🔑 Quantum Computing and Cryptography: Preparing for the Future

Quantum computing’s impact on encryption is not a distant concern — it’s becoming a compliance priority today. Compliance teams are realizing the need to act as catalysts for this transition, ensuring their organizations are not merely reactive but strategically prepared for the impending “Q-Day”.

❓ What Are Advanced Persistent Threats?

Understanding APTs is essential for organizations seeking to protect their most valuable assets and comply with regulatory requirements. By recognizing the unique characteristics and risks posed by APTs, security and compliance teams can better prepare to detect, respond to, and mitigate these advanced threats.

Join us on June 18th @ 1PM EST!

👉 Let's Talk SOC, SOAR, XDR (and More)

These terms represent real capabilities that help you stay secure and keep the compliance folks happy. The key is understanding how they work together. Depending on your role, you may not need to become an expert in all of them — but knowing what they do and how they fit together will help you make better security decisions and have more productive conversations with your security team.

Start learning AI in 2025

Keeping up with AI is hard – we get it!

That’s why over 1M professionals read Superhuman AI to stay ahead.

• Get daily AI news, tools, and tutorials

• Learn new AI skills you can use at work in 3 mins a day

• Become 10X more productive

Sign up and start mastering AI

⚠️ Threat Updates

🔴 Microsoft WebDAV Zero-Day Actively Exploited in Defense Sector (6/11/25)

A highly critical zero-day vulnerability, CVE-2025-33053, in Microsoft Windows WebDAV is being actively exploited in the wild by the group Stealth Falcon. Recent attacks have targeted government and defense organizations, particularly in the Middle East and Africa, with evidence suggesting attempts against a defense contractor in Turkey. Microsoft has issued a patch as part of its June 2025 Patch Tuesday updates, and organizations are urged to apply the update immediately and remain vigilant against similar tactics involving legitimate Windows tools and LOLBins. » More Info

🔴 APT41 Deploys Stealthy Cloud-Based Malware Targeting Global Institutions (6/6/25)

APT41, also known as Earth Baku, has launched new campaigns leveraging stealthy, cloud-based command-and-control (C2) infrastructure to target government, technology, and critical infrastructure sectors worldwide. Their latest operation uses fileless payloads and cloud services like Google Drive for C2 communication, abusing trusted software through DLL sideloading to evade detection. Defenders are advised to monitor for anomalies in DLL sideloading, suspicious Google API usage, and unusual process hollowing, as APT41 continues to refine its tactics. » More Info

🗨️ Parting Words

"The bad guys don’t have to be right all the time — we do."

— Source Unknown

Are you a vCISO or MSP looking to operationalize security programs? Let’s discuss how Blacksmith Infosec proves that compliance is an opportunity, not a struggle that has to be packaged in FUD!