• Forging Trust
  • Posts
  • Rapid7 Exploited, and Why MSPs Must Prioritize Compliance Now

Rapid7 Exploited, and Why MSPs Must Prioritize Compliance Now

IT channel and business news with a focus on regulatory compliance.

Author

Blacksmith Team
October 15, 2025

In partnership with

⚠️ Rapid7 Velociraptor Vulnerability Exploited in Ransomware Attacks

CISA’s warning about Rapid7 Velociraptor should prompt urgent remediation and wider reconsideration of how organizations manage and monitor the security posture of their protective tools. As ransomware groups adapt to exploit such flaws, the imperative for proactive configuration management and rapid vulnerability response has never been greater.​..

The Future of the Content Economy

beehiiv started with newsletters. Now, they’re reimagining the entire content economy.

On November 13, beehiiv’s biggest updates ever are dropping at the Winter Release Event.

For the people shaping the next generation of content, community, and media, this is an event you won’t want to miss.

🎙️The Get NIST-y Podcast!

Follow our compliance and information security podcast — now on Spotify!

⌚ Why MSPs Must Prioritize Compliance Now: State Breach Laws, SEC Regulation S-P, and CIRCIA Drive Urgent Changes for 2025

Major regulatory and compliance changes in 2025 will transform how Managed Service Providers (MSPs) operate, manage risk, and support clients. Getting serious about compliance now is critical for MSPs who want to hedge against steep penalties and regulatory disruption in the years ahead.​..

MSPs Face Compliance Crossroads

Managed service providers are facing an urgent need to elevate their risk and compliance programs due to evolving supply chain, third-party, privacy, and disclosure requirements as they head into 2026. For compliance leaders, keeping pace with these changes is no longer optional — it’s both a survival strategy and a proactive way to leverage early adoption into market success.​

⚠️ Threat Updates

🔴 Record Spike in U.S. Software Supply Chain Attacks Targets MSPs and Tech Firms (10/12/25)

Supply chain cyberattacks have doubled since April 2025 — averaging 26 incidents per month — with ransomware, data theft, and zero-day exploits driving most attacks. New research shows 45% of U.S. organizations are expected to face a supply chain breach by year-end, many via trusted IT and MSP partners. The 3CX/Trading Technologies hack is a prime example: attackers poisoned an upstream provider, cascading compromise to customers. Experts urge MSPs and businesses to prioritize vendor risk audits, endpoint monitoring, and incident response programs now to address cascading supply chain vulnerabilities. » More Info​

🔴 SonicWall Cloud Firewall Backup Breach Exposes Configuration Data Across All Customers (10/10/25)

SonicWall has confirmed that the September breach of its cloud backup service is far worse than initially thought. SonicWall now reports a jump in affected cloud backup users, from fewer than 5% as originally reported to 100%. MSPs and IT teams should audit restored configurations and monitor for anomaly spikes, as threat actors are now actively targeting environments with SonicWall backups using techniques developed from this breach. » More Info

🗨️ Parting Words

“There will come a time when it isn't 'They're spying on me through my phone' anymore. Eventually, it will be 'My phone is spying on me'.”

Philip K. Dick

Are you a vCISO or MSP looking to operationalize security programs? Let’s discuss how Blacksmith Infosec proves that compliance is an opportunity, not a struggle that has to be packaged in FUD!