and steal user credentials, often before defenders even know what’s happening.

This campaign highlights the speed at which attackers weaponize new vulnerabilities. Within days of the flaw being disclosed, threat actors had automated their attacks and were targeting organizations at scale. If your organization uses Next.js or related frameworks, it’s critical to prioritize patching, monitor for indicators of compromise, and review your application security practices. This isn’t just about one vulnerability—it’s about building the muscle for rapid response as new threats emerge.

On a related note, Google recently released an emergency patc