⛓️‍💥 Surviving Supply-Chain Ransomware as an MSP

Supply‑chain ransomware has turned MSPs into high‑value dominoes: hit one provider, get dozens of downstream victims as a bonus. In this article, we'll discuss how to defend your own house, constrain vendor blast radius, and explain the risk in plain English to your prospects and clients…

🎙️The Get NIST-y Podcast!

⚠️ Threat Updates

🔴 US Energy & Utilities Face Intensifying Ransomware Pressure

Sector reporting indicates ransomware attacks against energy and utilities in 2025 have surged by roughly 80% year over year, with at least 84 documented incidents impacting power and water providers worldwide, many in North America. Operators face a mix of IT and OT intrusion paths, as attackers abuse exposed remote access services and misconfigured industrial assets to gain leverage over critical services. US utilities should harden remote access to OT networks, inventory and segment internet‑exposed assets, and align incident response with regulatory expectations around service continuity. » More Info​

🟠 React Flaw Sparks New Supply‑Chain Breach Concerns (12/2025)

A December breach roundup warned that a vulnerability in the React JavaScript framework has created new supply‑chain exposure for US organizations relying on React‑based web apps and third‑party components. Incidents tied to this flaw coincided with FTC enforcement and breach notifications, emphasizing regulatory scrutiny when modern web stacks and libraries expose consumer data. Development and security teams should tighten dependency management, SBOM usage, and automated scanning for vulnerable React components across public‑facing apps. » More Info​

🗨️ Parting Words

“If you don't want to be replaced by a computer, don't act like one.” — Arno Allan Penzias

Are you a vCISO or MSP looking to operationalize security programs? Let’s discuss how Blacksmith Infosec proves that compliance is an opportunity, not a struggle that has to be packaged in FUD!