Daily Cyber & AI Briefing — 2026-06-16

Daily Cyber & AI Briefing — 2026-06-19

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript. TRANSCRIPT Today’s risk environment is shaped by a convergence of critical cybersecurity vulnerabilities and the accelerating challenges of AI governance. We’re seeing multiple high-impact exploits in active use, targeting widely deployed platforms like Splunk Enterprise and NGINX, while sophisticated malware campaigns are increasingly abusing cloud infrastructure and supply chain components. These incidents are a stark reminder of how quickly attackers can weaponize new vulnerabilities, exploiting gaps in enterprise defenses—especially in areas like identity management and third-party integrations. At the same time, the rapid adoption of AI across industries is exposing significant governance and oversight gaps. Organizations are struggling to keep up with the risks posed by increasingly autonomous AI systems, shortfalls in data governance, and the integration of AI into sensitive business functions such as financial crime detection and compliance. While regulators and industry groups are responding with new frameworks and certifications, the pace of technological change continues to outstrip the development of robust governance mechanisms. For security and risk leaders, this raises the stakes and demands a holistic, agile approach to risk management—one that balances technical controls with strong organizational governance. Let’s break down the most important developments shaping today’s cyber and AI risk landscape. First, the Cybersecurity and Infrastructure Security Agency—CISA—has issued an urgent warning about a critical vulnerability in Splunk Enterprise. This flaw is being actively exploited in the wild, and it allows attackers to execute unauthorized actions within affected systems. Given Splunk’s widespread use as a log management and security analytics platform, the potential impact here is significant. If exploited, this vulnerability could lead to data breaches, system compromise, or even lateral movement across the enterprise network. The practical implication is clear: organizations running Splunk Enterprise need to prioritize patching immediately. But it’s not just about applying the patch—security teams should also step up monitoring for suspicious activity, especially around Splunk instances. And incident response plans should be reviewed and updated to account for the possibility of Splunk exploitation. This is a classic example of how a single critical vulnerability in a core platform can become a high-leverage attack vector for threat actors. Moving on to NGINX, F5 has released patches for critical remote code execution vulnerabilities affecting the HTTP/3 and HTTP/2 modules. These flaws could allow attackers to take control of servers running NGINX, which underpins a huge swath of the world’s web infrastructure. The risk is especially acute for internet-facing deployments, where attackers can quickly scan for and exploit unpatched systems. The message here is straightforward: apply the NGINX patches without delay. Organizations should also assess their exposure, especially if they have custom configurations or use NGINX in high-availability or cloud environments. As always, prompt patching is the first line of defense, but ongoing monitoring for anomalous behavior is essential, given the potential for zero-day exploitation. Shifting gears to malware campaigns, researchers have identified a new threat called CryptoBandits. This malware is notable for its dual purpose: it acts as a backdoor, granting persistent access to compromised systems, and it leverages the Tor network for command-and-control communications. By using Tor, CryptoBandits makes it much harder for defenders to detect and block its traffic, increasing the difficulty of eradication. For security teams, this means enhancing network monitoring specifically for Tor traffic. Endpoint protection strategies should be reviewed and updated to address the evolving tactics used by malware authors. The use of anonymizing networks like Tor for command-and-control is a growing trend, and defenders need to be proactive in detecting these stealthy channels. Another emerging threat is the HazyBeacon malware, which abuses AWS Lambda URLs to establish stealthy command-and-control channels in cloud environments. This technique allows attackers to bypass traditional network defenses, as outbound connections to AWS services are often considered benign and are less likely to be scrutinized. Cloud security teams should take note: it’s important to review Lambda usage within your environment, monitor for anomalous outbound connections, and tighten IAM permissions to limit the attack surface. As cloud infrastructure becomes more central to business operations, attackers are finding creative ways to blend in with legitimate traffic, making detection more challenging. Supply chain attacks also remain a major concern. The SmartApeSG threat group is exploiting vulnerabilities in the Okendo Reviews widget, a popular component used in e-commerce platforms. By compromising this third-party integration, attackers can inject malicious code into customer-facing websites, leading to data theft and reputational damage. This highlights the persistent risk of supply chain compromise. E-commerce and supply chain security teams should regularly audit third-party integrations, enforce strict vendor risk management protocols, and ensure that any external components are kept up to date with the latest security patches. The attack surface created by third-party tools and widgets is often underestimated, but as this incident shows, it can be a direct path to customer data and brand trust. In the manufacturing sector, we’re seeing a shift toward identity-driven attacks. Doppel, a threat intelligence provider, warns of a surge in credential leaks and vishing attacks targeting manufacturing organizations. Attackers are exploiting weak identity controls to gain access to critical systems, often using stolen credentials or social engineering tactics to