Cutting through Cyber - newsletter 3
July 6, 2026
There's a common thread running through this month's cyber stories: the ground is shifting beneath the controls most organisations have relied on for a decade. Software flaws have overtaken stolen passwords as the most common way attackers first get in. The AI tools every business is racing to adopt carry a weakness that may never be fully fixed. Attackers are poisoning the software supply chain itself, turning trusted updates into delivery vehicles. The hackers end game is moving away from locking up your files toward simply stealing your data and threatening to publish it. All of this points to a broader shift in how risk is showing up.
As always, contact us at kristin@ksib.com.au or steve@ksib.com.au if you'd like to discuss any of these stories further.
You might also want to read Steve’s thoughts on Mythos.
Regards
Kristin & Steve
Our topics this month:
The way in has changed
The AI flaw that may never be patched
When the update is the attack
Encryption optional - the rise of pure data theft
1. The way in has changed - flaws now beat passwords
Verizon's 2026 Data Breach Investigations Report is out, built on more than 22,000 confirmed breaches across 145 countries. The headline: for the first time in 19 years of reporting, the most common way attackers first get in is by exploiting an unpatched software flaw (31% of breaches), ahead of stolen passwords. Ransomware still turned up in roughly half of all breaches, but about 69% of victims refused to pay, and the amounts that are paid keep falling. AI shows up on both sides of the fight. Criminals are using it to pick targets, write malware and sharpen their scams; defenders who lean on AI-assisted security reported lower costs per incident. IBM, separately, puts the average US breach at a record figure above US$10 million.
So what for business leaders. The move from passwords to flaws changes where your attention and money should go. For years the story was phishing and stolen logins. That hasn't gone away, but the data now says how quickly you fix known weaknesses matters just as much. The use questions boards can ask are: do we know all the software and kit we run, how fast do critical fixes get applied, and is that fast enough now that attackers move in days and AI moves in minutes? The falling rate of ransom payments is good news, and it carries a message. Being able to recover without paying is becoming a fair test of how well an organisation is run.
So what for tech and cyber leaders. Revisit your remediation SLAs against real exploitation timelines rather than a compliance calendar; the gap between a flaw being disclosed and being exploited is now measured in days. Prioritise anything internet-facing and anything on CISA's Known Exploited Vulnerabilities list, and make patch coverage and asset inventory things you can prove rather than assume. On AI, assume the volume and quality of phishing aimed at your people is climbing, because the attackers have the same tools you do. Test detection and response against faster intrusions, and treat clean backups, tested restoration and sensible segmentation as core controls rather than nice-to-haves.
2. The AI flaw that may never be patched
Researchers working with OWASP, a respected industry body, have landed on an uncomfortable conclusion about the AI tools now being wired into everyday business: their biggest weakness may not be fixable. The problem is called prompt injection -getting an AI tool to ignore its instructions by hiding commands in something it reads, such as an email, a calendar invite, a document or a web page. Because these systems can't reliably tell a genuine instruction from text they've been handed, researchers describe this as a flaw in how the technology is built, not a bug waiting for a patch. It turns dangerous when an AI agent has three things at once: access to sensitive data, exposure to untrusted content, and a way to send information out. Give one agent all three, and a single malicious instruction can walk your data out the door.
So what for business leaders. This is the governance question sitting under the rush to adopt AI: companies are handing agents real access to data and systems faster than they're putting oversight around them. A board doesn't need the technical detail to ask the right things. What AI tools and agents are actually running in the business? What can they see and do? And who owns the risk when one of them acts on a malicious instruction? The honest answer from researchers - that this can be reduced but not removed - argues for careful adoption with near real-time controls rather than either a ban or a free-for-all. KSIB set out its own view on adopting AI without freezing up or rushing in, in Taking the first leap forward safely, the gist is that good governance is what lets you move quickly with some confidence behind you.
So what for tech and cyber leaders. Treat every AI agent like a privileged service account and govern it the same way: least privilege, short-lived credentials, and a clear gap between what it can read and what it can act on. The three-capability test is a handy design check. If an agent has private data, untrusted input and a path out, break one of the links, usually by locking down or watching the egress. Don't lean on input filtering or system prompts as your main defence; they help, but a determined injection gets past them. Log agent activity into your SIEM, work out what abnormal looks like for a non-human identity, and pull procurement and legal in early, because a lot of this risk arrives bolted onto third-party products you didn't build and can't fully see.
