Blackpoint

03/26/2026

Attackers don't need to break in anymore. They log in.

That's the defining finding from Blackpoint's 2026 Annual Threat Report and this month's Inside the SOC brings it to life with three active investigations.

Our analysts will walk through:
🔍 RoadK1ll — a newly identified malware strain that traditional tools aren't built to catch. We'll show you what it looks like in real telemetry.
🔗 MSP-to-client compromise — one breached MSP became the entry point for attacks across its entire client base. We'll trace the chain and show how trusted relationships get weaponized.
☁️ AiTM attacks on cloud identity — MFA doesn't stop Adversary-in-the-Middle. It just has to wait. We saw this play out repeatedly in 2025 across Microsoft 365 environments.

No slides full of theory. Live campaigns, real compromises, straight from the SOC.

Register here: https://hubs.ly/Q048p1Ys0

01/23/2026

Kimsuky, the North Korean threat group, is stealing credentials via QR codes in its latest round of attacks. 🔎

"Nevan Beal, principal MDR Analyst at Blackpoint, explained that quishing works because it hides the malicious link within a QR image, which can slip past email defenses that are built to inspect normal clickable URLs."
- Steve Zurier, SC Media

https://hubs.ly/Q03__rFl0 |

North Koreans use quishing to steal identities on mobile devices.

01/22/2026

MSPs, are you still paying the SIEM tax? 💰

Most compliance frameworks don't actually require a heavyweight SIEM. Yet many MSPs keep absorbing a SIEM's data tax, talent tax, and noise tax anyway.

The truth: Compliance doesn't need to be complex... or expensive.

Get the full breakdown: https://hubs.ly/Q03_WXDj0 |

01/21/2026

ClickFix. Rogue RMM. VPN siege. 🔍

The threats of 2025 were defined by deception. The defense of 2026 needs to be defined by verification.

Here's what you need to know about the threat landscape right now, according to Blackpoint's recent analysis of ~2,000 on-premises incidents.

https://hubs.ly/Q03_JHV_0 |

Adversaries aren’t breaking down the door. They’re tricking users into opening it. Here’s exclusive data from Blackpoint on the cyber threats that defined 2025.

01/20/2026

APT28 is taking aim at NATO-aligned energy and defense groups, SC Media. 👇

"Andi Ursry, threat intelligence analyst at Blackpoint, said APT28 has gotten attention now because the victim set is strategic and the tradecraft works. Ursry said disposable infrastructure, realistic login pages, and region-specific lures make this kind of credential harvesting inexpensive, fast, and painful to defend against at scale."

https://hubs.ly/Q03_tvQp0 |

Active since 2004, APT28’s sustained campaign for the past year focused on credential harvesting.

01/16/2026

We're proud to see Blackpoint CEO Gagan Singh recognized by CRN as one of the 10 Biggest IT CEO Moves of 2025. 🗞️

Since taking the helm in June, Gagan has been instrumental in driving our next phase of growth, specifically regarding the evolution of our CompassOne platform.

With a background scaling giants, his focus on ex*****on is already helping our MSP partners strengthen their defenses across the entire attack surface.

https://hubs.ly/Q03_7jtR0 |

01/15/2026

What a week at ! 🙌

'Good enough' won't stop the next global outage, as Blackpoint's Manoj Srivastava explained during his panel to discuss cloud security and outage prevention.

→ 👀 Visibility: You can only defend what you can see, so attackers thrive in the blind spots of complex clouds.
→ ⏱️ Speed: The window to stop an attack is shrinking. Shift from detection to disruption.
→ 🪪 Identity: Secure access is your strongest control plane against lateral movement.
→ 🛡️ Proactive Defense: Static tools can't keep pace with AI threats.
→ 🔗 Unity: Resilience depends on unifying security architecture across all services.

Watch the full session here: https://hubs.ly/Q03-YCPY0 |

Manoj and the panel argued that as we race toward cloud-native environments, our old security models are becoming our biggest liability. It’s no longer about building higher walls — it’s about visibility, speed, and resilience.

Thank you to all the panelists for a thoughtful discussion, and to everyone who joined us at CES for sharing their perspectives on cloud security and resilience.

01/13/2026

Juggling siloed tools and drowning in alerts? Trust us — you need to watch this. 👀

https://hubs.ly/Q03-B9CQ0 |

Manoj Srivastava, Blackpoint Chief Technology & Product Officer, joins the DEMO podcast with Keith Shaw to showcase exactly how CompassOne is solving the 'silo problem' for MSPs and SMBs.

Instead of toggling between five different dashboards, Manoj demonstrates how CompassOne unifies:

→ 💻 Endpoint
→ ☁️ Cloud
→ 🔒 Compliance

Every layer lives in a single command center, giving you real-time risk scoring and actionable insights in seconds.

CIO

01/12/2026

How do you get the majority of your clients to adopt MDR in just 60 days? 👇

https://hubs.ly/Q03-n2ZL0 |

01/09/2026

Over 5,000 vulnerabilities were disclosed last month — with more than 2,300 rated high or critical. 🚨

https://hubs.ly/Q03-b-m-0 |

Several have been actively exploited and added to the CISA KEV Catalog, including flaws in WatchGuard, SonicWall, Fortinet, Cisco, and popular frameworks such as React Next.js.

Blackpoint's Adversary Pursuit Group (APG) breaks down December 2025 in the latest vulnerability review.

01/07/2026

Cyber insurance carriers have raised the bar — and alerts alone won't cut it anymore. 👇

Underwriters demand active response to stop attacks in real time. Why? Because the cost of a breach continues soaring, and an unread alert at 2:00AM could mean a massive claim.

Stop paying the 'passive tax.' Learn how to meet strict cyber insurance requirements and protect your margins.

https://hubs.ly/Q03ZMs400 |