Most MSPs don’t get popped because of some cinematic zero‑day. They get popped because one technician’s credentials are phished, a shared VPN drops them into a flat client network, and their tools do exactly what they were designed to do — only under an attacker’s control. The real perimeter isn’t the firewall anymore; it’s your […]

If you’re still leading with “unlimited support, AV, and backups” in 2026, you’re selling yesterday’s MSP. The threat landscape has shifted to identity abuse, remote‑access hijacking, and fast‑moving ransomware campaigns that treat your tools and your staff as the most efficient route into every client you touch. Security is no longer a bolt‑on SKU; it’s […]

In 2025, the United States set a new record: 3,322 reported data compromises in a single year. That is not a typo, and it is not an outlier — it is the third year in a row with more than 3,000 incidents and a 79% increase in breaches over the past five years. For all […]

A decade ago, the idea of a robot that could both bounce like an insect and fly like a drone belonged squarely in science fiction. Today, it’s a working prototype — and a preview of the next problem your physical security program is not ready for. City University of Hong Kong’s “Hopcopter” research project fused […]

Weaponizing CI/CD trust is what happens when an attacker stops trying to slip past your defenses and instead learns to speak in your own systems’ voice. Instead of fighting per‑service, they compromise the machinery that builds, signs, and ships everything you run. CI/CD stands for Continuous Integration and Continuous Delivery (or Continuous Deployment). Continuous Integration […]

Straight from Blacksmith: Listen to our discussion about the Axios attack on Get NIST-y!     Axios’ late‑March supply chain compromise turned one ubiquitous open‑source package into a delivery system for a cross‑platform RAT — and for managed service providers, it is a dress rehearsal for the next upstream software failure that ripples across every […]

The Tinder / Match Group incident is a near‑perfect case study for MSPs: a big brand, sensitive data, and an attack that rides through humans, identity, and SaaS sprawl instead of some exotic zero‑day. Used well, it can sharpen your own program and give you a concrete story to tell every SMB you serve. What […]

Designing a good compliance engagement is less about adding more tasks and more about changing the shape of the work so clients feel like they are telling a story, not doing homework. Done well, that structure also makes your delivery more consistent and scalable as an MSP. Why compliance feels like homework Most clients experience […]

Most security incidents still start with a person: a rushed click, a reused password, a file sent to the wrong place. For years, the default answer has been “more awareness training,” but that treats every employee as the same level of risk and ignores the environment they work in. A better approach is to treat […]

How business leaders and their MSPs can move from flat, fragile networks to smaller blast radiuses in 90 days — without ripping everything out. In slide decks, zero trust is all glass towers and pristine diagrams. In the real world, it looks more like an old castle that’s been expanded badly — new wings slapped […]