In partnership with

🔒 Why Security Culture Beats Security Tools (And Makes Them Worth What You Paid)

Security culture is the only control that improves every other control you have. Tools come and go with budget cycles. Culture is what’s left when the licenses expire — and it’s what attackers run into first…

🎙️The Get NIST-y Podcast!

⚠️ Threat Updates

 🔴 2025 KEV Data Shows Accelerating Exploitation as Ransomware Enters 2026 “Rampage” Phase (01/06/26)

Early 2026 threat briefings warn that the volume and speed of exploited vulnerabilities jumped again in 2025, with CISA’s Known Exploited Vulnerabilities catalog growing by roughly 20% and listing over 1,400 entries. Researchers note that at least two dozen of the 2025 additions were directly tied to ransomware operations, as gangs weaponized bugs — such as CitrixBleed-style flaws — soon after disclosure. Security teams are urged to treat KEV-listed CVEs as emergency items, tighten external attack-surface management, and prepare for continued ransomware “rampage” conditions through 2026. » More Info​

 🔴 Ransomware Early-Warning Program Faces Uncertainty After Key CISA Exit (01/05/26)

CISA’s Pre-Ransomware Notification Initiative (PRNI), credited with helping prevent an estimated $9 billion in ransomware-related damage, has lost its founding lead after a forced reassignment prompted his resignation. The program has issued thousands of early warnings since 2022 based on intel and sensor data, tipping off critical infrastructure operators before actors could encrypt or steal data, but its long-term direction is now unclear as leadership shifts. Organizations should not assume PRNI alerts will always arrive and are urged to strengthen their own ransomware telemetry, KEV patching, and incident-reporting channels going into 2026. » More Info

​🔴 New “Brickstorm” Rust Variants Extend PRC Espionage Campaign Into 2026 (01/05/26)

CISA, NSA, and the Canadian Centre for Cyber Security updated their joint analysis of the BRICKSTORM malware family, detailing new Rust-based variants used by suspected PRC state-backed actors for long-term espionage. Investigators report that Brickstorm operators maintained persistent access to victim networks for over a year, compromising VMware vCenter, domain controllers, and ADFS servers, and even exporting cryptographic keys to facilitate stealthy lateral movement and SSO abuse. The advisory urges defenders to apply the new YARA rules and indicators of compromise, hunt for abnormal authentication and federation activity, and immediately report suspected Brickstorm infections to national cyber authorities. » More Info​

Fuel your business brain. No caffeine needed.

Consider this your wake-up call.

Morning Brew}} is the free daily newsletter that powers you up with business news you’ll actually enjoy reading. It’s already trusted by over 4 million people who like their news with a bit more personality, pizazz — and a few games thrown in. Some even come for the crosswords and quizzes, but leave knowing more about the business world than they expected.

Quick, witty, and delivered first thing in the morning, Morning Brew takes less time to read than brewing your coffee — and gives your business brain the boost it needs to stay sharp and in the know.

Try Morning Brew for free

🗨️ Parting Words

“The best way to predict the future is to invent it.” — Alan Kay

Are you a vCISO or MSP looking to operationalize security programs? Let’s discuss how Blacksmith Infosec proves that compliance is an opportunity, not a struggle that has to be packaged in FUD!