🤖 Is AI Letting Your Compliance Slip? How ‘Silent’ Gaps Are Becoming the Biggest GRC Risk of 2025

2025 is seeing an explosion of AI-powered processes embedded throughout business operations — yet few companies update their Governance, Risk, and Compliance (GRC) monitoring to match…

⚠️ Ingram Micro Ransomware Hack

In early July 2025, Ingram Micro — one of the world’s largest distributors of IT products, cloud services, and technology solutions — was struck by a significant ransomware attack that disrupted its global operations, rippled through the tech supply chain, and serves as a warning for organizations everywhere. 

🔍 Channel Daze is Almost Here! (Along with over 17k of Prizes for MSPs!)

Starting August 4th, we’re bringing you 10 straight weekdays of giveaways. That’s two
prizes a day, from 34 awesome sponsors who just want to say thanks. It’s easy, it’s free –
and all you have to do is enter for a chance to win!

⚠️ Threat Updates

🔴 Microsoft SharePoint Vulnerability Exploited by Hackers (7/30/25)

Microsoft has released urgent patches for two critical zero-day vulnerabilities in its SharePoint platform—CVE-2025-53770 (CVSS 9.8) and CVE-2025-53771 (CVSS 7.1)—following active exploitation by threat actors throughout July 2025. These flaws enable unauthenticated remote code execution and administrative access on on-premises SharePoint Server environments, bypassing standard security controls. As of July 30, there are over 75 confirmed compromises impacting U.S. banks, universities, healthcare providers, corporate enterprises, and public agencies across North America and Europe. » More Info

🔴 Aeroflot Breach Signals Growing Sophistication in Aviation Sector Attacks (7/28/25)

A coordinated cyberattack led by Belarusian and Ukrainian hacktivist groups devastated Russian airline Aeroflot, wiping 7,000 servers and leaking 20TB of data, including surveillance logs and executive communications. The operation, shown to involve long-term infiltration over nearly a year, disrupted over 100 flights on July 27–28. These tactics represent a blueprint for targeting airline and aviation supply chain assets globally. U.S. aviation and critical infrastructure sectors should escalate monitoring for persistent lateral movement, implement multi-factor authentication, and rehearse incident response for ransomware and data-wipe scenarios. » More Info

🗨️ Parting Words

“The best way to get the right answer on the Internet is not to ask a question; it’s to post the wrong answer.”

– Cunningham’s Law (Ward Cunningham)

Are you a vCISO or MSP looking to operationalize security programs? Let’s discuss how Blacksmith Infosec proves that compliance is an opportunity, not a struggle that has to be packaged in FUD!