Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.
Welcome back, everyone. Today, we’re looking at the cyber and AI risk landscape as of March 23, 2026—a landscape that’s growing more complex by the day. The convergence of technical threats and governance challenges is creating a perfect storm for organizations across every sector. We’re seeing a surge in high-severity vulnerabilities, active exploitation of critical software platforms, and a rapid expansion of AI deployments that are outpacing the frameworks meant to keep them in check.
Let’s break down what’s happening and, more importantly, what it means for security leaders and organizations trying to navigate these turbulent waters.
We’ll start with the technical threats making headlines. This week, we’ve seen a series of high-impact vulnerabilities being actively exploited, affecting some of the most widely used platforms in enterprise and government environments.
First up is Cisco. The Cybersecurity and Infrastructure Security Agency, or CISA, has issued an emergency directive requiring all US government agencies to immediately patch a critical vulnerability in Cisco products. This flaw has been rated at the highest severity level and, if left unaddressed, could allow remote attackers to take full control of affected devices. Given Cisco’s widespread presence in both public and private sector networks, this isn’t just a government problem—it’s a wake-up call for any organization relying on Cisco infrastructure.
What’s the practical takeaway here? Patch management needs to be at the top of your priority list. Security teams should not only apply the latest patches but also review their exposure to Cisco products across their environments. This is about more than compliance—it’s about preventing potentially catastrophic breaches.
Moving on to Oracle Identity Manager. Oracle has released an emergency fix for a zero-day vulnerability—specifically, a pre-authentication remote code execution flaw. This means attackers can compromise identity infrastructure without even needing credentials. For organizations using Oracle for access management, the risk is significant. Identity systems are the keys to the kingdom; if they’re compromised, attackers can move laterally and escalate privileges with little resistance. The recommendation here is clear: patch immediately and review your identity system logs for any signs of suspicious activity.
Next, let’s talk about Craft CMS. CISA has also issued a warning about a code injection vulnerability in Craft CMS that’s being actively exploited. Attackers are using this flaw to execute arbitrary code on vulnerable systems. Content management systems like Craft are frequent targets because they often sit at the intersection of business operations and the public internet. If you’re running Craft CMS, make sure patches are applied and keep an eye out for unusual system behavior.
But it’s not just about direct exploitation anymore. We’re seeing attackers increasingly target the supply chain, compromising the very tools organizations use to secure themselves. A recent example is the breach of the Trivy vulnerability scanner. Attackers managed to inject credential-stealing scripts into Trivy, turning a security tool into a potential vector for compromise. This kind of supply chain attack highlights the importance of verifying the integrity of third-party tools and monitoring them for unexpected changes. If you’re using Trivy, check your installations and rotate any credentials that may have been exposed.
Ransomware actors are also upping their game. Traditionally, they’ve relied on exploiting vulnerable drivers to bypass endpoint detection and response—EDR—solutions. But now, they’re expanding their methods, finding new ways to evade detection and disable security controls. Thi
