Patching can't wait.

The CyberWire Daily episode 'Patching can't wait' delivers a comprehensive overview of urgent cybersecurity threats and systemic challenges facing organizations in 2026. A critical Fortinet vulnerability is already being exploited in the wild, prompting emergency patches and highlighting the dangers of delayed remediation. A major outage in Russia’s banking infrastructure—impacting millions across Moscow and other regions—exposes the fragility of centralized digital systems, while a new SANS/GIAC report reveals that workforce skills gaps now pose a greater threat than hiring shortages, with 60% of organizations lacking necessary capabilities. Meanwhile, cybercriminals are evolving: QR code scams impersonating courts, AI privacy violations via Perplexity’s data sharing, and violent 'wrench attacks' targeting crypto holders underscore the physical-digital convergence of cyber threats. On the innovation front, Microsoft’s Kevin McGee discusses the rise of agentic AI and the importance of startups focusing on specific customer problems rather than broad markets. Allie Mellon’s new book, 'Code War,' reframes nation-state cyber operations as extensions of national identity, with Russia’s attention-seeking attacks contrasting with the U.S.’s stealthy approach. The episode closes with warnings about overreliance on AI tools like Copilot, whose terms of use emphasize entertainment over reliability. Key takeaways include: 1) Immediate patching of critical vulnerabilities is non-negotiable; 2) Skills gaps are now a primary security risk, requiring structured training and certification; 3) Startups should focus on a narrow ICP before scaling; 4) Nation-state cyber operations reflect national culture and strategic priorities; 5) QR code scams and physical attacks are expanding the threat surface; 6) AI tools must be used with caution due to disclaimers and potential inaccuracies; 7) Zero-trust principles are essential, especially for small teams; 8) Supply chain attacks remain a top vector for large-scale breaches. The episode maintains a cautiously urgent tone, emphasizing proactive defense and systemic resilience.