Daily Cyber & AI Briefing — 2026-03-23

Show Notes

Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.

Transcript

Welcome back, everyone. Today, we’re looking at the cyber and AI risk landscape as of March 23, 2026—a landscape that’s growing more complex by the day. The convergence of technical threats and governance challenges is creating a perfect storm for organizations across every sector. We’re seeing a surge in high-severity vulnerabilities, active exploitation of critical software platforms, and a rapid expansion of AI deployments that are outpacing the frameworks meant to keep them in check.

Let’s break down what’s happening and, more importantly, what it means for security leaders and organizations trying to navigate these turbulent waters.

We’ll start with the technical threats making headlines. This week, we’ve seen a series of high-impact vulnerabilities being actively exploited, affecting some of the most widely used platforms in enterprise and government environments.

First up is Cisco. The Cybersecurity and Infrastructure Security Agency, or CISA, has issued an emergency directive requiring all US government agencies to immediately patch a critical vulnerability in Cisco products. This flaw has been rated at the highest severity level and, if left unaddressed, could allow remote attackers to take full control of affected devices. Given Cisco’s widespread presence in both public and private sector networks, this isn’t just a government problem—it’s a wake-up call for any organization relying on Cisco infrastructure.

What’s the practical takeaway here? Patch management needs to be at the top of your priority list. Security teams should not only apply the latest patches but also review their exposure to Cisco products across their environments. This is about more than compliance—it’s about preventing potentially catastrophic breaches.

Moving on to Oracle Identity Manager. Oracle has released an emergency fix for a zero-day vulnerability—specifically, a pre-authentication remote code execution flaw. This means attackers can compromise identity infrastructure without even needing credentials. For organizations using Oracle for access management, the risk is significant. Identity systems are the keys to the kingdom; if they’re compromised, attackers can move laterally and escalate privileges with little resistance. The recommendation here is clear: patch immediately and review your identity system logs for any signs of suspicious activity.

Next, let’s talk about Craft CMS. CISA has also issued a warning about a code injection vulnerability in Craft CMS that’s being actively exploited. Attackers are using this flaw to execute arbitrary code on vulnerable systems. Content management systems like Craft are frequent targets because they often sit at the intersection of business operations and the public internet. If you’re running Craft CMS, make sure patches are applied and keep an eye out for unusual system behavior.

But it’s not just about direct exploitation anymore. We’re seeing attackers increasingly target the supply chain, compromising the very tools organizations use to secure themselves. A recent example is the breach of the Trivy vulnerability scanner. Attackers managed to inject credential-stealing scripts into Trivy, turning a security tool into a potential vector for compromise. This kind of supply chain attack highlights the importance of verifying the integrity of third-party tools and monitoring them for unexpected changes. If you’re using Trivy, check your installations and rotate any credentials that may have been exposed.

Ransomware actors are also upping their game. Traditionally, they’ve relied on exploiting vulnerable drivers to bypass endpoint detection and response—EDR—solutions. But now, they’re expanding their methods, finding new ways to evade detection and disable security controls. Thi

