Netizen Blog and News

The Netizen team sharing expertise, insights and useful information in cybersecurity, compliance, and software assurance.

recent posts

about

  • Why Every Small Business Should Care About CMMC 2.0

    Why Every Small Business Should Care About CMMC 2.0

    For many years, cybersecurity requirements in the defense sector were often seen as a burden for large prime contractors. Small and mid-sized businesses (SMBs) supplying parts, services, or technology to those contractors were rarely expected to meet the same level of scrutiny. That has changed. With the rollout of CMMC 2.0, the Department of Defense’s Cybersecurity Maturity Model Certification, every business in the defense supply chain is now accountable for how it protects sensitive data.

    For decision-makers, the question is no longer if CMMC 2.0 applies to your organization, but how soon it will affect your ability to compete for contracts.

    What CMMC 2.0 Actually Is

    CMMC 2.0 is the DoD’s updated framework for securing both Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). It replaces a system of self-attestation that too often failed to protect sensitive defense data with a tiered certification model requiring proof of compliance.

    The framework has three levels:

    • Level 1 (Foundational): Designed for companies that only handle FCI. Requires implementation of basic cyber hygiene practices (think access control, antivirus, and patching) and annual self-assessment.
    • Level 2 (Advanced): Required for companies that handle CUI. Maps directly to all 110 controls in NIST SP 800-171. Contracts will specify whether a third-party audit (via a C3PAO) is required or if a self-assessment is sufficient.
    • Level 3 (Expert): Reserved for the most sensitive programs. Goes beyond NIST 800-171 and requires direct audits by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC).

    The new DFARS rule, effective November 10, 2025, allows CMMC requirements to begin appearing in contracts. A three-year phased rollout will expand coverage until nearly all defense contracts handling FCI or CUI require CMMC compliance.

    Why Small Businesses Can’t Ignore It

    For SMBs, the impact is significant. Prime contractors are now legally required to flow down compliance obligations to subcontractors. That means even if your business is a tier-two or tier-three supplier, such as a machining shop, a staffing provider, or a managed IT firm, you will still need to demonstrate compliance.

    Failure to comply will not just risk penalties; it will likely disqualify your business from new defense contracts and may cause prime contractors to avoid working with you. In a competitive environment, compliance is rapidly becoming a baseline requirement to stay in the supply chain.

    Even outside defense, the trend is clear: industries from finance to healthcare increasingly look for partners that can prove compliance with recognized standards. Achieving CMMC alignment positions your business as a trusted partner, opening doors beyond DoD contracting.

    Business Risks of Non-Compliance

    For decision-makers weighing the cost of implementation, consider the risk profile of inaction:

    • Lost Revenue: Non-compliance will mean disqualification from DoD contracts. For many SMBs, even losing a single defense customer could be financially devastating.
    • Legal and Regulatory Exposure: Mishandled CUI can lead to False Claims Act liability, contract clawbacks, or suspension from government contracting.
    • Reputational Damage: Data breaches involving defense-related information attract media and regulatory attention. Demonstrating CMMC compliance shows diligence to customers and partners.
    • Operational Disruption: Breaches aren’t just theoretical—they can halt production, expose customer data, and lead to long recovery times. Compliance reduces this risk.

    The Cost of Compliance

    Implementing CMMC 2.0 is not just about buying new tools. It requires policies, processes, documentation, and cultural change. Even small businesses with limited IT staff must address:

    • Access Controls: Who can see what, and why?
    • Asset Management: A complete inventory of systems and data that touch CUI.
    • Incident Response: Documented and tested plans for handling breaches.
    • Configuration Management: Ensuring systems are patched, hardened, and monitored.
    • Vendor Oversight: Third-party providers must also meet compliance expectations.

    These investments can feel heavy for SMBs, but the alternative, lost contracts and higher risk exposure, carries far greater cost.