3. When the update is the attack
On 1 June, attackers published booby-trapped versions of 32 software packages under Red Hat's name - components that get pulled automatically into other companies' systems. Several security firms reported that the tampered code ran the moment it was installed, scooped up cloud and developer credentials, then used them to copy itself into other packages the victim controlled. Researchers named the worm Miasma. The way in was ordinary enough: a developer account or its build pipeline was compromised and used to push code that skipped the usual review. It echoes a separate case from Palo Alto's Unit 42, in which a China-linked group compromised the hosting infrastructure behind the popular Notepad++ tool last year, quietly redirecting its updates to post tampered software to chosen targets. In both, nobody broke into the victims. The victims installed the attack themselves, through a supplier they trusted.
So what for business leaders. This is third-party risk at its most awkward: you can run a tight ship and still be compromised because something you depend on wasn't reliable. Modern software is assembled from thousands of outside components, most of which nobody in the building has ever looked at. So it's worth asking whether the business understands which suppliers and software it genuinely depends on, whether it would notice quickly if one were tampered with, and whether that risk is governed as seriously as the organisation's own systems. It's also a reminder that concentration risk now applies to software building blocks and even security tools, not only to the big outsourced services and cloud providers.
So what for tech and cyber leaders. Assume your build pipeline is a target. Enforce phishing-resistant MFA on developer and maintainer accounts, require signed and reviewed commits, and treat CI/CD secrets as high-value, with short lifetimes and tight scope. Keep a software bill of materials so "are we exposed?" takes minutes rather than days, and pin and vet dependencies instead of pulling latest automatically. Miasma stole and reused cloud and OIDC tokens to spread, so look hard at token lifetimes, egress from build environments, and how far a compromised laptop can reach into production. If you installed an affected package, the safe assumption is that every reachable secret is exposed; rotate them.
4. Encryption optional - the rise of pure data theft
The old ransomware routine, scramble your files and sell you the key, is giving way to something simpler: steal the data and threaten to publish it. Several of the busiest criminal groups now skip encryption entirely. The crew known as ShinyHunters has claimed dozens of victims this year using stolen logins and phone-based trickery rather than malware. In June, US dental-benefits firm DentaQuest had data on about 2.6 million people leaked after an extortion attempt, with no malware involved, and the same group publicly threatened the Council of Europe with a mid-June deadline to pay. It's happening here, too. The Qilin group spent May and June leaning on Australian insurers and financial-services firms, and the earlier youX breach, which exposed records on more than 444,000 Australian borrowers sitting in an unsecured cloud database, showed how a single misconfiguration can hand over everything without anything being "hacked" in the dramatic sense.
So what for business leaders. This quietly changes the maths. Backups and recovery plans, the standard answer to ransomware, do nothing when the threat is publication rather than disruption. The moment data leaves the building it becomes a reputation, regulatory and customer-trust problem, which puts legal, communications and the board in the room from the first hour, not just IT. A board should know what its most sensitive data is, where it lives and who can reach it, and should have thought through how it would handle a demand where paying buys no guarantee the data is ever deleted. For Australian organisations, youX and the Qilin activity are a reminder that mandatory breach notification and the fallout land here as hard as anywhere.
So what for tech and cyber leaders. If the prize is data, then knowing and controlling your data is the control that counts most. Catalogue your high-value unstructured data, tighten access to least privilege, and put real effort into egress and exfiltration monitoring, because once it's on a leak site the incident is already over. These groups get in through stolen credentials, help-desk social engineering and misconfigured cloud storage, not exotic exploits, so audit your identity verification, push phishing-resistant MFA out broadly, and make hunting for exposed buckets and databases a standing job. Rehearse the extortion scenario on its own; it plays out nothing like a file-encryption event, and most of the hard calls are legal and reputational rather than technical.
The threat keeps shifting, and last year's controls don't all hold this year. If any of this raises questions for your organisation, drop me a line at steve@ksib.com.au - always happy to chat about it.

