Awareness

What Is Brickstorm Malware?

Jan 16, 2026 Continuum GRC 0 Comment

Recently, U.S. and allied cybersecurity agencies, including CISA, the NSA, and Canada’s Centre for Cyber Security, issued a series of alerts and analysis reports warning of ongoing malicious activity associated with a sophisticated backdoor malware known as Brickstorm. This malware, attributed to state-sponsored threat actors linked to China, has demonstrated the capability to maintain long-term, stealthy access and to evade detection within targeted networks, posing significant risks to the government and critical infrastructure sectors.

Updates in the CMMC FAQs and How They Help Small Businesses

Jan 7, 2026 Continuum GRC 0 Comment

Abstract clouds on a blue field, connected with circuits

When the Department of Defense released CMMC FAQs Revision 2.1 in November 2025, the update appeared modest on the surface. Four new questions were added without changing the CMMC model or the underlying regulatory framework in 32 CFR Part 170. For organizations already fatigued by years of CMMC evolution, it would be easy to dismiss these

Importantly, each of these four additions resolves an ambiguity that many contractors had been relying on to narrow the scope, defer remediation, or justify architectural shortcuts. Collectively, they close several loopholes that organizations assumed would remain open until formal enforcement began.

This article covers each of these new FAQs, the assumptions they invalidate, and how organizations should adjust their compliance strategies accordingly.

The Cyber Threats Targeting Ohio and How GovRAMP Can Help

Dec 31, 2025 Continuum GRC 0 Comment

An abdstract red alert symbol of a triangle with an exclamation mark that says "BREACHED" underneath.

Ohio finds itself facing a rapidly escalating wave of cybersecurity threats, ones that no longer resemble the simple phishing emails or brute-force attacks of the past. Today’s threats are more deceptive, more adaptive, and more damaging. Fueled by artificial intelligence, sophisticated social engineering, and the vulnerabilities of legacy infrastructure, these attacks aim to cripple essential services, sow public distrust, and extract financial leverage from overstretched agencies.

This article explores the tactics behind these attacks, why they’re so effective, and how adopting GovRAMP-authorized cloud security offers public agencies a clear, practical, and achievable path forward.