    Practical Next Steps for Small Business Leaders

    Decision-makers should treat CMMC 2.0 as a board-level priority, not just an IT issue. Steps to take now include:

    1. Identify Scope: Determine whether your organization handles FCI, CUI, or both. This defines which CMMC level applies.
    2. Map Data Flows: Document where sensitive information resides, who accesses it, and how it moves across systems and networks.
    3. Conduct a Pre-Assessment: Engage a qualified provider to identify gaps against NIST SP 800-171 and CMMC requirements. This prevents surprises during an official audit.
    4. Budget for Remediation: Allocate funds not just for technology, but also for policy development, staff training, and ongoing monitoring.
    5. Choose Trusted Partners: If you rely on Managed Service Providers (MSPs) or cloud services, ensure they can demonstrate compliance at the level required by your contracts.

    Why Acting Early Matters

    With the phased rollout, some SMBs may assume they can wait. That is a mistake. Early adopters will have a competitive advantage, demonstrating readiness to primes and contracting officers. Those who wait risk scrambling to close gaps under tight deadlines, often at far higher cost.

    How Netizen Can Help with your CMMC Readiness

    Meeting the requirements of CMMC 2.0 can feel overwhelming, especially for small and mid-sized businesses that don’t have dedicated compliance teams. Netizen helps bridge that gap by providing CMMC pre-assessments that give your organization a clear picture of where you stand today. Our process identifies gaps against NIST SP 800-171 and CMMC requirements, maps data flows, and delivers a prioritized remediation roadmap so you can address issues before an official audit.

    As an ISO 27001, ISO 20000-1, ISO 9001, and CMMI Level III certified Service-Disabled Veteran-Owned Small Business, Netizen combines technical depth with proven compliance expertise. We’ve built a reputation for guiding organizations in government, defense, and commercial sectors through complex regulatory landscapes with practical, actionable recommendations.

    If your business is preparing for CMMC, partnering with Netizen ensures you take the right first step. Start the conversation today and approach compliance with confidence.

  • Lessons Learned From the Largest Software Supply Chain Incidents

    Lessons Learned From the Largest Software Supply Chain Incidents

    The software supply chain has become one of the most attractive targets for attackers, and organizations must take special care to safeguard it. The risks are no longer theoretical, several of the largest breaches in the past decade demonstrate how vulnerable modern development and delivery pipelines can be.

    Increasing Attack Surface

    Today, industries from finance to healthcare, logistics to defense, depend on software at every layer of their operations. But with the speed and scale of software production increasing, so too does the attack surface.

    The pressure to innovate has led organizations to adopt cloud-first architectures, CI/CD pipelines, and open-source code at record pace. This acceleration has made the supply chain a prime target for attackers who can exploit trust at any link to achieve widespread compromise.

    Case Studies of Supply Chain Incidents

    The SolarWinds Orion Compromise (2020)

    The SolarWinds attack remains one of the most significant software supply chain breaches on record. Between March and June 2020, attackers inserted a backdoor known as SUNBURST (or Solorigate) into updates for SolarWinds’ Orion IT management platform. Those updates were digitally signed and distributed to as many as 18,000 customers.

    The backdoor lay dormant for nearly two weeks after installation before quietly communicating with attacker infrastructure. Once active, it enabled lateral movement and data theft.

    Although thousands of customers downloaded the tainted updates, U.S. officials later confirmed that nine federal agencies, including the Departments of Treasury, Commerce, and Homeland Security, and around 100 private-sector organizations were directly compromised.

    The attack highlighted how trust in routine software updates could be turned into a global espionage campaign. It also prompted CISA to issue Emergency Directive 21-01, ordering federal agencies to disconnect compromised Orion instances immediately.

    Equifax (2017)

    The Equifax breach, which exposed sensitive data of nearly 150 million Americans, stemmed from a failure to patch a known Apache Struts vulnerability. Though not a supply chain attack in the classic sense, it proved the devastating impact of lagging software maintenance and patching across widely used components.

    Okta Support System Breach (2023)

    Okta’s 2023 incident reinforced the dangers of third-party exposure. Attackers accessed its Support Case Management system, leading to compromises of customer data. For many organizations, this raised alarms about how much risk lies not just in their own development processes but in the services and vendors they depend on.