bypass traditional defenses. For manufacturing CISOs, the takeaway is to prioritize identity security—implementing robust authentication mechanisms, educating users about phishing and vishing risks, and ensuring rapid response to credential exposures. Incident response readiness is crucial, as attackers are increasingly targeting the human element to gain a foothold in operational environments. Turning to AI governance, Teramind has highlighted a significant gap across enterprises. Many organizations lack adequate frameworks to manage the risks associated with AI deployment. This governance shortfall increases exposure to compliance violations, ethical lapses, and operational failures. As AI becomes more deeply integrated into business processes, the consequences of poor governance can be severe—from biased decision-making to data privacy breaches. Risk leaders should accelerate the development and enforcement of AI governance policies. This includes oversight of AI model deployment, ongoing monitoring for unintended consequences, and clear accountability structures. The goal is to ensure that AI systems are not only effective but also trustworthy and compliant with emerging regulations. A related challenge is the rise of agentic AI—systems capable of autonomous decision-making. These agentic systems introduce new cybersecurity risks, as they can act unpredictably and may be susceptible to manipulation by adversaries. Traditional risk management strategies may not be sufficient to address the unique characteristics of agentic AI. Security leaders need to adapt by implementing enhanced monitoring, ensuring explainability of AI decisions, and building in fail-safe mechanisms to prevent unintended actions. The unpredictability of autonomous systems means that oversight and control must be built into the design and operation of AI from the outset. As AI systems become more complex, traditional human oversight is increasingly insufficient. DevOps.com underscores the importance of embedding data governance throughout the software development lifecycle—SDLC—to ensure the reliability, security, and compliance of AI solutions. Automated governance tools and cross-functional collaboration are key to closing oversight gaps and maintaining control as AI scales across the organization. Another area where AI is exposing risk is in mergers and acquisitions. During M&A activity, integration gaps in data management and process alignment often persist, and the introduction of AI can exacerbate these vulnerabilities. Poorly managed integration can lead to security weaknesses and operational inefficiencies post-merger. Risk executives should incorporate AI risk assessments and governance reviews into M&A due diligence and integration planning. This helps ensure that both legacy and new AI systems are aligned with organizational standards and that potential vulnerabilities are addressed before they can be exploited. On the regulatory front, we’re seeing the emergence of industry certifications for AI. Facewatch recently achieved AI certification for its facial recognition technology, reflecting growing scrutiny and the need for demonstrable compliance in AI deployments. Certifications are becoming key benchmarks for privacy, fairness, and accountability, and security and compliance leaders should monitor these developments closely. Ensuring that your own AI systems meet emerging standards is not just about regulatory compliance—it’s also about building trust with customers, partners, and stakeholders. As certification schemes mature, they will play an increasingly important role in risk mitigation and competitive differentiation. In the

Daily Cyber & AI Briefing — 2026-06-18

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript. TRANSCRIPT Today’s risk landscape is marked by a convergence of fast-moving cyber threats and the growing influence of artificial intelligence, both as an attack vector and as a governance challenge. Organizations are facing a surge in high-impact software vulnerabilities, active exploitation of widely used enterprise platforms, and a steady evolution in attacker tactics—including the blending of traditional methods with AI-driven techniques. At the same time, regulatory and stakeholder scrutiny around AI governance is intensifying, with new standards and frameworks emerging in response to both technical and ethical risks. Let’s dig into the most pressing developments and what they mean for security and risk leaders. We’ll start with critical software vulnerabilities making headlines today. Mozilla has released Firefox version 152 to address multiple critical vulnerabilities that could allow for remote code execution. This is a significant concern because attackers exploiting these flaws can potentially take control of affected systems with nothing more than a user visiting a malicious website. With Firefox being a staple in both consumer and enterprise environments, the risk of exploitation is not theoretical. If attackers gain a foothold through a browser, they can often move laterally within a network, escalating privileges and compromising additional assets. The practical takeaway is straightforward: patch Firefox immediately. Security teams should verify that the latest version is deployed across their environments and keep an eye out for any unusual browser activity, which could indicate attempted or successful exploitation. Shifting to enterprise infrastructure, F5 has issued emergency, out-of-band patches for critical vulnerabilities in NGINX. NGINX is a core component in many organizations’ web infrastructure, acting as a reverse proxy and web application firewall. The vulnerabilities in question could allow attackers to bypass security controls or execute arbitrary code on affected systems. The fact that these patches were released outside of the regular update cycle signals either active exploitation or a very high risk of imminent attacks. For organizations running NGINX, patching should be prioritized. It’s also wise to review web application firewall and reverse proxy configurations for any signs