Explain It or Don’t Ship It: Black-Box AI vs. Regulatory Transparency
If you’ve ever had a customer ask, “Why did your system do that?” and felt your stomach drop, AI is about to make that feeling a lot more common. As more businesses plug AI into decisions about money, jobs, and risk, regulators and customers are all quietly agreeing on one new rule: if you can’t […]
Unauthenticated and Unforgiving: Why 2026’s RCE Wave Is Different
If 2025 was the year of record CVE volume — 48,185 published, up 20% from 2024 — then 2026 is the year attackers stopped waiting for credentials. The latest MetInfo CMS exploitation proves it: CVE-2026-29014, a pre-auth PHP injection flaw (CVSS 9.8) in versions 7.9–8.1, went from disclosure to active attacks by April 25, surging […]
How MSPs Can Stop Compliance From Blowing Up Client Roadmaps (And Use It to Deepen the Relationship)
Business delivery runs on market deadlines. Compliance runs on regulatory mandates. MSPs live in the collision zone between those two clocks — and the ones who get ahead of it turn a constant source of pain into a structured, billable service. Two clocks, one MSP If you support regulated clients, you’ve seen this movie. Your […]
Agentic AI Is Already Expanding Your Attack Surface in 2026
The biggest risk with agentic AI isn’t what’s coming next. It’s what’s already here. Across organizations, AI agents are quietly moving from passive assistants to active participants. They’re writing code, querying internal systems, sending messages, and triggering workflows. Not in a lab. Not in a pilot. In production. Right now. And in many cases, security […]
The MSP “Trust Surface”: Identity, VPNs, and Tenant Isolation as Your Real Perimeter
Most MSPs don’t get popped because of some cinematic zero‑day. They get popped because one technician’s credentials are phished, a shared VPN drops them into a flat client network, and their tools do exactly what they were designed to do — only under an attacker’s control. The real perimeter isn’t the firewall anymore; it’s your […]
From Break‑Fix to MDR‑First: What 2026 Threats Really Demand From MSP Stacks
If you’re still leading with “unlimited support, AV, and backups” in 2026, you’re selling yesterday’s MSP. The threat landscape has shifted to identity abuse, remote‑access hijacking, and fast‑moving ransomware campaigns that treat your tools and your staff as the most efficient route into every client you touch. Security is no longer a bolt‑on SKU; it’s […]
When 3,322 Breaches Is “Normal”: Why Boards Are Failing Cyber Governance
In 2025, the United States set a new record: 3,322 reported data compromises in a single year. That is not a typo, and it is not an outlier — it is the third year in a row with more than 3,000 incidents and a 79% increase in breaches over the past five years. For all […]
When Intruders Hop, Roll, and Fly: What Hybrid Robots Mean for Physical Security
A decade ago, the idea of a robot that could both bounce like an insect and fly like a drone belonged squarely in science fiction. Today, it’s a working prototype — and a preview of the next problem your physical security program is not ready for. City University of Hong Kong’s “Hopcopter” research project fused […]
Trust as an Attack Surface: CI/CD Compromise Explained
Weaponizing CI/CD trust is what happens when an attacker stops trying to slip past your defenses and instead learns to speak in your own systems’ voice. Instead of fighting per‑service, they compromise the machinery that builds, signs, and ships everything you run. CI/CD stands for Continuous Integration and Continuous Delivery (or Continuous Deployment). Continuous Integration […]
The Axios npm Breach: 7 Supply Chain Lessons Every MSP Can Absorb Right Now
Straight from Blacksmith: Listen to our discussion about the Axios attack on Get NIST-y! Axios’ late‑March supply chain compromise turned one ubiquitous open‑source package into a delivery system for a cross‑platform RAT — and for managed service providers, it is a dress rehearsal for the next upstream software failure that ripples across every […]