    Why Supply Chains Are Attractive Targets

    Attackers understand that compromising one link can provide access to hundreds, or thousands, of downstream victims. Updates and open-source packages come with an implicit assumption of trust. Once attackers weaponize that trust, the scale of compromise can far exceed traditional intrusion methods.

    Modern pressures, such as widespread adoption of generative AI coding assistants, are introducing fresh risks. While GenAI accelerates development, it also creates blind spots in code provenance and quality, another layer attackers may exploit.

    Safeguarding the Software Supply Chain

    Vendor vetting: Organizations must conduct ongoing reviews of their vendors, including software bills of materials (SBOMs) and third-party security practices. This should extend to GenAI coding tools, which must be assessed for transparency, data usage, and quality of generated code.

    Careful use of open source: Open-source projects should be evaluated against frameworks like the OpenSSF Scorecard, SPDX, or OpenVEX to ensure security hygiene. Automated Software Composition Analysis (SCA) tools are vital for detecting known vulnerabilities and malicious packages.

    Secure CI/CD pipelines: Embedding security throughout design, development, testing, and deployment prevents vulnerabilities from slipping downstream. Automated scans, access controls, and continuous monitoring of CI/CD pipelines reduce the risk of widespread compromise.

    Preparedness: Organizations need playbooks for rapid patching and incident response. As SolarWinds showed, delays in reacting to supply chain intrusions can magnify the damage significantly.

    How Netizen Can Help Strengthen Your Software Supply Chain

    The recent surge in supply chain incidents like SolarWinds highlights that even the most trusted systems can become conduits for attackers. Protecting against these threats requires more than patch management—it demands continuous monitoring, vendor oversight, and integrated defenses across development pipelines.

    Netizen delivers these capabilities through our 24x7x365 Security Operations Center, advanced vulnerability assessments, and compliance-driven security engineering. Through these offerings, we help government, defense, and commercial organizations build resilience against the evolving supply chain threat landscape.

    As an ISO 27001, ISO 20000-1, ISO 9001, and CMMI Level III certified Service-Disabled Veteran-Owned Small Business, we provide both technical depth and compliance assurance. Our “CISO-as-a-Service” offering gives organizations executive-level cybersecurity expertise at a fraction of the cost of hiring in-house, ensuring you stay ahead of both regulatory requirements and emerging attack techniques.

    If you’re looking to secure your software supply chain and protect your business from cascading risks, partner with Netizen. Start the conversation today and gain the confidence that your security is built in, not bolted on.

  • NETIZEN EARNS 2025 EXCELLENCE IN INTERNSHIPS AWARD FROM NORTHAMPTON COMMUNITY COLLEGE (NCC)

    NETIZEN EARNS 2025 EXCELLENCE IN INTERNSHIPS AWARD FROM NORTHAMPTON COMMUNITY COLLEGE (NCC)

    Allentown, PA: Netizen Corporation, an ISO 27001, ISO 9001, ISO 20000-1, and CMMI Level 3 certified Veteran-Owned provider of cybersecurity and related solutions for defense, government, and commercial customers worldwide, has been awarded the 2025 Excellence in Internships Award by Northampton Community College (NCC) at a special Employer Appreciation and Engagement Breakfast event in Bethlehem, PA. This award recognizes the extraordinary degree of internship, job shadowing, and career placement opportunities that Netizen has created for NCC students over the past several years through a unique industry partnership program.

    Netizen takes great pride in its relationships with NCC and other partners in higher education around the country. Specialized work-study internships and jointly created market-based educational programs with such institutions ensure students receive relevant career guidance and paid work experience while simultaneously completing their programs of classroom study. This creates a pipeline of highly qualified talent which companies can leverage to bridge current hiring and skill gaps in the job market. Additionally, exploratory activities such as job shadowing and career panels inform prospective students on the benefits of various academic programs and give a sense of what to expect working for a company like Netizen upon graduation.