Transcript

SPEAKER_00 0:07

Grab your coffee or Red Bull or whatever your morning vice is, and this is your daily cyber and AI briefing, and I am your host, Michael Hoosh. And welcome back, everyone. Today we're looking at the cyber and AI risk landscape as of March 23rd, 2026, a landscape that's growing more complex by the day. The convergence of technical threats and governance challenges is creating a perfect storm for organizations across every sector. We're seeing a surge in high severity vulnerabilities, active exploitation of critical software platforms, and a rapid expansion of AI deployments that are outpacing the frameworks meant to keep them in check. Let's break down what's happening, and more importantly, what it means for security leaders and organizations trying to navigate these turbulent waters. We'll start with the technical threats making headlines. This week, we've seen a series of high-impact vulnerabilities being actively exploited, affecting some of the most widely used platforms in enterprise and government environments. First up is Cisco. The Cybersecurity and Infrastructure Security Agency, or CISA, has issued an emergency directive requiring all U.S. government agencies to immediately patch a critical vulnerability in Cisco products. This flaw has been rated at the highest severity level, and if left unaddressed, could allow remote attackers to take full control of affected devices. Given Cisco's widespread presence in both public and private sector networks, this isn't just a government problem. It's a wake-up call for any organization relying on Cisco infrastructure. What's the practical takeaway here? Patch management needs to be at the top of your priority list. Security teams should not only apply the latest patches, but also review their exposure to Cisco products across their environments. This is about more than compliance. It's about preventing potentially catastrophic breaches. Moving on to Oracle Identity Manager, Oracle has released an emergency fix for a zero-day vulnerability, specifically a pre-authentication remote code execution flaw. This means attackers can compromise identity infrastructure without even needing credentials. For organizations using Oracle for access management, the risk is significant. Identity systems are the keys to the kingdom. If they're compromised, attackers can move laterally and escalate privileges with little resistance. The recommendation here is clear. Patch immediately and review your identity system logs for any signs of suspicious activity. Next, let's talk about Kraft CMS. CISA has also issued a warning about a code injection vulnerability in Craft CMS that's being actively exploited. Attackers are using this flaw to execute arbitrary code on vulnerable systems. Content management systems like Kraft are frequent targets because they often sit at the intersection of business operations and the public internet. If you're running Kraft CMS, make sure patches are applied and keep an eye out for unusual system behavior. But it's not just about direct exploitation anymore. We're seeing attackers increasingly target the supply chain, compromising the very tools organizations use to secure themselves. A recent example is the breach of the Trivi Vulnerability Scanner. Attackers manage to inject credential stealing scripts into Trivi, turning a security tool into a potential vector for compromise. This kind of supply chain attack highlights the importance of verifying the integrity of third-party tools and monitoring them for unexpected changes. If you're using Trivi, check your installations and rotate any credentials that may have been exposed. Ransomware actors are also upping their game. Traditionally, they've relied on exploiting vulnerable drivers to bypass endpoint detection and response, EDR solutions, but now they're expanding their methods, finding new ways to evade detection and disable security controls. This means that even organizations with advanced EDR solutions aren't immune. Security teams should regularly review EDR configurations, monitor for anomalous behavior, and ensure that defenses are layered. Don't rely on a single line of protection. E-commerce platforms are another hot target. In a recent campaign, cyber criminals managed to infect 7,500 Magento stores with hidden malicious files. For those running online storefronts, this is a stark reminder of how quickly mass infections can occur. The consequences range from data theft and payment card compromise to serious reputational damage. If you're operating a Magento environment, now is the time to audit your systems and implement file integrity monitoring. Let's not forget about threats to macOS environments. The Mio Lab macOS Stealer has recently expanded its capabilities, adding features like click fix, wallet theft, and abuse of team APIs. This increases the risk for organizations handling sensitive credentials or cryptocurrency assets on macOS devices. The message here is to reinforce macOS security controls and boost user awareness. These threats are evolving fast. Now, even after law enforcement action, some cyber criminal services are proving remarkably resilient. The Tycoon 2FA service, which provides tools for bypassing multi-factor authentication, remains operational despite recent takedown efforts. This persistence demonstrates how robust and distributed cybercrime infrastructure has become. For organizations, it's a reminder that adaptive authentication and continuous monitoring for suspicious login attempts are essential. Multifactor authentication is still a strong defense, but it's not invulnerable. Shifting gears to the AI front, we're witnessing a rapid expansion of AI applications across enterprise environments. According to CrowdStrike, there are now 1800 distinct AI apps running on work devices. This proliferation of unsanctioned AI tools introduces new risks, data leakage, compliance violations, and loss of control over sensitive information. In response, CrowdStrike has introduced new controls to help organizations inventory and manage AI usage. For CISOs, this is an urgent call to action. You need to know what AI tools are in use across your organization and enforce policies to control their deployment. But the challenge doesn't stop at inventory. New research from Asaka reveals that over half of digital trust professionals don't know how quickly their organization could shut down AI systems in the event of a security incident. This is a significant gap in incident response planning. As AI becomes more deeply embedded in business processes, organizations must develop clear governance frameworks and operational playbooks for disabling AI systems when necessary. Looking ahead, Gartner predicts that by 2028, AI will drive half of all cybersecurity incident response activities. This is both an opportunity and a challenge. On one hand, AI can help automate and accelerate response efforts, but on the other, it introduces new risks around transparency and oversight. Organizations