Triumvirate Cybersecurity

04/18/2026

Cyber threats from Iranian-backed and aligned actors have drastically increased since the end of February, and it’s not just military targets they’re hitting

Whether you’re in the defense industry, local/state government, healthcare, finance, or public utilities, it’s crucial to understand the heightened risk of nation-state and politically-motivated cyberattacks

Join us at the GoCyber Collective monthly meeting next month to learn about recent developments and how organizations can protect themselves, their clients, and their communities! More info below

Email from GoCyber Collective May Meeting: Global Tensions Ratchet Up Attacks Cyberattacks Boom During Iran War GoCyber Collective Breakfast Meeting Date: Wednesday May 20th Time: 7:30 AM - 9:15 AM Pl

04/14/2026

🤖 Did Anthropic create a real-world Ultron? The internet is abuzz with discussion about their new language model, Claude Mythos, which has not been released publicly (yet) due to its uncanny ability to discover and exploit software vulnerabilities

In this article, we discuss the model, why it’s causing concern, how organizations can stay protected, and the ways CMMC practices reinforce real-world security

https://www.triumviratecyber.org/post/claude-mythos-the-world-s-most-effective-ai-hacker

The internet is abuzz about Claude Mythos—Anthropic's new AI model which they have not released publicly due to its ability to discover and exploit vulnerabilities.

03/23/2026

While the current conflict with Iran may be playing out on a physical battlefield in the Middle East, the cyber battlefield extends right to U.S. organizations' digital front door. The security practices underpinning the CMMC program are designed specifically to protect against the types of threats we're seeing from Iranian nation-state and affiliated threat actors

If you've been delaying CMMC implementation, now is the time to dive in. Our latest post breaks down the threat landscape, how NIST SP 800-171 addresses Iran's known attack vectors, and the concrete steps you can take today to protect your organization and the broader defense supply chain

https://www.triumviratecyber.org/post/the-frontline-is-everywhere-conflict-with-iran-makes-cmmc-a-priority

Implementing the CMMC requirements helps businesses defend against threats because the cyber battlefield isn't just overseas—it extends to your digital front door.

03/20/2026

Thanks to an introduction at DO STEM Ecosystem's speed networking event, we were able to send our Founder & Cyber Compliance Wizard to Dayton Public Schools' Ruskin Elementary to talk to some sixth graders about careers in cybersecurity!

We can neither confirm nor deny that it may have been inspired by one or more students getting into some mischief on the school computers. David was able to explain that students can "use their powers for good" by becoming 𝗲𝘁𝗵𝗶𝗰𝗮𝗹 𝗵𝗮𝗰𝗸𝗲𝗿𝘀 (a.k.a. pe*******on testers & security researchers)!

03/16/2026

According to a recent report by the Government Accountability Office (GAO), as reported by Justin Doubleday at Federal News Network, the DoD needs to do more to evaluate some key risks to the ongoing security of the defense supply chain, including:

📃 𝗪𝗮𝗶𝘃𝗲𝗿𝘀 𝗳𝗼𝗿 𝗦𝗺𝗮𝗹𝗹 𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀𝗲𝘀: Despite the substantial cost burden for SMBs, widespread waivers of CMMC requirements could undermine the program's "intent to verify that companies are implementing federal cybersecurity requirements"

📈 𝗘𝗰𝗼𝘀𝘆𝘀𝘁𝗲𝗺 𝗗𝗲𝗺𝗮𝗻𝗱 & 𝗖𝗮𝗽𝗮𝗰𝗶𝘁𝘆: It's no secret that there's a significant shortage of C3PAOs and CCAs who can perform CMMC assessments. Without scaling up significantly, the program will have to rely more on waivers and self-assessments, limiting program impact on DIB security

⏱️ 𝗞𝗲𝗲𝗽𝗶𝗻𝗴 𝗥𝗲𝗾𝘂𝗶𝗿𝗲𝗺𝗲𝗻𝘁𝘀 𝗖𝘂𝗿𝗿𝗲𝗻𝘁: The current version of the CMMC program is based on NIST SP 800-171 Revision 2, but Revision 3 was published in 2024. More needs to be done to proactively address changes to the requirements and their impact on the program

Read the full article via the link below and, as always, contact us to discuss how we can help you prepare for CMMC and approach compliance with confidence!

https://federalnewsnetwork.com/cybersecurity/2026/03/dod-to-evaluate-external-cmmc-risks/

A new GAO report found the Pentagon hasn't fully fleshed out the risks of relying on the private sector to implement the CMMC program.