    Jill Tobin, Director of Experiential Leaning and Internships at NCC, stated that “Netizen has been an outstanding employer partner. I could tell you how wonderful they are, but I’ll let the numbers to speak for themselves. Since 2022, Netizen had 46 students apply for internships, 8 of them were selected, and 4 were hired and continue working there today. They also hosted 13 job shadow participants, participated in all our job fairs since 2023, and have participated in mock interviews on campus. These numbers speak volumes to the support and opportunities Netizen has provided for NCC students.”

    Michael Hawkins, Netizen’s CEO, added “this award means a lot to us as it is proof that such partnerships benefit both the employer and the institution immensely. At Netizen, we aim to provide market-oriented educational opportunities for entry level training and continuous learning in technology fields by collaborating with institutions like NCC. Here we have paid interns at various stages of completion in their academic programs treated as regular employees working under the direct mentorship and close supervision of industry experts. They receive hands-on experience with actual customers, tools, processes, and systems as part of a structured professional development plan that is unique in its melding of classroom learning, career advisory, and on-the-job training.” He also stated that community colleges like NCC are among the most cost effective, relevant, and expeditious routes for people seeking employment or advancement in high-demand information technology roles, regardless of their current background.

    About Netizen Corporation:
    Founded in September 2013, Netizen is a highly specialized provider of cybersecurity and related technology solutions. The company, a Small Business Administration (SBA) certified Service-Disabled Veteran Owned Business (SDVOSB), is headquartered in Allentown, PA with additional offices and staff locations in Virginia (DC Metro), South Carolina (Charleston), and Florida. Netizen holds ISO 27001, ISO 9001, ISO 20000-1, and CMMI Level III SVC registrations demonstrating the maturity of its operations.

    In addition to being recognized as one of the fastest-growing businesses in the U.S. three times by Inc. Magazine in their annual “Inc. 5000” list of the nation’s most successful companies, Netizen has also been named a national “Best Workplace” by Inc. Magazine, a multiple awardee of the U.S. Department of Labor HIRE Vets Platinum Medallion for Veteran hiring and training, a Greater Lehigh Valley Chamber of Commerce Business of the Year and Veteran-Owned Business of the Year, and a recipient of dozens of other awards for innovation, community involvement, and growth.

    Netizen operates a state-of-the-art 24x7x365 Security Operations Center (SOC) in Allentown, PA that delivers comprehensive cybersecurity monitoring solutions for both government and commercial clients. Their service portfolio also includes cybersecurity assessments and advisory, software assurance, penetration testing, cybersecurity engineering, and compliance audit support. They specialize in serving organizations that operate within some of the world’s most highly sensitive and tightly regulated environments where unwavering security, strict compliance, technical excellence, and operational maturity are non-negotiable requirements. Their proven track record in these domains positions them as the premier trusted partner for organizations where technology reliability and security cannot be compromised.

    Learn more at https://www.Netizen.net.  

    About Northampton Community College (NCC):
    Since its establishment in 1967, Northampton Community College is where area residents turn to earn a degree, access workforce training, learn new leisure activities and bring their children for enrichment. NCC prides itself on its expansive breadth of programs and commitment to student success and access. It offers a highly engaging, collaborative and entrepreneurial environment to learn and develop.More than 20,000 students a year are served by NCC through for-credit, community and professional education offerings. These programs provide students with the education and training they need to enter and advance in the workforce, earn their degree or to continue their studies at a four-year college or university.

    Learn more at https://www.northampton.edu/

    FOR IMMEDIATE RELEASE:                              POINT OF CONTACT:
    September 18, 2025                                              Tristan Boheim
                                                                                   Account Executive
                                                                                   Phone: 1-800-450-1773  
                                                                                   Email:   press@Netizen.net

  • Cybersecurity Risks of AI-Generated Code: What You Need to Know

    Cybersecurity Risks of AI-Generated Code: What You Need to Know

    Could AI be your next security blind spot? As artificial intelligence continues to reshape software development, tools that generate code from natural language prompts are speeding up delivery timelines and lowering barriers for non-developers. But beneath the surface lies a growing problem: AI-generated code often introduces hidden cybersecurity risks. If left unchecked, these vulnerabilities can create backdoors into production systems, putting sensitive data and compliance obligations at risk.

