Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.
Welcome to the daily cyber and AI risk briefing. Today, we’re diving into a landscape that’s shifting faster than ever—one marked by a surge in sophisticated cyber exploits, supply chain attacks, and a rapidly changing regulatory environment around AI safety and governance. If you’re responsible for risk, security, or technology strategy, these developments aren’t just headlines—they’re practical signals to adapt your approach.
Let’s start with the big picture. The high-tech sector remains the most targeted industry, and we’re seeing new malware campaigns and advanced persistent threats exploiting both cloud and on-premises environments. AI security is under intense scrutiny, with both private sector innovation and government oversight shaping the risk management agenda. And critically, the convergence of advanced cyber threats and the rapid deployment of AI technologies means that organizations need a holistic, adaptive security posture.
So, what’s driving this sense of urgency? Let’s break down the most significant developments shaping today’s risk landscape.
First up: Google has disclosed the DarkSword iOS exploit chain. This is a sophisticated, multi-stage attack that’s been active since late 2025. What makes DarkSword particularly alarming is its ability to silently compromise iPhones—especially those used to store cryptographic keys and wallet apps. In other words, if your executives or employees are handling sensitive financial or cryptographic data on their mobile devices, they’re in the crosshairs.
The attack’s stealth and focus on high-value crypto assets mean it’s not just a theoretical risk. For CISOs and risk executives, this is a wake-up call to reassess mobile device security policies. That includes enforcing strong device management, mandatory updates, and perhaps even restricting the use of personal devices for sensitive tasks. The days of treating mobile as a secondary risk vector are over—especially as attackers increasingly target the intersection of finance and technology.
Moving to the cloud, another major incident has emerged: TeamPCP has deployed a new Kubernetes-targeted wiper known as CanisterWorm. This malware was used in an attack against Iranian infrastructure, and it’s designed specifically to disrupt containerized environments. The significance here is clear—attackers are shifting their focus to cloud-native architectures. Kubernetes clusters, which underpin much of today’s scalable infrastructure, are now prime targets.
If your organization relies on containerized workloads, it’s time to double down on segmentation, robust backup strategies, and incident response planning. The ability to quickly restore affected clusters and isolate compromised workloads could make the difference between a minor disruption and a major operational crisis.
Let’s talk about the bigger trend: the high-tech sector’s ongoing exposure. According to Mandiant, the high-tech industry remains the top target for cyber attacks in 2025. Both financially motivated and nation-state actors are in play, with a particular focus on intellectual property theft and supply chain compromise. This isn’t just about protecting your own assets—it’s about understanding that your vendors, partners, and even customers can be vectors for attack.
Layered defenses are essential. That means combining technical controls, like endpoint detection and response, with robust threat intelligence and third-party risk management. If you’re in a technology-driven organization, expect continued targeting and make sure your defenses are as dynamic as the threats you face.
Now, let’s turn to cloud security. A new study from Red Hat found that an astonishing 97% of organizations have suffered cloud security incidents. That’s nearly uni
