Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.
Welcome to today’s cyber and AI risk update. I’m Michael Housch, and I’ll be guiding you through the latest developments shaping our threat landscape as of March 31st, 2026. If you’re a CISO, risk executive, or anyone with a stake in enterprise security, these are the issues that should be top of mind right now.
Let’s start with a broad view. We’re seeing a surge in high-impact vulnerabilities and active exploitation of technologies that form the backbone of enterprise IT. At the same time, the intersection of artificial intelligence and cybersecurity is producing new risks, both technical and regulatory. Ransomware actors are evolving, supply chain attacks are increasing, and legal decisions are starting to reshape the AI governance landscape. The pace of change is relentless, and the implications are significant for organizations of all sizes.
Let’s break down the most pressing issues you need to be aware of.
First up, Citrix NetScaler appliances are under active attack. The Cybersecurity and Infrastructure Security Agency, or CISA, has flagged a vulnerability—suspected to be CVE-2026-3055—that’s being actively exploited in the wild. NetScaler is widely used in enterprise environments for application delivery and remote access, so this is not a niche problem. Attackers are probing and exploiting this flaw to gain unauthorized access or execute code on affected systems. The risk here isn’t just initial compromise. Once inside, attackers can move laterally, escalate privileges, and potentially access sensitive data or critical systems.
What does this mean for your organization? If you’re running NetScaler, you need to prioritize patching—now. Don’t wait for the next scheduled maintenance window. You should also be monitoring your environment for signs of exploitation, such as unusual authentication attempts or unexpected changes in system behavior. The window between vulnerability disclosure and active exploitation is shrinking, so rapid response is essential.
Next, let’s talk about F5 BIG-IP. A vulnerability in these devices has just been reclassified as a remote code execution issue, which is as serious as it gets. Attackers can potentially take full control of affected devices, and exploitation is already underway. F5 BIG-IP is a critical component for load balancing and security in many enterprise networks. If your organization relies on BIG-IP, you need to apply available patches immediately and review your device configurations for any indicators of compromise.
This is a good moment to reflect on patch management in general. The days when you could afford to wait weeks or months to apply critical patches are over. Attackers are moving faster, and the cost of delay is rising. Make sure your vulnerability management processes are up to the challenge.
Let’s shift gears to ransomware. Threat actors are getting more creative, and one of the latest tactics involves abusing legitimate Windows tools to disable antivirus protections before launching ransomware attacks. This approach allows them to fly under the radar, evading traditional security controls and maximizing their impact. It’s a reminder that attackers don’t always need zero-day exploits—sometimes, they just need to use the tools already present in your environment.
So, what can you do? Enhance your monitoring for suspicious use of native Windows utilities, like PowerShell or Windows Management Instrumentation. Consider implementing application whitelisting and invest in robust endpoint detection and response solutions. The goal is to spot and stop malicious activity before it can do real damage.
Now, let’s talk about supply chain risk, which continues to be a major concern. The axios NPM library, which is downloaded over 100 million times and