    Why AI-Generated Code Poses Security Challenges

    Traditional secure coding practices rely on peer review, static analysis, and developer expertise. AI code generation bypasses much of this process, pulling from massive datasets that may contain outdated, insecure, or non-compliant code. This creates three primary challenges: lack of transparency in where code comes from, limited accountability for security flaws, and the rapid spread of insecure coding patterns across environments.

    Organizations adopting AI in software development often find that productivity gains are quickly offset by security weaknesses if code is not audited against standards like OWASP ASVS or NIST SSDF.

    Common Cybersecurity Risks in AI-Generated Code

    Insecure Defaults

    AI models tend to generate code that prioritizes ease of execution over secure configuration. This often results in weak cryptographic choices, open ports, and missing input validation—all of which attackers can exploit.

    Reproduction of Known Vulnerabilities

    Since AI is trained on publicly available code, it can unknowingly replicate vulnerable functions that already exist in CVE databases. This reintroduces old risks into new systems, creating exploitable weaknesses.

    Compliance Gaps

    Code suggested by AI rarely aligns with regulatory frameworks like PCI DSS, HIPAA, or FedRAMP. Without human oversight, organizations risk deploying software that violates compliance requirements and audit expectations.

    Supply Chain and Fileless Risks

    AI-generated utilities and scripts can seamlessly blend into production environments, evading detection. If integrated into supply chains, insecure dependencies spread across multiple systems, amplifying the attack surface.

    Mitigation Strategies for Secure AI Development

    Enforce Rigorous Code Review

    Every piece of AI-generated code should be reviewed with the same rigor as human-written code. Manual review, combined with static and dynamic analysis tools, can catch unsafe defaults and misconfigurations before deployment.

    Adopt AI-Aware Security Testing

    Organizations should expand testing to cover AI-specific risks. This includes fuzzing, vulnerability scans, and targeted penetration testing aimed at logic flaws that AI-generated code may introduce.

    Apply Secure Coding Standards in CI/CD

    Integrating frameworks like OWASP ASVS and NIST SSDF into CI/CD pipelines helps flag weak AI-generated code before it reaches production. This reduces reliance on manual checks and standardizes security across teams.

    Train Developers on AI Risks

    Secure coding training should now include modules on AI-generated code. Developers need to understand both the benefits and risks of AI tools, and how to critically evaluate outputs for hidden flaws.

    Building a Security-First AI Development Culture

    The future of AI in software engineering will not be defined by speed alone. Organizations that prioritize security culture—embedding AI cybersecurity practices into every stage of development—will be better positioned to balance innovation with safety. AI can accelerate development timelines, but without structured oversight, it risks embedding systemic vulnerabilities into business-critical systems.

    Companies that align AI adoption with DevSecOps practices, compliance frameworks, and proactive security validation can gain the benefits of AI without exposing themselves to avoidable breaches.

    How Can Netizen Help?

    Founded in 2013, Netizen is an award-winning technology firm that develops and leverages cutting-edge solutions to create a more secure, integrated, and automated digital environment for government, defense, and commercial clients worldwide. Our innovative solutions transform complex cybersecurity and technology challenges into strategic advantages by delivering mission-critical capabilities that safeguard and optimize clients’ digital infrastructure. One example of this is our popular “CISO-as-a-Service” offering that enables organizations of any size to access executive level cybersecurity expertise at a fraction of the cost of hiring internally. 

    Netizen also operates a state-of-the-art 24x7x365 Security Operations Center (SOC) that delivers comprehensive cybersecurity monitoring solutions for defense, government, and commercial clients. Our service portfolio includes cybersecurity assessments and advisory, hosted SIEM and EDR/XDR solutions, software assurance, penetration testing, cybersecurity engineering, and compliance audit support. We specialize in serving organizations that operate within some of the world’s most highly sensitive and tightly regulated environments where unwavering security, strict compliance, technical excellence, and operational maturity are non-negotiable requirements. Our proven track record in these domains positions us as the premier trusted partner for organizations where technology reliability and security cannot be compromised.