03/12/2026

Amidst escalating geopolitical tensions and ongoing military action, Iranian hackers are compromising admin accounts and using 𝙡𝙚𝙜𝙞𝙩𝙞𝙢𝙖𝙩𝙚 𝙩𝙤𝙤𝙡𝙨 to wreak havoc 🚨

Foundational protections like MFA, least privilege, and conditional access restrictions create effective barriers to keep threat actors from succeeding with their schemes!

March 11, 2026 19 Comments A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, sa...

02/09/2026

⚠️ 𝙇𝘼𝙎𝙏 𝘾𝙃𝘼𝙉𝘾𝙀 to register for our CMMC for the Little Guy workshop! Join us 𝗧𝗢𝗠𝗢𝗥𝗥𝗢𝗪 for this FREE event organized by GoCyber Collective!

Register here:

CMMC compliance can be difficult for small businesses. We'll address the unique challenges facing small business to achieve CMMC compliance.

02/06/2026

📅 𝗗𝗢𝗡'𝗧 𝗙𝗢𝗥𝗚𝗘𝗧: Our 𝘊𝘔𝘔𝘊 𝘧𝘰𝘳 𝘵𝘩𝘦 𝘓𝘪𝘵𝘵𝘭𝘦 𝘎𝘶𝘺 workshop is coming up on 𝗧𝘂𝗲𝘀𝗱𝗮𝘆 (𝟮/𝟭𝟬)! We're excited to be collaborating with GoCyber Collective to put on this event and we hope to see you there!

There's still time to register, if you haven't yet: https://www.eventbrite.com/e/cmmc-for-the-little-guy-how-small-businesses-can-achieve-compliance-tickets-1918047925979

01/30/2026

Don't forget: 𝙋𝙀𝙊𝙋𝙇𝙀 are an integral part of cybersecurity! 👥🔐🖥️

While this isn't explicitly a DIB-related story, it highlights the importance of 𝘀𝗰𝗿𝗲𝗲𝗻𝗶𝗻𝗴 requirements, 𝗶𝗻𝘀𝗶𝗱𝗲𝗿 𝘁𝗵𝗿𝗲𝗮𝘁 awareness, 𝗰𝗼𝗻𝗳𝗹𝗶𝗰𝘁-𝗼𝗳-𝗶𝗻𝘁𝗲𝗿𝗲𝘀𝘁 processes, and 𝗱𝗮𝘁𝗮 𝗹𝗼𝘀𝘀 𝗽𝗿𝗲𝘃𝗲𝗻𝘁𝗶𝗼𝗻 mechanisms. There's a reason Personnel Security has its own practice family within the NIST SP 800-171 requirements!

Reach out to us at Triumvirate Cybersecurity to get insights on building both the technical 𝙖𝙣𝙙 𝙖𝙙𝙢𝙞𝙣𝙞𝙨𝙩𝙧𝙖𝙩𝙞𝙫𝙚 controls to secure your company's information!

SAN FRANCISCO – A federal jury today convicted former Google software engineer Linwei Ding, also known as Leon Ding, 38, on seven counts of economic espionage and seven counts of theft of trade secrets for stealing thousands of pages of confidential information containing Google’s trade secrets ...

01/26/2026

☃️ 𝗪𝗢𝗥𝗞𝗦𝗛𝗢𝗣 𝗣𝗢𝗦𝗧𝗣𝗢𝗡𝗘𝗗! We know no one wants to be out on the roads when there's 2 feet of snow on the ground and the temperature is in the single digits (or lower)! After conferring with our friends at GoCyber Collective, we've decided that, rather than talk to an empty room or subject anyone to 𝘺𝘦𝘵 𝘢𝘯𝘰𝘵𝘩𝘦𝘳 Teams meeting, we're rescheduling our workshop for 𝗧𝘂𝗲𝘀𝗱𝗮𝘆, 𝗙𝗲𝗯𝗿𝘂𝗮𝗿𝘆 𝟭𝟬𝘁𝗵 from 1–2:30 p.m.

If you haven't registered yet or couldn't make it to at originally scheduled time, you can sign up now using the link in the comments. Stay safe and we hope to see you on 𝗙𝗲𝗯𝗿𝘂𝗮𝗿𝘆 𝟭𝟬𝘁𝗵!

01/19/2026

Just one week left until our FREE workshop on CMMC for small businesses! If you haven't registered yet, find the sign-up link in the comments!