of compromise, and to monitor for anomalous traffic or behavior that could suggest an attacker is already present. Microsoft has confirmed a zero-day vulnerability in its Defender product, currently referred to as “RoguePlanet.” Details are still limited, but this is a particularly sensitive issue because Defender is a core endpoint security tool for many organizations. A compromise here could undermine defense-in-depth strategies, potentially allowing attackers to disable security controls or evade detection. Microsoft is still working on a patch, so in the meantime, security teams should closely monitor Microsoft advisories, consider implementing compensating controls, and be alert for any signs of suspicious activity related to Defender. This is a developing situation, and timely response will be critical in minimizing exposure. Turning to security monitoring platforms, a vulnerability in the Splunk AI Toolkit has been disclosed that allows attackers to execute arbitrary operating system commands. This is a high-impact risk because Splunk is often used as a central hub for security analytics and incident response. If an attacker can compromise Splunk, they may be able to tamper with logs, disable alerts, or even use the platform as a launchpad for further attacks. The recommended action is immediate patching, followed by a thorough review of Splunk instance logs for any anomalous or unauthorized activity. Organizations should also assess whether their Splunk deployments are exposed to the internet or accessible from less-trusted network segments, as this increases the risk of exploitation. WordPress continues to be a popular target, and today’s briefing highlights active exploitation of a vulnerability in a widely used SMTP plugin, affecting over 100,000 installations. Successful exploitation can give attackers access to sensitive data and facilitate further attacks on connected systems. For organizations with WordPress deployments, the guidance is clear: update affected plugins as soon as possible and conduct an audit for unauthorized access or signs of data exfiltration. Given the prevalence of WordPress in both public-facing and internal applications, even a single vulnerable plugin can serve as an entry point for attackers. Attackers are also evolving their tactics to blend in with trusted platforms. The DragonForce threat group, for example, is now leveraging Microsoft Teams relays to evade detection and maintain persistence within enterprise environments. By abusing trusted collaboration channels, they can move laterally and exfiltrate data while bypassing traditional security controls. This is a reminder that collaboration tools, which have become essential for remote and hybrid work, are now part of the attack surface. Security teams should enhance monitoring of Teams activity, looking for unusual patterns or behaviors, and provide user education to help employees recognize and report suspicious activity within these platforms. A new adversary-in-the-middle attack, utilizing the Evilginx framework, is capturing Microsoft credentials, multi-factor authentication tokens, and authenticated sessions. This technique allows attackers to bypass even MFA protections and maintain access to accounts even after passwords are changed. The implication here is that traditional MFA is not a silver bullet. Organizations should consider moving toward phishing-resistant authentication methods, such as hardware security keys or passkeys, and should monitor for unusual session activity that could indicate compromised credentials or tokens. Remote monitoring tools, which are often used for legitimate IT management and support, are increasingly being abused by threat actors to bypass signature-based detection mechanisms. This trend makes it more challenging to distinguish between legitimate administrative activity and malicious behavior, complicating threat hunting and incident response. To address this, organizations should implement behavioral analytics to detect abnormal usage patterns and restrict remote tool usage to authorized personnel only. Regular audits of remote access logs can also help identify potential misuse. Attackers are also leveraging native scripting languages—such as PowerShell, VBScript, and BAT files—to deliver the Xctdoor backdoor. By using built-in scripting capabilities, they can evade many traditional defenses that rely on signature-based detection. The Xctdoor backdoor enables persistent access and data theft, making it a serious risk for affected organizations. Enhanced script monitoring and tighter endpoint controls are recommended. Security leaders should ensure that only authorized scripts are allowed to run and that any deviations from normal scripting activity are promptly investigated. A proof-of-concept exploit has been released for a remote denial-of-service vulnerability in Apache HTTP Server’s HTTP/2 implementation. This so-called “HTTP/2 bomb” could allow attackers to disrupt web services at scale, potentially impacting availability for critical applications. Organizations running Apache HTTP Server should apply the relevant patches and monitor for abnormal traffic patterns that could indicate an attempted denial-of-service attack. Proactive measures here can help mitigate the risk of service outages and maintain business continuity. Shifting gears to artificial intelligence, there’s a notable trend toward professionalizing AI governance. Multiple organizations, including G-P and Daon, have recently achieved ISO/IEC 42001 certification. This standard is quickly emerging as a benchmark for trust, transparency, and ethical AI deployment. The growing adoption of ISO/IEC 42001 reflects increasing regulatory and stakeholder expectations around AI risk management. For CISOs and risk leaders, it’s time to assess your organization’s AI governance maturity and consider aligning with emerging standards. This not only helps with compliance but also builds trust with customers, partners, and regulators. AI’s influence is also extending into critical sectors such as biology and nuclear technology. The