will need to invest in AI-driven security operations while maintaining human oversight and ensuring that automated decision making is transparent and auditable. We're also seeing early signs of formalized AI governance frameworks. Singapore-based WPH Digital has become one of the first companies in Asia to achieve ISO IEC 42001 2023 certification for AI governance. This milestone sets a precedent, particularly for regulated industries like oil and gas and signals a shift toward increased regulatory scrutiny. For organizations deploying AI at scale, aligning with emerging standards will become increasingly important, not just for compliance, but for building trust with customers and stakeholders. Let's take a step back and look at the strategic implications of these developments. First, patch management and vulnerability response must be accelerated. The window between disclosure of a vulnerability and active exploitation is shrinking. Zero days and actively exploited flaws in core infrastructure like Cisco, Oracle, and Craft CMS require immediate attention. Delays in patching can have severe consequences, including data breaches, operational disruptions, and regulatory penalties. Second, AI governance and incident response capabilities are lagging behind the pace of deployment. Organizations are rolling out AI solutions at scale, but the frameworks for managing and securing these systems are still catching up. This creates operational and compliance risks that can't be ignored. Security and risk leaders need to work closely with business units and IT teams to develop policies, procedures, and technical controls for AI systems before an incident occurs. Third, supply chain attacks are on the rise, targeting not just traditional software, but also security tools and platforms. The compromise of the TRIVI vulnerability scanner is a case in point. Organizations must enhance their integrity monitoring and vendor risk management processes. This means verifying the authenticity of software updates, monitoring for unexpected changes, and maintaining an up-to-date inventory of all third-party tools in use. Fourth, the resilience of cyber criminal infrastructure, like Tycoon 2FA, and the evolution of attacker tactics demand continuous adaptation of security controls. Attackers are quick to pivot and develop new methods when old ones are disrupted. Security teams need to stay informed about emerging threats, update their defenses regularly, and foster a culture of continuous improvement. So, what matters most today? There are three key actions that organizations should prioritize. First, immediate action is required to patch critical vulnerabilities in Cisco, Oracle Identity Manager, and Craft CMS. These are not theoretical risks, they are being actively exploited right now. Delaying patching increases the likelihood of compromise. Second, organizations must assess and control the proliferation of AI applications on enterprise devices. This isn't just an IT issue, it's a business risk. Data leakage, compliance violations, and loss of intellectual property are all on the table if AI usage isn't properly managed. Third, incident response plans should be updated to include rapid shutdown and containment procedures for AI systems. As AI becomes more integrated into business operations, the ability to quickly disable or isolate these systems during a security incident will be critical. Let's briefly revisit some of the specific incidents and what they teach us. The Cisco Vulnerability and CES Emergency Directive highlight the importance of timely patching and the risks associated with widely deployed infrastructure. The Oracle Identity Manager flaw underscores the criticality of identity systems and the need for vigilant monitoring. The Kraft CMS code injection issue is a reminder that web-facing platforms are prime targets and require continuous oversight. The breach of the TRIVI vulnerability scanner shows that even security tools can be turned against us, emphasizing the need for supply chain vigilance. The evolution of ransomware tactics demonstrates that attackers are not standing still. They're finding new ways to bypass defenses. The mass infection of Magento stores illustrates how quickly attackers can scale their operations and the importance of proactive monitoring. On the AI side, the rapid adoption of unsanctioned AI tools is creating new blind spots for organizations. The lack of clarity around incident response for AI systems is a governance gap that needs to be closed. The prediction that AI will drive half of incident response activities by 2028 is a sign of things to come. Automation will be essential, but it must be implemented responsibly. The achievement of ESO EC for 2001-2023 certification by WPH Digital is an early indicator of where the industry is headed. Formalized governance frameworks for AI are coming, and organizations that get ahead of the curve will be better positioned to manage risk and demonstrate accountability. So, what are the practical steps organizations can take right now? Start by conducting a comprehensive review of your patch management processes. Identify any gaps and ensure that critical vulnerabilities, especially those in Cisco, Oracle, and Craft CMS, are addressed without delay. Next, inventory all AI applications running on enterprise devices. Work with business units to understand how these tools are being used, assess the risks, and enforce policies to control deployment. This may involve restricting access to unsanctioned AI tools or implementing data loss prevention measures. Review your incident response plans with a focus on AI systems. Develop clear procedures for rapidly disabling or isolating AI applications in the event of a security incident. Train your teams on these procedures and conduct regular tabletop exercises to ensure readiness. Strengthen your supply chain risk management processes. Verify the integrity of third-party tools, monitor for unexpected changes, and maintain an up-to-date inventory of all software in use. Engage with vendors to understand their security practices and request transparency around their own supply chain controls. Finally, stay informed about emerging threats and evolving attacker tactics. Foster a culture of continuous improvement within your security team. Encourage information sharing, invest in threat intelligence, and be prepared to adapt your defenses as the landscape changes. Before we wrap up, let's acknowledge that the pace and complexity of change in the cyber and AI risk landscape can feel overwhelming. But with a proactive, holistic approach, one that combines technical controls, governance frameworks, and continuous adaptation, organizations can manage risk effectively. That's it for today's briefing. Stay vigilant, stay informed, and keep security at the forefront of your organization's strategy. Thanks for listening, and I'll talk to you next time. That's a wrap, peeps. Stay secure, stay sharp, and don't forget to hug your CISO.