🖥️ AI and Compliance: The Story Continues

The integration of AI with IT compliance continues to present significant challenges in 2025, as organizations navigate an increasingly complex regulatory landscape while trying to leverage AI's benefits. On top of this, software developers are racing to prove that AI is an easy replacement for compliance expertise — at their own peril. While "AI" seems like the marketing buzzword de jour that fits compliance perfectly, practical application has yet to yield anything trustworthy or thorough enough to entrust with an organization's security and reputation…

🌿 Greenwashing Under a Microscope

Let's face it — companies got caught with their pants down in the greenwashing game, and now they're scrambling to save their reputations. With everyone from angry Twitter users to government watchdogs breathing down their necks, here's how they're trying to get their act together…

⚒️ Blacksmith Updates

The IT channel’s favorite compliance tool just got a feature release!

⚠️ Threat Updates

🔴 CISA Warning: Fortinet Vulnerability (3/12/25)

The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that threat actors are actively exploiting a critical Fortinet vulnerability (CVE-2025-24472) in ongoing ransomware campaigns. This authentication bypass flaw affects FortiOS (versions 7.0.0-7.0.16) and FortiProxy (versions 7.2.0-7.2.12 and 7.0.0-7.0.19), allowing remote attackers to gain super-admin privileges through crafted CSF proxy requests.

Fortinet disclosed the high-severity vulnerability (CVSS 8.1) in January 2025 and released patches in versions 7.0.17, 7.2.13, and 7.0.20.

Security researchers at Forescout reported on March 12 that ransomware group Mora_001, linked to LockBit, is leveraging this vulnerability alongside another Fortinet flaw (CVE-2024-55591) to deploy their new "SuperBlack" ransomware. CISA subsequently added CVE-2025-24472 to its Known Exploited Vulnerabilities (KEV) catalog on March 18.

🔴 Threat Insights Report: Malicious Captcha Campaigns (3/21/25)

HP's latest Threat Insights Report warns of a significant rise in malicious CAPTCHA campaigns that trick users into running PowerShell commands installing the Lumma Stealer RAT, exploiting users' increased "click tolerance" for multi-step authentication processes. Dr. Ian Pratt, HP's Global Head of Security for Personal Systems, emphasizes that organizations should focus on isolating risky actions rather than relying solely on cyber awareness training, especially as 11% of email threats bypassed gateway scanners, with executables (43%) and archive files (32%) being the most common malware delivery methods.

🗨️ Parting Words

“The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency. The second is that automation applied to an inefficient operation will magnify the inefficiency.” — Bill Gates

Are you a vCISO or MSP looking to streamline compliance management? We invite you to try Blacksmith, the channel’s fastest-growing tool for Compliance-as-a-Service!