integration of AI into these domains is amplifying both opportunities and risks, prompting calls for updated governance frameworks. As AI capabilities expand, so too do the potential threat vectors—from the misuse of AI in developing biological agents to the automation of nuclear command and control systems. Security and risk leaders must anticipate new regulatory requirements and adapt their risk assessments accordingly. This is an area where cross-disciplinary collaboration will be essential, bringing together expertise from cybersecurity, safety, ethics, and sector-specific domains. Let’s take a step back and look at the strategic implications of these developments. First, patch management processes need to be agile and prioritized for high-impact vulnerabilities—especially those with active exploits or affecting core infrastructure. The days of quarterly patch cycles are over; organizations must be able to respond quickly as new threats emerge. Second, AI governance is rapidly maturing. ISO/IEC 42001 is becoming a touchstone for organizations looking to demonstrate responsible AI practices. Preparing for increased scrutiny means not only having policies and controls in place, but also being able to show evidence of effective risk manage

Daily Cyber & AI Briefing — 2026-06-17

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript. TRANSCRIPT Today’s cyber and AI risk landscape is marked by an unrelenting pace of change, with new vulnerabilities, attack campaigns, and governance challenges surfacing daily. Let’s walk through the most significant developments shaping enterprise risk today, and what they mean for security leaders, technology teams, and organizations navigating this complex environment. We’re seeing a surge in critical zero-day vulnerabilities, with attackers actively exploiting both legacy enterprise systems and widely used security tools. At the same time, ransomware campaigns continue to evolve, targeting not just traditional IT assets but also critical infrastructure and supply chain components. Overlaying all of this is the persistent challenge of balancing rapid AI innovation with the need for robust security governance—a tension that’s only intensifying as organizations race to deploy new AI capabilities. Let’s start with the headline item: Microsoft has confirmed a critical zero-day vulnerability in Microsoft Defender, known as “RoguePlanet.” This is a significant development, as Defender is a core security product deployed across millions of endpoints worldwide. The vulnerability is being actively exploited, and as of now, no patch is available. What makes RoguePlanet particularly concerning is its ability to bypass endpoint protections, potentially enabling attackers to move laterally within networks and exfiltrate sensitive data. For security leaders, this means immediate action is required. Monitoring for anomalous Defender activity should be a top priority. Review your endpoint detection rules, look for unusual process behaviors, and ensure your incident response plans are ready to activate as soon as a patch is released. This is a classic example of why rapid detection and response capabilities are so critical—when a widely used security tool itself becomes a vector for attack, the window for containment can be very narrow. Moving to enterprise software, the U.S. Cybersecurity and Infrastructure Security Agency has issued a warning about a zero-day vulnerability in Oracle PeopleSoft. Attackers are exploiting this flaw in active ransomware campaigns, using it as an entry point to deploy ransomware payloads. Organizations running legacy ERP deployments are particularly at risk, as these environments often lag behind in patching and may have exposures that are difficult to quickly remediate. Immediate mitigation steps here include reviewing your PeopleSoft exposure, applying any available workarounds, and enhancing monitoring for suspicious activity. This incident underscores the ongoing risk posed by legacy systems—while they’re often mission-critical, they can also become soft targets for attackers looking for a foothold inside the enterprise. On the macOS front, a new malware campaign dubbed “Sapphire Sleet” is escalating. This campaign is notable for its use of legitimate system tools, such as curl and osascript, to execute multi-stage payloads. Attackers are using social engineering tactics, including fake update dialogs, to trick users into initiating the infection process. The use of native tools makes detection more difficult, as the activity can blend in with legitimate processes. For organizations with significant macOS deployments, this highlights the importance of reinforcing user awareness, restricting script execution, and closely monitoring for unusual process behaviors. Social engineering remains a highly effective technique, and when combined with sophisticated payload delivery methods, it can bypass traditional security controls. Critical infrastructure is also under siege. The Adriatic Port Authority recently suffered a ransomware attack attributed to the Anubis group. This incident exposed significant vulnerabilities in maritime infrastructure, demonstrating the sector’s susceptibility to operational disruption and data loss. The implications here go beyond IT—when ports or other critical infrastructure are compromised, the ripple effects can impact supply chains, transportation, and even national security. Risk leaders in sectors like maritime, energy, and transportation should take this as a call to reassess network segmentation, backup strategies, and incident response plans for operational technology and industrial control systems. The convergence of IT and OT environments means that ransomware can now have real-world, physical consequences, not just data loss or downtime. The education sector is facing its own wave of threats. Educational technology platforms, or EdTech, are experiencing a marked rise in both data breaches and ransomware incidents. The rapid digitalization of education, combined with often limited security resources, makes these platforms attractive targets