In partnership with

🌎 What Can We Learn from EU’s NIS2 Rollout?

The European Union’s NIS2 Directive is sending ripples across the Atlantic — not only for U.S. companies already doing business in Europe but as a case study for what’s likely on the horizon in American compliance. As states and federal agencies introduce tougher cybersecurity mandates and incident reporting rules, NIS2’s implementation offers a unique preview of the hurdles, pitfalls, and solutions that U.S. enterprises may soon face.

💰 Ransomware-as-a-Service is Changing the Game for IT Providers

MSPs sit at the center of the cyber extortion bullseye in the Ransomware-as-a-Service era. As custodians for hundreds of client networks, they’re not just direct targets — attackers use them as springboards to infect entire supply chains. The commoditization of ransomware means risks now ripple out faster and farther than ever before…

👉 ASCII Report Shows a Growing Need for Compliance Maturity Among MSPs

Insights from ASCII Group’s 2025 MSP Community Report highlight the growing complexity — and opportunity — facing managed service providers.

• 28% of MSPs cite time management as their biggest roadblock to scaling their business.

• Documentation software is the most unexpectedly helpful tool in the MSP toolkit, according to 26% of providers.

• A majority, 55%, identify cybersecurity threats as their greatest challenge.

Hyperproof predicted that GRC maturity will become more important than ever in 2025, and this report illustrates a convergence around compliance and the tools that support it.

Matters of time pressure, the need for rigorous documentation, and concerns around cyber risks place compliance-as-a-service solutions like Blacksmith right at the point where these roads meet for MSPs.

_{Our thanks to The ASCII Group for sharing their report.}

⚠️ Threat Updates

🔴 Salt Typhoon Espionage Campaign Deepens Impact on U.S. Telecom Infrastructure (8/6/25)

Authorities have confirmed that the China-backed Salt Typhoon APT group maintains active access to several U.S. telecom and data center providers, including Comcast and Digital Realty. Targeting lawful intercept systems and telecom infrastructure, these intrusions allow adversaries to monitor calls, texts, and metadata — even for U.S. government officials. The campaign, ongoing since 2024, leverages unpatched router and network device vulnerabilities to establish deep, persistent footholds. Security agencies warn organizations with critical telecom and internet infrastructure to audit for legacy device exploits, strengthen monitoring for unusual access, and rapidly address any configuration or patching gaps. » More Info

🔴 Surge in Ransomware-as-a-Service: Black Basta Successors Target U.S. Finance and Construction (8/1/25)

A new wave of ransomware activity is hitting U.S. financial and construction firms, led by operators linked to the dismantled Black Basta group — now reemerging as affiliates of CACTUS and BlackSuit. These actors combine sophisticated Teams-based phishing lures, email bombing, and multi-stage Rust-based malware loaders to achieve initial access and persistence. Once inside, attackers deploy backdoors like QDoor and execute lateral movement for sensitive data theft and extortion. Security teams, especially in finance, insurance, and construction, should bolster protections against social engineering, hunt for stealthy tunneling malware, and enhance user training on emerging phishing techniques. » More Info

Looking for unbiased, fact-based news? Join 1440 today.

Join over 4 million Americans who start their day with 1440 – your daily digest for unbiased, fact-centric news. From politics to sports, we cover it all by analyzing over 100 sources. Our concise, 5-minute read lands in your inbox each morning at no cost. Experience news without the noise; let 1440 help you make up your own mind. Sign up now and invite your friends and family to be part of the informed.

Subscribe to 1440 today.

🗨️ Parting Words

“Computers are like air conditioners; they stop working properly if you open Windows.”

— Frank Zappa

Are you a vCISO or MSP looking to operationalize security programs? Let’s discuss how Blacksmith Infosec proves that compliance is an opportunity, not a struggle that has to be packaged in FUD!