    Netizen holds ISO 27001, ISO 9001, ISO 20000-1, and CMMI Level III SVC registrations demonstrating the maturity of our operations. We are a proud Service-Disabled Veteran-Owned Small Business (SDVOSB) certified by U.S. Small Business Administration (SBA) that has been named multiple times to the Inc. 5000 and Vet 100 lists of the most successful and fastest-growing private companies in the nation. Netizen has also been named a national “Best Workplace” by Inc. Magazine, a multiple awardee of the U.S. Department of Labor HIRE Vets Platinum Medallion for veteran hiring and retention, the Lehigh Valley Business of the Year and Veteran-Owned Business of the Year, and the recipient of dozens of other awards and accolades for innovation, community support, working environment, and growth.

    Looking for expert guidance to secure, automate, and streamline your IT infrastructure and operations? Start the conversation today.

  • ShinyHunters: Evolution of a Data Theft Syndicate

    ShinyHunters: Evolution of a Data Theft Syndicate

    ShinyHunters first appeared in 2020 as a financially motivated cybercriminal group. Their early operations revolved around large-scale credential theft and database exploitation. The group gained immediate notoriety by targeting major platforms like Tokopedia (91 million records), Wishbone, Microsoft’s GitHub repositories, and Wattpad (270 million records). By selling stolen information on underground forums, they quickly became one of the most active players in the data-breach economy.

    ShinyHunters were also linked to leaks from services like Pluto TV, Nitro PDF, Pixlr, Animal Jam, and more. Beyond breaches, they held influence in the cybercriminal ecosystem by running iterations of BreachForums, one of the most prominent platforms for trading stolen data.

    Expansion into High-Value Targets

    Between 2021 and 2024, ShinyHunters scaled their operations, moving beyond consumer platforms and into critical service providers. Notable victims included AT&T Wireless (affecting over 110 million customers), Santander Bank, and Ticketmaster. Their association with the Snowflake data-theft campaign cemented their reputation as a group willing to target enterprise systems and supply chains to maximize impact.

    By late 2024, law enforcement pressure intensified. Several members and associates were arrested in France and Morocco, leading to speculation that the group had been disrupted. Yet, ShinyHunters re-emerged in 2025 with significantly more sophisticated tactics.

    2025 Salesforce Campaign

    The group’s most ambitious operation to date surfaced in 2025, with a sweeping attack campaign against Salesforce CRM platforms. This campaign impacted global enterprises such as Google, Adidas, Cisco, Qantas Airways, Allianz Life, and LVMH subsidiaries (Louis Vuitton, Dior, Tiffany & Co.).

    Attack Methodology

    1. Initial Access via Vishing
      ShinyHunters shifted focus from pure technical exploits to social engineering. Using spoofed calls, fake IT personas, and urgency tactics, they tricked employees into granting access to Salesforce connected apps.
    2. OAuth Abuse
      Victims were guided into authorizing malicious Salesforce connected apps disguised as tools like “My Ticket Portal.” These apps requested elevated API permissions, granting ShinyHunters persistent access tokens that bypassed multi-factor authentication.
    3. API Exploitation and Data Theft
      Using Salesforce REST APIs, attackers ran bulk SOQL queries, pulling customer records, PII, and business intelligence data at scale. Logs show that their malicious apps consistently retrieved data volumes of ~2.3 MB per request, evading detection by blending with normal traffic.
    4. Obfuscation
      Data exfiltration traffic was routed through Mullvad VPN and Tor, frustrating forensic investigations and complicating attribution.
    5. Lateral Movement
      Compromised credentials and OAuth tokens were leveraged to pivot into other integrated platforms, including Okta, Microsoft 365, and Meta Workplace. This expanded the scope of stolen data beyond Salesforce.

