Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.
Welcome to today’s cyber and AI risk briefing. I’m Michael Housch. Over the next 15 minutes, we’ll unpack the most pressing developments shaping the risk landscape as of March 20th, 2026. Whether you’re a security leader, a business executive, or just someone interested in how technology is evolving, I’ll walk you through what’s happening, why it matters, and what you can do about it.
Let’s start with the big picture. The cyber threat landscape right now is defined by a surge in critical vulnerabilities—especially zero-days—being actively exploited in both infrastructure and endpoint technologies. We’re seeing ransomware actors and other threat groups move quickly to weaponize these flaws, often before patches are even available or widely deployed. At the same time, new strains of malware are hijacking legitimate software, and high-profile data breaches are exposing millions of sensitive records. This all underscores a persistent challenge: managing identity and access in an environment where the attack surface keeps expanding.
On the AI front, the risks are accelerating. Both Gartner and Microsoft have sounded the alarm that organizations are adopting AI agents at a pace that far outstrips the implementation of adequate security controls. This rapid deployment, combined with the looming threat of quantum computing, is forcing organizations to rethink their risk models and governance frameworks. The convergence of these trends means that CISOs are being pulled in two directions: they need to react quickly to urgent vulnerabilities, while also making strategic investments in identity, AI, and supply chain security.
So, what’s the practical takeaway for risk leaders? It’s clear: prioritize remediation of actively exploited vulnerabilities, strengthen identity-centric defenses, and ensure that AI deployments are governed by robust security policies. The evolving threat landscape demands a proactive, layered approach to both cyber and AI risk management.
Let’s dig into the top stories shaping today’s risk environment.
First up: CISA has issued a critical alert regarding a zero-day vulnerability in Cisco Secure Firewall Management Center. Ransomware actors are actively exploiting this flaw to gain unauthorized access. Multiple sources confirm that exploitation is ongoing, and Cisco’s recent disclosures suggest this isn’t an isolated case—it’s part of a broader pattern of weaknesses across their product line. For organizations relying on Cisco firewalls, this is a wake-up call. These devices often serve as the last line of defense for enterprise networks. Immediate patching is essential, but it doesn’t stop there. It’s also critical to review firewall configurations and ensure that only necessary services and ports are exposed. This incident is a reminder that perimeter defenses are only as strong as their weakest link, and attackers are relentless in probing for those weaknesses.
Next, researchers have disclosed critical vulnerabilities in Jenkins, the widely used CI/CD automation server. These flaws allow remote code execution, meaning that attackers can take control of build pipelines and inject malicious code into software releases. The implications here are significant. CI/CD infrastructure sits at the heart of modern software development, and a compromise can lead to widespread supply chain attacks—potentially impacting not just your organization, but your customers and partners as well. If you’re running Jenkins, prioritize patching and review access controls. Make sure that only authorized users have access to build environments, and consider implementing additional monitoring to detect suspicious activity in your pipelines.
Moving to the mobile front, a severe vulnerability has been discovered in the UNISOC T61