for cybercriminals. Sensitive student and staff data is at risk, and the impact of a breach can be both reputational and regulatory. For CISOs in education and related fields, the priorities should be clear: conduct thorough third-party risk assessments, strengthen controls around sensitive data, and ensure that incident response plans are up to date. As EdTech adoption accelerates, so too does the need for robust security governance. Shifting to the software development lifecycle, new analysis highlights that developer machines and supply chain components remain high-value targets for attackers. Compromised developer endpoints can introduce malicious code directly into production environments, while insecure supply chains amplify the risk of widespread compromise. Attackers are increasingly leveraging sophisticated, multi-stage payloads and novel command-and-control channels, particularly targeting both macOS and Windows environments. Security leaders should be enforcing least privilege on developer machines, implementing code signing, and monitoring for anomalous developer activity. The integrity of the software supply chain is now a board-level concern, as a single compromised component can have cascading effects across the enterprise and its customers. Now, let’s turn to the AI front, where the pace of innovation is creating its own set of risks. Recent research reveals that nearly 70% of executives are prioritizing speed over security when it comes to AI deployments. This is a striking statistic, and it has real implications for governance, data privacy, and regulatory compliance. When organizations rush to deploy AI models without embedding security from the outset, they open themselves up to risks like data leakage, model manipulation, and non-compliance with emerging regulations. Organizations should be revisiting their AI governance frameworks, ensuring that security is not an afterthought but an integral part of the development and deployment process. This includes model validation, data integrity checks, and clear accountability for AI outcomes. The challenge, of course, is balancing the pressure for speed and innovation with the need for robust oversight—a tension that is only going to intensify as AI adoption accelerates. On the positive side, we are seeing the emergence of multiple AI risk management frameworks designed to address these governance and security gaps. These frameworks focus on areas like model validation, data integrity, and accountability, and are being adopted across industries. However, operationalizing these frameworks remains inconsistent. Success depends on strong executive sponsorship and cross-functional collaboration, bringing together IT, security, legal, and business leaders to ensure that AI risk management is both comprehensive and actionable. In line with this trend, Inspira Enterprise has partnered with ServiceNow to expand AI governance and enterprise services. This partnership aims to help organizations manage AI risk at scale, reflecting a broader industry push toward integrated platforms for AI oversight. The challenge, however, lies in aligning governance with business agility—finding ways to keep pace with innovation without sacrificing control or compliance. Turning back to the threat landscape, a new malware campaign is targeting gamers via the Steam Workshop’s Wallpaper Engine. While this campaign is primarily consumer-focused, it demonstrates the risk of supply chain attacks via popular platforms. Attackers are using the platform to steal user accounts and infect endpoints, and there’s a real risk of credential reuse in enterprise environments. This serves as a reminder that consumer platforms can become vectors for enterprise compromise, especially as the lines between personal and professional device use continue to blur. Another notable campaign involves the “FishMonger” threat actor, who is leveraging multi-channel command-and-control in attacks against Windows systems using the SprySOCKS malware. By using TCP, UDP, and WebSocket channels, attackers are complicating detection and response efforts. This multi-channel approach requires organizations to enhance their network monitoring and behavioral analytics, as traditional detection methods may not be sufficient. Zooming out, a new analysis underscores a fundamental shift in the security landscape: the traditional security buffer, or perimeter, is effectively gone. Identity, cloud, and supply chain risks are now at the forefront, and organizations must adapt by shifting to a zero trust model. This means continuous authentication, enforcing least privilege, and real-time anomaly detection are no longer optional—they’re essential. Let’s take a step back and look at the strategic implications of these developments. First, zero-day vulnerabilities in widely used platforms like Microsoft Defender and Oracle PeopleSoft require

Daily Cyber & AI Briefing — 2026-06-16

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript. TRANSCRIPT Today’s cyber and AI risk landscape is evolving at a pace that’s challenging even the most prepared security teams. We’re seeing a surge in critical vulnerabilities being actively exploited across some of the most widely used enterprise platforms—Fortinet, Cisco SD-WAN, and Microsoft Teams among them. Attackers are adapting quickly, leveraging trusted tools and platforms to bypass traditional defenses and gain initial access. At the same time, the intersection of AI and cybersecurity is accelerating, with both defenders and adversaries adopting AI-driven techniques for everything from risk management and attack automation to victim analysis. Let’s break down the most important developments and what they mean for organizations today. First, the rapid adoption of AI in enterprise environments is outpacing the maturity of governance and compliance controls. This is exposing organizations to entirely new classes of risk. We’re now seeing the emergence of autonomous AI agents for third-party risk management, as well as a proliferation of generative AI security platforms. This signals a shift