Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript.
Welcome to the daily cyber and AI risk briefing. Today, we’re taking a close look at the evolving landscape of threats and challenges that organizations are facing in 2026. The pace of change in both cyber and artificial intelligence risk is relentless, and the stakes are higher than ever—especially for critical infrastructure, high-profile organizations, and sectors rapidly adopting AI.
Let’s start with the big picture. We’re seeing a surge in both traditional cyber threats and new governance challenges tied to AI. Critical infrastructure—think energy grids, healthcare systems, and financial institutions—remains a top target for sophisticated cybercriminals. At the same time, law firms, IoT devices, and edge infrastructure are facing heightened risks. The rapid adoption of AI, often outpacing the implementation of security and governance controls, is creating significant gaps that chief information security officers need to address urgently.
We’ll break down the most important developments you need to know about today, unpack their practical implications, and highlight what matters most for risk leaders.
Let’s begin with one of the most high-profile incidents making headlines: a sophisticated phishing campaign that’s hit a leading U.S. law firm, Jones Day. The attack is attributed to the cybercriminal group known as ‘Silent.’ Here’s what happened: attackers used targeted phishing emails to gain unauthorized access to the firm’s systems. The potential exposure includes sensitive client data and legal documents—assets that are incredibly valuable, not just to the firm, but to their clients as well. This breach is a stark reminder that professional services firms, especially those handling confidential or regulated information, are prime targets.
For CISOs and risk executives, this incident reinforces several priorities. First, advanced email security is non-negotiable. Basic spam filters are no longer enough; organizations need layered defenses that include threat intelligence, anomaly detection, and real-time response capabilities. Second, user training is essential. Even the most sophisticated technical controls can be undermined by a single click on a malicious link. Regular, realistic phishing simulations and ongoing awareness campaigns can help build a culture of vigilance. And finally, rapid incident response is critical. The faster you can detect and contain a breach, the more you can limit the damage—especially in environments where sensitive data is at stake.
Shifting gears, let’s talk about the evolving threat to IoT devices and edge infrastructure. The Masjesu botnet is making waves with its ability to launch distributed denial-of-service, or DDoS, attacks by compromising IoT devices and commercial routers. What makes Masjesu particularly concerning is its use of evasive techniques that make detection and mitigation challenging, even for well-defended organizations. We’re seeing these botnets being used in large-scale attacks against enterprise networks, leveraging the sheer number of vulnerable IoT endpoints.
The practical implication here is clear: as organizations deploy more connected devices—everything from smart sensors in manufacturing plants to connected medical equipment in hospitals—the attack surface expands dramatically. Security leaders need to prioritize three things. First, maintain a comprehensive inventory of all IoT assets. You can’t protect what you don’t know you have. Second, implement regular patching and firmware updates. Many IoT devices ship with default credentials or unpatched vulnerabilities, making them easy targets. And third, use network segmentation to isolate IoT devices from critical systems. This limits the ability of attackers to move laterally if a device is compromised.
