📊 Compliance-as-a-System: Win-Win Compliance Engagements for MSPs

Designing a good compliance engagement is less about adding more tasks and more about changing the shape of the work so clients feel like they are telling a story, not doing homework. Done well, that structure also makes your delivery more consistent and scalable as an MSP…

⚠️ Threat Updates

🔴 New macOS “Infiniti Stealer” Uses Fake CAPTCHA ClickFix Lures to Steal Sensitive Data (03/30/26)

Researchers have uncovered Infiniti Stealer, a new macOS‑focused infostealer that skips traditional exploits and instead uses a fake Cloudflare‑style CAPTCHA page to trick users into running a malicious Terminal command themselves — a social‑engineering technique known as ClickFix. This appears to be the first documented macOS campaign combining ClickFix delivery with a Nuitka‑compiled stealer, underscoring a broader trend toward low‑friction, operator‑friendly attack chains that rely on user interaction and advanced packing rather than pure technical exploitation. » More Info

🔴 Waterfall Threat Report: Ransomware “Slowdown” Masks Surge in Nation‑State Attacks on Critical Infrastructure (03/27/26)

New analysis from Waterfall Security shows publicly recorded cyber incidents with physical consequences in heavy industry fell 25% in 2025, even as nation‑state and hacktivist operations against critical infrastructure doubled, shifting risk from purely criminal ransomware to strategically motivated attacks on energy, water, manufacturing, and other OT environments that traditional IT‑only defenses struggle to contain. » More Info

🗨️ Parting Words

“Have you ever noticed that anybody driving slower than you is an idiot, and anyone going faster than you is a maniac?” — George Carlin

Are you a vCISO or MSP looking to operationalize security programs? Let’s discuss how Blacksmith Infosec proves that compliance is an opportunity, not a struggle that has to be packaged in FUD!