toward automation in both offensive and defensive operations. But there are still significant gaps in monitoring, red teaming, and compliance tooling for AI-driven systems. That raises real concerns about unseen exposures and blind spots. Meanwhile, ransomware and data breaches continue to be driven by sophisticated criminal ecosystems. Initial access brokers and crypter services are playing a key role, and threat actors are now integrating AI-based victim analysis into their operations. This convergence of trends underscores the need for CISOs and security leaders to prioritize vulnerability management, AI governance, and supply chain security. The adversaries we’re facing are becoming more automated and more intelligent. Our defenses need to keep pace. Let’s dive into the top items shaping the landscape today. Starting with Fortinet, multiple critical vulnerabilities have been identified in the FortiSandbox product—and these are being actively exploited in the wild. These flaws allow attackers to bypass security controls, potentially leading to remote code execution and lateral movement within enterprise networks. Fortinet appliances are widely deployed in sensitive environments, making this a high-priority patching and monitoring issue. If you’re running FortiSandbox, it’s essential to assess your exposure and apply available updates immediately. Don’t assume your segmentation or monitoring will catch exploitation—patching is the only reliable mitigation here. Next, Cisco has disclosed its second actively exploited SD-WAN vulnerability in just two weeks. This one is tracked as CVE-2026-20262. The flaw allows attackers to gain unauthorized access and potentially disrupt or intercept network traffic. Given the role SD-WAN plays in connecting distributed enterprise environments, exploitation could have significant operational and data security impacts. The recommendation from Cisco and the broader security community is clear: patch immediately, and consider network segmentation to limit the blast radius if an exploit does occur. Moving to Microsoft Teams, attackers are now abusing Teams’ relay infrastructure to stealthily route malware communications. By leveraging the trust and ubiquity of Teams in enterprise environments, adversaries can bypass traditional network monitoring and detection. This makes lateral movement and command-and-control activities much harder to spot. Security teams should take a closer look at Teams network activity and consider enhanced monitoring for anomalous traffic. This isn’t just about blocking known bad domains anymore—attackers are hiding in plain sight, using the platforms your users rely on every day. Another area of concern is the targeting of developer laptops. GitGuardian has highlighted that these endpoints are now a primary target for attackers seeking credentials, API keys, and other secrets. With the proliferation of cloud-native development, a compromised developer laptop can quickly lead to rapid supply chain breaches. GitGuardian’s new endpoint protection offering aims to address this gap, but technology alone isn’t enough. Organizations need to enforce strong endpoint security and credential hygiene among developers. This includes regular credential rotation, use of password managers, and minimizing the storage of secrets on local machines. Shifting to the cloud and AI, a newly disclosed attack method enables cross-tenant remote code execution by hijacking Vertex AI model uploads. This so-called “Pickle in the Middle” attack exposes organizations using Google’s Vertex AI to potential supply chain attacks and data exfiltration. The practical implication is clear: security teams need to review their AI model upload workflows and implement strict validation and isolation controls. Don’t assume that the cloud provider’s default security posture is sufficient—especially when it comes to complex, multi-tenant AI services. In the education sector, a breach at Infinite Campus has exposed sensitive personal data of 137,000 users. This incident highlights the ongoing risks to educational sector data and the persistent threat of large-scale data breaches. For organizations handling sensitive data—especially in regulated sectors—this is a reminder to review third-party data handling practices and incident response plans. The risks are not just technical; they’re reputational and regulatory as well. Web infrastructure isn’t immune, either. A vulnerability in the OptinMonster WordPress plugin is exposing up to 1.2 million sites to cyberattacks. This is a widespread risk that could be leveraged for malware distribution, phishing, or further compromise. The takeaway here is straightforward: prompt plugin updates are critical, and web application firewalls should be considered as an added layer of defense. If you’re running WordPress at scale, treat plugin vulnerabilities as seriously as you would a zero-day in your core infrastructure. On the ransomware front, operators formerly associated with the LockBit and Qilin groups have launched new ransomware-as-a-service programs. What’s new is the integration of AI-based victim analysis to optimize targeting and extortion. This marks a new level of sophistication in ransomware operations, increasing both the speed and precision of attacks. For defenders, this means enhanced threat intelligence and user awareness are more important than ever. Ransomware is no longer just a blunt instrument—it’s becoming a precision tool, fueled by data and automation. Threat actors are also leveraging legitimate remote monitoring and management tools in phishing campaigns, particularly those targeting IRS and Social Security Administration users. By abusing legitimate RMM tools, attackers can establish persistent access while evading detection by endpoint security solutions. Organizations should monitor for unauthorized RMM tool usage and enhance phishing defenses. This is a classic case of attackers turning defenders’ tools against them. Let’s talk about AI governance and security. Several developments highlight the growing focus in this area. Drata has launched AI