• Forging Trust
  • Posts
  • How AI is Beating MFA, and a Look Back on the Conduent Mega-Breach

How AI is Beating MFA, and a Look Back on the Conduent Mega-Breach

IT channel and business news with a focus on regulatory compliance.

Author

Blacksmith Team
March 04, 2026

In partnership with

šŸ”‘ MFA Bypass Kits, AI Phishing, and the End of ā€˜Good Enoughā€™ Authentication

MFA used to be the control that let MSPs and security pros sleep at night. In 2026, industrialā€‘grade phishing kits and AI email engines have turned ā€œwe turned on MFAā€ into the new ā€œwe installed antivirusā€ ā€” expected, but nowhere near enoughā€¦

Smart starts here.

You don't have to read everything ā€” just the right thing. 1440's daily newsletter distills the day's biggest stories from 100+ sources into one quick, 5-minute read. It's the fastest way to stay sharp, sound informed, and actually understand what's happening in the world. Join 4.5 million readers who start their day the smart way.

šŸ’„ What a ā€œLargest in U.S. Historyā€ Incident Teaches About Thirdā€‘Party Risk

When a contractor you barely name in board meetings leaks Social Security and health data for at least 25 million people, it stops being ā€œtheirā€ incident and becomes a referendum on your thirdā€‘party risk program. The Conduent breach is exactly that kind of stress testā€¦

āš ļø Threat Updates

šŸ”“ AIā€‘Built ā€œFlatā€‘Packā€ Malware Kits Supercharge Lowā€‘Effort Campaigns (03/04/26)

HPā€™s latest Wolf Security Threat Insights Report describes a surge in ā€œflatā€‘packā€ cyberattacks, where criminals assemble campaigns from modular, offā€‘theā€‘shelf malware components and AIā€‘generated infection scripts ā€” prioritizing speed and low cost over sophistication, yet still slipping past traditional detection. Attackers reuse the same intermediate loaders and installers across many lures and payloads, and increasingly rely on AI ā€œvibeā€‘hackingā€. Security teams should assume rapid, AIā€‘driven iteration on basic malware, tighten controls around email and document handling, and reduce reliance on pure detection by isolating risky user actions (like opening attachments, archives, and unfamiliar links) in hardened containers or virtualized environments where these flatā€‘pack chains can detonate without impact. Ā» More Info

šŸ”“ Actively Exploited VMware Aria Operations RCE Bug Added to CISA KEV (03/04/26)

CISA has added VMware Aria Operations vulnerability CVEā€‘2026ā€‘22719 to its Known Exploited Vulnerabilities catalog after reports that attackers are abusing the flaw, which allows unauthenticated command injection and potential remote code execution on vulnerable instances during supportā€‘assisted product migration. Organizations should immediately identify exposed Aria Operations deployments, apply the latest security updates, restrict network access to management interfaces, and increase monitoring for suspicious commands or processes originating from Aria Operations hosts, treating successful exploitation as a likely path to lateral movement and full environment compromise. Ā» More Info

šŸ—Øļø Parting Words

ā€œThe more you automate, the more you need human interaction.ā€ ā€“ John Maeda, Technologist and Designer

Find the Blacksmith Teamā€¦

ā€¦on demand with 
Get NIST-y on Spotify!

Are you a vCISO or MSP looking to operationalize security programs? Letā€™s discuss how Blacksmith Infosec proves that compliance is an opportunity, not a struggle that has to be packaged in FUD!