Daily Cyber & AI Briefing with Michael Housch. This draft includes the assembled audio and full transcript for review before publication. TranscriptWelcome to today’s deep dive into the evolving world of cyber and AI risk. If you’re a security leader, risk executive, or simply someone who wants to understand the forces shaping enterprise security, you’re in the right place. Over the next several minutes, we’ll unpack the most pressing developments in cybersecurity and artificial intelligence, explore what they mean for organizations, and highlight practical steps you can take to stay ahead. Let’s start with the big picture. The cyber and AI risk landscape is more complex than ever. We’re seeing a convergence of advanced threats, a surge in regulatory activity, and rapid adoption of new technologies across industries. This isn’t just about more attacks or smarter hackers—it’s about the entire ecosystem shifting beneath our feet. The attack surface is expanding, adversaries are exploiting both technical and human vulnerabilities, and regulators are stepping up their scrutiny. To keep pace, organizations need not just technical vigilance, but also strategic governance, cross-functional risk management, and alignment with evolving compliance standards. Let’s break down the key developments shaping this environment. First up: Apple has released critical security updates for older iPhones and iPads, addressing active exploitation of what’s known as the Coruna vulnerability chain. Now, you might be thinking—why focus on legacy devices? The reality is, many organizations still have older hardware in their environments, whether it’s for compatibility, cost, or simply because those devices haven’t been inventoried and phased out. Attackers know this. The Coruna exploits allow adversaries to compromise devices running outdated software, which can then be used as a launchpad for lateral movement or data theft. The takeaway here is clear: comprehensive asset inventories and aggressive patch management are non-negotiable. It’s not enough to focus on the latest and greatest devices. Even end-of-life systems can become high-value targets if left unpatched. For CISOs and IT teams, this means regularly updating your inventory, ensuring you know exactly what’s connected to your network, and applying security updates across the board—regardless of device age. Moving on to Microsoft. This month’s Patch Tuesday included a fix for a critical zero-day vulnerability in Microsoft SQL Server, tracked as CVE-2026-21262. This flaw allowed attackers to execute arbitrary code, which is as serious as it gets for organizations relying on SQL Server for core business operations. Think about the potential impact: data breaches, ransomware attacks, or even the disruption of mission-critical services. Immediate patching is essential. If you’re running SQL Server, make sure your systems are up to date. Beyond that, this incident is a reminder of the importance of timely patch management for all critical infrastructure. Attackers move quickly once vulnerabilities are disclosed, and the window between discovery and exploitation is shrinking. Organizations that delay updates are putting themselves at unnecessary risk. Let’s talk about network infrastructure. Over 4,000 routers have been compromised by the KadNap malware, which exploits known vulnerabilities to gain persistent access to both corporate and home networks. This isn’t just a story about routers; it’s a broader lesson about the risks posed by unmanaged or poorly maintained network devices. Routers, switches, and other network hardware are often overlooked when it comes to patching and monitoring, but they can serve as footholds for broader attacks. For security leaders, the message is straightforward: prioritize network device patching, implement segmentation to limit the blast radius of a compromise, and monitor for anomalous traffic th