agent governance for enterprises, Magnitude has introduced an autonomous AI workforce for third-party risk management, and multiple platforms for generative AI security are being evaluated. However, compliance tools often lag behind the rapid integration of AI into unified communications and other platforms. This creates blind spots. Security leaders should prioritize AI governance frameworks and red teaming for AI systems. It’s not enough to deploy AI—you need to understand and manage the risks it introduces. In cloud security, Keeper Security has announced integration with Wiz, aiming to streamline remediation of critical cloud vulnerabilities. This reflects a broader trend toward automated, cross-platform cloud security solutions. Security leaders should evaluate such integrations to enhance cloud posture management and incident response. Automation can help close the gap between detection and response, but only if it’s implemented thoughtfully. The ransomware ecosystem is also evolving. The Rhysida and Interlock ransomware groups have been linked to a broader ecosystem involving initial access brokers and crypter services. This facilitates rapid and scalable attacks. The implication for defenders is the need to monitor for early-stage compromise and strengthen defenses against credential theft and lateral movement. The earlier you can spot an intrusion, the better your chances of containing it before it escalates. Stepping back, what are the strategic implications of all these developments? First, the exploitation of critical vulnerabilities in widely used platforms—Fortinet, Cisco, Microsoft Teams—requires urgent, coordinated vulnerability management and patching. This isn’t just about checking a box. It’s about understanding where your organization is exposed and acting quickly to close those gaps. Second, AI-driven automation is now a reality for both attackers and defenders. We’re seeing AI-based victim analysis and automated ransomware-as-a-service on the offensive side, and autonomous risk management and generative AI security platforms on the defensive side. This demands new governance and monitoring approaches. The old playbooks won’t cut it when the threat landscape is being reshaped by automation and intelligence. Third, supply chain and third-party risk are amplified by attacks on developer endpoints, cloud AI services, and plugin ecosystems. The attack surface is expanding, and traditional perimeter-base

Daily Cyber & AI Briefing — 2026-06-15

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript. TRANSCRIPT Today’s cyber and AI risk environment is defined by a convergence of advanced threats and the relentless acceleration of AI adoption. The landscape is shifting rapidly, and organizations across every sector are facing new vulnerabilities, governance challenges, and operational risks. In this briefing, we’ll break down the most significant developments shaping the risk environment today, with a focus on practical implications for security leaders and risk executives. Let’s start with critical infrastructure, which remains a prime target for sophisticated threat actors. Recent intelligence has brought to light the activities of a group known as Velvet Ant. This group has been observed backdooring OpenSSH and PAM binaries—these are core components that manage authentication in Unix and Linux environments. By compromising these binaries, Velvet Ant can bypass authentication controls, steal credentials, and maintain persistent, covert access to critical infrastructure networks. The risk here isn’t just data theft—it’s about operational continuity and, in some cases, national security. For organizations supporting critical services—think energy grids, transportation, healthcare, and financial networks—the implications are immediate and severe. Attackers with this level of access can exfiltrate sensitive operational data, disrupt services, or even lay the groundwork for future attacks. The practical takeaway for CISOs is clear: it’s time for a thorough review of authentication mechanisms and to implement binary integrity monitoring. This isn’t just a best practice; it’s a non-negotiable control in today’s environment. If you’re not already validating the integrity of your authentication binaries and monitoring for unauthorized changes, now is the time to act. Shifting gears to AI, we’re seeing a phenomenon that’s being described as “AI risk debt.” As organizations race to deploy AI solutions, many are doing so without adequate governance, security controls, or risk assessment processes in place. This risk debt is essentially a backlog of unresolved vulnerabilities, unclear lines of accountability, and exposure to regulatory penalties. The pace of AI adoption is outstripping the development of robust governance frameworks, and that’s leaving enterprises exposed on multiple fronts. What does AI risk debt look like in practice? It’s the deployment of AI models without clear documentation, without well-defined ownership, and without ongoing monitoring for drift or misuse. It’s integrating third-party AI technologies without a transparent risk assessment. Over time, this debt compounds, making future remediation more complex and costly. For security leaders, the imperative is to proactively identify and remediate AI-related risks. That means integrating AI governance into your existing risk management frameworks, establishing clear accountability, and ensuring that security controls keep pace with the speed of AI deployment. One of the more novel developments in the AI threat landscape involves the weaponization of AI agent guardrails. Guardrails are the safety mechanisms designed to keep AI agents operating within defined parameters—preventing them from making unsafe or non-compliant decisions. Researchers have found that attackers can manipulate these guardrails to trigger denial-of-service conditions, effectively disrupting AI-driven business processes or critical decision-making systems. This is a subtle but significant shift: the very features designed to keep AI safe can be turned against organizations. The