CISA puts commercial spyware on your executive risk register
CISA is sounding the alarm about commercial spyware targeting users of encrypted messaging apps through device linking, QR codes, spoofed downloads, and sophisticated social engineering. High value targets include senior government officials, executives, and civil society leaders whose phones serve as both communications hubs and authentication devices.
For enterprise leaders, this means mobile messaging can no longer be treated as a personal side channel that sits outside formal controls. Organizations should reassess bring your own device and executive protection policies, restrict high risk app usage for sensitive roles, and ensure incident playbooks assume a fully compromised handset rather than just a stolen password.
Sources:
https://www.cisa.gov/news-events/alerts/2025/11/24/spyware-allows-cyber-threat-actors-target-users-messaging-applications
https://thehackernews.com/2025/11/cisa-warns-of-active-spyware-campaigns.html
Fluent Bit vulnerabilities turn your logging layer into an attack surface
A newly disclosed chain of vulnerabilities in the Fluent Bit logging agent shows how deeply embedded observability components can become a blind spot. The flaws allow an attacker to execute code on the logging agent and to manipulate or delete logs before they reach your analytics tools. Because Fluent Bit is entrusted with telemetry from billions of containers and heavily used in managed Kubernetes services, the blast radius is wide.
This is not just about patching a component. It is about revisiting assumptions that logs are inherently trustworthy. Security and platform teams should inventory where Fluent Bit runs, verify that upgrades are applied in cloud managed services as well as self managed clusters, and consider independent integrity checks to detect tampered telemetry in critical detection and compliance workflows.
SEC exits the SolarWinds case, but cyber disclosure pressure remains
The SEC has voluntarily dismissed its civil enforcement case against SolarWinds and Chief Information Security Officer Tim Brown, ending a closely watched test of cyber disclosure liability. The case had centered on whether the company misled investors about its security posture and the Sunburst supply chain attack, and it raised concerns that individual security leaders could become primary enforcement targets after breaches.
With the dismissal filed with prejudice, some of that personal risk pressure has eased, but the underlying disclosure rules and expectations have not gone away. Boards still need clear criteria for materiality, established pathways for escalating incidents to legal and finance, and a cross functional process for aligning public statements, regulatory filings, and technical facts under time pressure. This is a moment to sharpen playbooks, not to relax them.
Sources:
https://www.sec.gov/enforcement-litigation/litigation-releases/lr-26423
Harvard’s vishing breach is a warning for development and fundraising teams
Harvard University has disclosed that information systems used by its Alumni Affairs and Development office were compromised after a phone based phishing attack. The incident exposed personal contact information and donation details for alumni, donors, and some students and faculty, highlighting how attackers are targeting administrative and fundraising functions rather than just core IT.
Every organization with a donor, member, or customer relationship function faces similar risk. These teams often have strong relationship skills but less security training, even though they access systems rich with sensitive personal and financial context. Leaders should treat development and advancement offices as priority users for social engineering defenses, implement call back and verification procedures, and ensure logging and monitoring for their systems matches the rigor applied to core finance applications.
Sources:
https://www.huit.harvard.edu/cyberincident
https://www.bleepingcomputer.com/news/security/harvard-university-discloses-data-breach-affecting-alumni-donors/
AWS bets fifty billion dollars on federal AI and supercomputing demand
Amazon has announced plans to invest up to fifty billion dollars to expand AI and supercomputing infrastructure for U.S. government customers of Amazon Web Services. The build out, which is set to begin construction in twenty twenty six, will add nearly one point three gigawatts of capacity across AWS Top Secret, Secret, and GovCloud regions using advanced compute and networking technologies.
For federal agencies, this signals a new phase where secure, AI ready capacity will no longer be the limiting factor for ambitious analytics and modeling workloads. For defense industrial base and regulated industry partners, it raises questions about how to colocate their own sensitive workloads near these regions, manage data gravity, and structure long term contracts that assume AI intensive compute will be available at scale in government authorized environments.