    Collaboration with Scattered Spider

    Evidence suggests a tactical partnership between ShinyHunters and Scattered Spider (UNC3944/Octo Tempest). Both groups are tied to a larger collective known as “The Com,” which specializes in social engineering, SIM swapping, and large-scale fraud. Infrastructure overlaps, phishing domain patterns, and stylistic similarities in vishing scripts indicate close collaboration.

    Impact on Victims

    The campaign had wide-ranging consequences:

    • Google confirmed theft of small and medium business contact information from its Salesforce instance.
    • Qantas Airways reportedly paid a ransom of 4 Bitcoin (~$400,000) to prevent data leakage.
    • LVMH luxury brands saw their customer databases compromised, highlighting attackers’ focus on high-value industries.
    • Other enterprises like Adidas, Cisco, Allianz Life, and Chanel also confirmed or investigated breaches.

    Monetization and Extortion

    ShinyHunters employ a delayed extortion model. After exfiltrating data, ransom demands—ranging from $400,000 to $2.3 million—are issued weeks later. While some companies resisted, others paid to prevent public leaks. Analysts warn that ShinyHunters may soon launch a dedicated leak site to escalate pressure.

    Enterprises using SaaS platforms like Salesforce must harden their defenses with OAuth governance, behavioral monitoring, phishing-resistant MFA, and employee training to mitigate these advanced campaigns.

    How Can Netizen Help?

    Founded in 2013, Netizen is an award-winning technology firm that develops and leverages cutting-edge solutions to create a more secure, integrated, and automated digital environment for government, defense, and commercial clients worldwide. Our innovative solutions transform complex cybersecurity and technology challenges into strategic advantages by delivering mission-critical capabilities that safeguard and optimize clients’ digital infrastructure. One example of this is our popular “CISO-as-a-Service” offering that enables organizations of any size to access executive level cybersecurity expertise at a fraction of the cost of hiring internally. 

    Netizen also operates a state-of-the-art 24x7x365 Security Operations Center (SOC) that delivers comprehensive cybersecurity monitoring solutions for defense, government, and commercial clients. Our service portfolio includes cybersecurity assessments and advisory, hosted SIEM and EDR/XDR solutions, software assurance, penetration testing, cybersecurity engineering, and compliance audit support. We specialize in serving organizations that operate within some of the world’s most highly sensitive and tightly regulated environments where unwavering security, strict compliance, technical excellence, and operational maturity are non-negotiable requirements. Our proven track record in these domains positions us as the premier trusted partner for organizations where technology reliability and security cannot be compromised.

    Netizen holds ISO 27001, ISO 9001, ISO 20000-1, and CMMI Level III SVC registrations demonstrating the maturity of our operations. We are a proud Service-Disabled Veteran-Owned Small Business (SDVOSB) certified by U.S. Small Business Administration (SBA) that has been named multiple times to the Inc. 5000 and Vet 100 lists of the most successful and fastest-growing private companies in the nation. Netizen has also been named a national “Best Workplace” by Inc. Magazine, a multiple awardee of the U.S. Department of Labor HIRE Vets Platinum Medallion for veteran hiring and retention, the Lehigh Valley Business of the Year and Veteran-Owned Business of the Year, and the recipient of dozens of other awards and accolades for innovation, community support, working environment, and growth.

    Looking for expert guidance to secure, automate, and streamline your IT infrastructure and operations? Start the conversation today.

  • Netizen: Monday Security Brief (9/15/2024)

    Netizen: Monday Security Brief (9/15/2024)

    Today’s Topics:

    • Hackers Leak 600 GB of Data on China’s Great Firewall
    • FBI Warns of Hackers Targeting Salesforce to Steal Corporate Data
    • How can Netizen help?

    Hackers Leak 600 GB of Data on China’s Great Firewall

    On September 11, 2025, what is being described as the largest leak tied to the Great Firewall of China surfaced online. Nearly 600 GB of data, including source code, internal communications, work logs, and technical documentation, was published by the hacktivist group Enlace Hacktivista, the same collective linked to the Cellebrite data leak.