takeaway here is that resilient AI agent architectures are essential. It’s not enough to implement guardrails; those guardrails themselves need to be monitored and tested for abuse. Continuous monitoring for anomalous behavior—both in the AI agents and in the systems that support them—is now a baseline requirement. Organizations should be investing in robust observability for their AI systems, with the ability to detect and respond to both traditional and AI-specific threats. The arms race between attackers and defenders is accelerating, thanks in large part to AI. Cybercriminals are leveraging AI to automate and scale attacks, making them faster, more sophisticated, and harder to detect. We’re seeing AI-powered tools being used to craft more convincing phishing campaigns, develop polymorphic malware, and discover vulnerabilities at a pace that manual efforts simply can’t match. This is forcing security teams to rethink their own use of AI—not just as a defensive tool, but as a necessity to keep pace with evolving threats. If your security operations center isn’t already leveraging AI for detection and response, now is the time to start. AI can help surface threats that would otherwise slip through the cracks, automate repetitive tasks, and free up skilled analysts to focus on higher-order challenges. But it’s not a silver bullet. Human expertise and oversight remain critical, especially as attackers become more adept at evading automated defenses. Supply chain risk is another area that’s coming into sharper focus, particularly as organizations integrate third-party AI technologies. Recent reports indicate that Amazon raised concerns about the security risks associated with Anthropic’s AI models before the U.S. government imposed restrictions. This underscores the importance of supply chain due diligence—especially when it comes to AI. Vendor risk management processes need to explicitly address AI-related threats, including the potential for compromised models, data leakage, and regulatory non-compliance. When evaluating AI vendors, organizations should demand transparency around model training data, security controls, and ongoing monitoring. It’s also worth considering contractual requirements for incident notification and remediation. The bottom line: integrating third-party AI without a clear understanding of the associated risks is a recipe for trouble. Turning to web application security, a critical vulnerability has been identified in the CodeIgniter web framework—a platform used by many organizations to build and deploy web applications. This flaw allows attackers to bypass file upload validation, potentially leading to remote code execution. In practical terms, this means an attacker could upload a malicious file, gain unauthorized access, and deploy malware on affected systems. Organizations using CodeIgniter should prioritize patching this vulnerability and review their web application security controls. File upload functionality is a common attack vector, and robust validation—both on the client and server side—is essential. Regular security assessments and code reviews can help catch these issues before they’re exploited in the wild. As AI systems become more deeply integrated into business processes, the need for data-aware identity security is growing. Delinea’s integration with Cyera is an example of how vendors are responding to this challenge, delivering solutions that emphasize contextual access controls and real-time risk assessment. In AI-driven environments, identity isn’t just about who has access—it’s about what data they can access, under what conditions, and with what level of oversight. Security leaders should be evaluating data-aware identity solutions that can adapt to the dynamic nature of AI systems. This includes the ability to enforce least-privilege access, monitor for anomalous behavior, and respond to emerging threats in real time. As AI systems interact with sensitive data and critical business processes, traditional identity governance approaches may no longer be sufficient. Governance remains a persistent challenge, especially in regions where the pressure to scale AI is high. A recent survey of European organizations found that while nearly all feel pressure to scale AI for customer experience, only 38% have a clear approach to AI governance. This governance gap increases the risk of compliance failures, operational disruptions, and reputational damage. For CISOs and risk executives, the message is clear: advocate for the development and implementation of comprehensive AI governance policies. This isn’t just about compliance—it’s about ensuring that AI deployments are secure, ethical, and aligned with organizational objectives. Cross-functional collaboration is key, bringing together stakeholders from IT, legal, compliance, and the business to develop policies that are both practical and enforceable. As AI agents become more prevalent in enterprise environments, dedicated security controls are essential to prevent misuse and compromise. Vendors like Zscaler are introducing solutions specifically designed to secure AI agents, focusing on monitoring, policy enforcement, and threat detection tailored to AI workflows. These tools help bridge governance gaps and provide organizations with greater visibility and control over their AI assets. When evaluating AI agent security solutions, organizations should look for features like real-time monitoring, automated policy enforcement, and integration with existing security information and event management systems. The goal is to create a layered defense that addresses both the unique risks of AI and the broader cyber threat landscape. A recurring theme in today’s risk environment is the shortage of skilled IT and security professionals. The demand for talent continues to outpace supply, with several critical roles becoming increasingly difficult to fill. This talent gap is a structural risk that hampers organizations’ ability to implement and maintain effective cyber and AI risk controls. To address this challenge, security leaders should priori