Sources:
https://www.aboutamazon.com/news/company-news/amazon-ai-investment-us-federal-agencies
https://www.reuters.com/business/retail-consumer/amazon-invest-up-50-billion-ai-supercomputing-us-government-customers-2025-11-24/
Agentic AI comes to the mainframe via Kyndryl
Kyndryl has introduced an Agentic AI Framework and associated services that bring generative and agentic AI capabilities directly to IBM Z and other mainframe platforms. Survey data cited by the company indicates that nearly ninety percent of mainframe customers either have implemented or plan to implement AI in those environments, but many lack the multi skilled talent needed to do it safely and effectively.
The proposition is attractive for enterprises whose most critical transactional systems still run on the mainframe. AI agents could automate operations, performance tuning, and elements of modernization while reducing manual toil. The trade off is that these agents would be operating close to the heartbeat of the business. Implementations should therefore include strict access controls, strong auditability, and clear operational guardrails so that automation amplifies human judgment rather than replacing it.
Sources:
https://www.kyndryl.com/us/en/about-us/news/2025/11/agentic-ai-framework-services-mainframe
Trend Micro’s AI security package aims at model to runtime protection
Trend Micro is previewing a new Trend Vision One AI Security Package intended to protect AI environments from model development through runtime operations. The package offers centralized exposure management and analytics tailored to AI workloads, alongside controls designed to secure the entire AI application stack across cloud and hybrid infrastructure. It will debut with additional AI risk management capabilities at AWS re Invent.
For organizations that are scaling AI initiatives across multiple business units, this reflects a broader shift from generic security tools toward model and pipeline aware controls. Security and AI platform teams will need to decide how to integrate AI specific telemetry and policies into their existing extended detection and response, cloud security posture management, and governance frameworks to avoid creating yet another silo.
Oklahoma’s first Chief AI and Technology Officer as a public sector model
Oklahoma has created a new statewide Chief AI and Technology Officer role and appointed Tai Phan to lead it. The position consolidates responsibility for responsible AI adoption, digital modernization, and cross agency technology strategy, following recommendations from a Governor task force on emerging technologies. The focus is on using AI to streamline operations, reduce manual work, and maintain strong ethics and security guardrails.
State and local governments, as well as large enterprises, can treat this as a reference pattern for AI leadership. A clearly identified AI executive with authority, a mandate tied to mission outcomes, and explicit responsibility for ethics and governance may become a best practice. Organizations without a named AI leader may find themselves struggling to coordinate pilots, control risk, and communicate with stakeholders about where AI is heading.
Sources:
https://oklahoma.gov/omes/newsroom/2025/tai-phan-announced-as-state-chief-ai-and-technology-officer.html
https://www.govtech.com/workforce/oklahoma-appoints-first-chief-ai-and-technology-officer
Topics We’re Tracking (But Didn’t Make the Cut)
Dropped Topic: Samsung mobile zero day added to CISA’s Known Exploited Vulnerabilities list.
Why It Didn’t Make the Cut: Important for mobile fleet owners but less central than today’s broader executive and governance themes.
Why It Caught Our Eye: Illustrates how handset level exploits can complement the spyware campaigns highlighted in our lead story. Malwarebytes
Dropped Topic: Amazon’s separate fifteen billion dollar data center investment in Indiana.
Why It Didn’t Make the Cut: Regional economic development story with similar themes to the federal AI infrastructure investment already featured.
Why It Caught Our Eye: Reinforces how hyperscalers are scaling power hungry infrastructure footprints to meet AI demand. Reuters
Quick Disclaimer and Sources Note: The author used AI in part to create this newscast. Our goal is to be transparent and show you how we sourced the info we used.
This newscast was developed using only public sources of information.
The Exchange Daily is a production of Metora Solutions. For more information about how to participate in this daily newscast, contact us at podcasts@metorasolutions.com.
