In partnership with

🛡️ Cyber Insurance and Compliance: The New Gatekeepers

Cyber insurance has evolved from a passive safety net into an active compliance enforcer. Businesses can no longer obtain meaningful coverage without demonstrating maturity in their security and compliance practices. For MSPs, this shift is both a challenge and a tremendous opportunity…

🎙️The Get NIST-y Podcast!

Become the go-to AI expert in 30 days

AI keeps coming up at work, but you still don't get it?

That's exactly why 1M+ professionals working at Google, Meta, and OpenAI read Superhuman AI daily.

Here's what you get:

• Daily AI news that matters for your career - Filtered from 1000s of sources so you know what affects your industry.

• Step-by-step tutorials you can use immediately - Real prompts and workflows that solve actual business problems.

• New AI tools tested and reviewed - We try everything to deliver tools that drive real results.

• All in just 3 minutes a day

Join 1M+ pros

📈 SMBs: Why Compliance is Now a Critical Priority in MSP Relationships

Demand is rising, but why? What once felt like a concern limited to enterprise now lands squarely on the shoulders of small and mid-sized companies trying to grow and survive in a connected market. With the right MSP partnership, SMBs can proactively manage compliance demands, minimize risk, and maintain trust with regulators, partners, and their customers…

⚠️ Threat Updates

🔴 VMware Tools Zero-Day Exploited by UNC5174 (10/1/25)

Security researchers revealed that CVE-2025-41244 — a newly patched, high-severity vulnerability in VMware Aria Operations and VMware Tools — has been exploited as a zero-day since October 2024 by the Chinese state-sponsored threat group UNC5174. The flaw allows unprivileged users to gain root access on virtual machines by abusing a logic error in the service and application discovery features, impacting both VMware Tools and the open-vm-tools package widely included in Linux distributions. Despite releasing patches this week, vendor Broadcom did not initially disclose that in-the-wild exploitation was already underway. Organizations are strongly urged to update affected products immediately and review environments for suspicious binaries or elevated processes, especially in /tmp directories. » More Info

🔴 Akira Ransomware Actively Exploits SonicWall VPN Vulnerability (10/1/25)

The Akira ransomware group continues to target organizations by exploiting the year-old SonicWall firewall vulnerability CVE-2024-40766 (CVSS 9.3), leveraging this flaw in SSL VPNs for initial access. Despite a patch being available since August 2024, attackers are bypassing weak multi-factor authentication (MFA) mechanisms and using legitimate, pre-installed tools — including remote monitoring solutions — to evade detection and move laterally. Researchers note incidents with extremely short dwell times and recommend monitoring for unexpected logins, especially from hosting-related sources, and for signs of abuse of legitimate IT tools. Immediate patching of vulnerable SonicWall devices and reviewing remote access policies are highly advised.. » More Info

🗨️ Parting Words

“Those people who think they know everything are a great annoyance to those of us who do.” — Isaac Asimov

Are you a vCISO or MSP looking to operationalize security programs? Let’s discuss how Blacksmith Infosec proves that compliance is an opportunity, not a struggle that has to be packaged in FUD!