Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript. TranscriptToday’s cyber and AI risk landscape is marked by an unrelenting pace of change, with new vulnerabilities, attack campaigns, and governance challenges surfacing daily. Let’s walk through the most significant developments shaping enterprise risk today, and what they mean for security leaders, technology teams, and organizations navigating this complex environment. We’re seeing a surge in critical zero-day vulnerabilities, with attackers actively exploiting both legacy enterprise systems and widely used security tools. At the same time, ransomware campaigns continue to evolve, targeting not just traditional IT assets but also critical infrastructure and supply chain components. Overlaying all of this is the persistent challenge of balancing rapid AI innovation with the need for robust security governance—a tension that’s only intensifying as organizations race to deploy new AI capabilities. Let’s start with the headline item: Microsoft has confirmed a critical zero-day vulnerability in Microsoft Defender, known as “RoguePlanet.” This is a significant development, as Defender is a core security product deployed across millions of endpoints worldwide. The vulnerability is being actively exploited, and as of now, no patch is available. What makes RoguePlanet particularly concerning is its ability to bypass endpoint protections, potentially enabling attackers to move laterally within networks and exfiltrate sensitive data. For security leaders, this means immediate action is required. Monitoring for anomalous Defender activity should be a top priority. Review your endpoint detection rules, look for unusual process behaviors, and ensure your incident response plans are ready to activate as soon as a patch is released. This is a classic example of why rapid detection and response capabilities are so critical—when a widely used security tool itself becomes a vector for attack, the window for containment can be very narrow. Moving to enterprise software, the U.S. Cybersecurity and Infrastructure Security Agency has issued a warning about a zero-day vulnerability in Oracle PeopleSoft. Attackers are exploiting this flaw in active ransomware campaigns, using it as an entry point to deploy ransomware payloads. Organizations running legacy ERP deployments are particularly at risk, as these environments often lag behind in patching and may have exposures that are difficult to quickly remediate. Immediate mitigation steps here include reviewing your PeopleSoft exposure, applying any available workarounds, and enhancing monitoring for suspicious activity. This incident underscores the ongoing risk posed by legacy systems—while they’re often mission-critical, they can also become soft targets for attackers looking for a foothold inside the enterprise. On the macOS front, a new malware campaign dubbed “Sapphire Sleet” is escalating. This campaign is notable for its use of legitimate system tools, such as curl and osascript, to execute multi-stage payloads. Attackers are using social engineering tactics, including fake update dialogs, to trick users into initiating the infection process. The use of native tools makes detection more difficult, as the activity can blend in with legitimate processes. For organizations with significant macOS deployments, this highlights the importance of reinforcing user awareness, restricting script execution, and closely monitoring for unusual process behaviors. Social engineering remains a highly effective technique, and when combined with sophisticated payload delivery methods, it can bypass traditional security controls. Critical infrastructure is also under siege. The Adriatic Port Authority recently suffered a ransomware attack attributed to the Anubis group. This incident exposed significant vulnerabilities in maritime infrastructure, demonstrating the sector’s susceptibility to operational disruption and data loss. The implications here go beyond IT—when ports or other critical infrastructure are compromised, the ripple effects can impact supply chains, transportation, and even national security. Risk leaders in sectors like maritime, energy, and transportation should take this as a call to reassess network segmentation, backup strategies, and incident response plans for operational technology and industrial control systems. The convergence of IT and OT environments means that ransomware can now have real-world, physical consequences, not just data loss or downtime. The education sector is facing its own wave of threats. Educational technology platforms, or EdTech, are experiencing a marked rise in both data breaches and ransomware incidents. The rapid digitalization of education, combined with often limited security resources, makes these platforms attractive targets for cybercriminals. Sensitive student and staff data is at risk, and the impact of a breach can be both reputational and regulatory. For CISOs in education and related fields, the priorities should be clear: conduct thorough third-party risk assessments, strengthen controls around sensitive data, and ensure that incident response plans are up to date. As EdTech adoption accelerates, so too does the need for robust security governance. Shifting to the software development lifecycle, new analysis highlights that developer machines and supply chain components remain high-value targets for attackers. Compromised developer endpoints can introduce malicious code directly into production environments, while insecure supply chains amplify the risk of widespread compromise. Attackers are increasingly leveraging sophisticated, multi-stage payloads and novel command-and-control channels, particularly targeting both macOS and Windows environments. Security leaders should be enforcing least privilege on developer machines, implementing code signing, and monitoring for anomalous developer activity. The integrity of the software supply chain is now a board-level concern, as a single compromised component can have cascading effects across the enterprise and its customers. Now, let’s turn to the AI front, where the pace of innovation is creating its own set of risks. Recent research reveals that nearly 70% of executives are prioritizing speed over security when it comes to AI deployments. This is a striking statistic, and it has real implications for governance, data privacy, and regulatory compliance. When organizations rush to deploy AI models without embedding security from the outset, they open themselves up to risks like data leakage, model manipulation, and non-compliance with emerging regulations. Organizations should be revisiting their AI governance frameworks, ensuring that security is not an afterthought but an integral part of the development and deployment process. This includes model validation, data integrity checks, and clear accountability for AI outcomes. The challenge, of course, is balancing the pressure for speed and innovation with the need for robust oversight—a tension that is only going to intensify as AI adoption accelerates. On the positive side, we are seeing the emergence of multiple AI risk management frameworks designed to address these governance and security gaps. These frameworks focus on areas like model validation, data integrity, and accountability, and are being adopted across industries. However, operationalizing these frameworks remains inconsistent. Success depends on strong executive sponsorship and cross-functional collaboration, bringing together IT, security, legal, and business leaders to ensure that AI risk management is both comprehensive and actionable. In line with this trend, Inspira Enterprise has partnered with ServiceNow to expand AI governance and enterprise services. This partnership aims to help organizations manage AI risk at scale, reflecting a broader industry push toward integrated platforms for AI oversight. The challenge, however, lies in aligning governance with business agility—finding ways to keep pace with innovation without sacrificing control or compliance. Turning back to the threat landscape, a new malware campaign is targeting gamers via the Steam Workshop’s Wallpaper Engine. While this campaign is primarily consumer-focused, it demonstrates the risk of supply chain attacks via popular platforms. Attackers are using the platform to steal user accounts and infect endpoints, and there’s a real risk of credential reuse in enterprise environments. This serves as a reminder that consumer platforms can become vectors for enterprise compromise, especially as the lines between personal and professional device use continue to blur. Another notable campaign involves the “FishMonger” threat actor, who is leveraging multi-channel command-and-control in attacks against Windows systems using the SprySOCKS malware. By using TCP, UDP, and WebSocket channels, attackers are complicating detection and response efforts. This multi-channel approach requires organizations to enhance their network monitoring and behavioral analytics, as traditional detection methods may not be sufficient. Zooming out, a new analysis underscores a fundamental shift in the security landscape: the traditional security buffer, or perimeter, is effectively gone. Identity, cloud, and supply chain risks are now at the forefront, and organizations must adapt by shifting to a zero trust model. This means continuous authentication, enforcing least privilege, and real-time anomaly detection are no longer optional—they’re essential. Let’s take a step back and look at the strategic implications of these developments. First, zero-day vulnerabilities in widely used platforms like Microsoft Defender and Oracle PeopleSoft require