    The leaked material is believed to come from Geedge Networks and the MESA Lab at the Chinese Academy of Sciences’ Institute of Information Engineering, two organizations central to developing and maintaining China’s censorship infrastructure. Geedge was founded in 2018 under Fang Binxing, widely known as the “Father of the Great Firewall,” and has worked closely with MESA researchers to advance censorship capabilities.

    The data, distributed via BitTorrent and direct links, includes a massive 500 GB archive of an RPM packaging server, as well as compressed document sets from Geedge and MESA. These contain thousands of internal reports, project descriptions, and technical proposals. Analysts have already flagged filenames such as BRI.docx and CPEC.docx that suggest ties to Belt and Road Initiative projects and international collaborations.

    Project management records, communication drafts, and even routine administrative files point to the scale and bureaucracy of the censorship effort. The repository of software packages shows that the Great Firewall operates much like any large enterprise software system, with packaging servers and code repositories supporting day-to-day operations.

    According to the documents, the reach of these programs extends well beyond China. The leaked files suggest that censorship and surveillance technologies have been exported to governments in Myanmar, Pakistan, Ethiopia, Kazakhstan, and other countries connected to the Belt and Road Initiative.

    The material also offers a timeline of how MESA grew after its 2012 founding through talent programs, research grants, and contracts. By 2016, it was handling projects worth tens of millions of yuan annually. When Geedge was launched in 2018, it quickly became a key partner to Chinese authorities and an exporter of surveillance solutions.

    The scale of this breach is unusual. Unlike prior leaks that involved small sets of emails or whistleblower documents, this trove is an extensive collection of raw operational data that tracks years of development. Experts note it will take months to analyze the source code, but even the project records already confirm long-suspected details about how China’s censorship system is built, maintained, and expanded abroad.

    Hacktivists caution that anyone examining the archives should do so in isolated environments due to the possibility of embedded malware or tracking mechanisms. For researchers and rights groups, though, the leak provides an unprecedented opportunity to study how the Great Firewall functions and how its influence extends internationally.

    Analysts at Net4People and the GFW Report are continuing to examine the source code and documents. More findings are expected in the coming weeks. For now, this leak represents a rare, large-scale glimpse into one of the world’s most sophisticated censorship systems and its export to partners abroad.

    FBI Warns of Hackers Targeting Salesforce to Steal Corporate Data

    The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations’ Salesforce environments to steal sensitive data and extort victims.

    According to the advisory, both groups have recently used different techniques to infiltrate Salesforce platforms, enabling them to exfiltrate corporate information. The FBI shared indicators of compromise (IOCs), including suspicious user agent strings, IP addresses, and URLs, to help defenders identify malicious activity and strengthen security controls.

    The first cluster, UNC6040, was originally disclosed by Mandiant in June 2025. Since late 2024, these actors have relied heavily on vishing and social engineering tactics, impersonating IT support staff to trick employees into connecting malicious Salesforce Data Loader OAuth apps to company accounts. One variant, branded “My Ticket Portal,” provided attackers with persistent access once authorized.

    With OAuth permissions in place, the attackers were able to mass-exfiltrate Salesforce data, primarily the “Accounts” and “Contacts” tables that store customer information. The stolen data was later leveraged by the ShinyHunters extortion group, which attempted to pressure victims into ransom payments.

    High-profile companies including Google, Adidas, Cisco, Allianz Life, Qantas, Louis Vuitton, Dior, and Tiffany & Co. were among those impacted by these early campaigns.

    A newer wave of activity, tracked as UNC6395, surfaced in August 2025. In these intrusions, attackers leveraged stolen Salesloft Drift OAuth and refresh tokens to access Salesforce instances and extract support case data. Investigators say this campaign likely ran between August 8 and 18.

    Support cases often contained highly sensitive information such as AWS keys, Snowflake tokens, and customer passwords. By extracting this data, attackers could pivot into other cloud environments for deeper compromise.

    Salesloft confirmed that its GitHub repositories were breached as far back as March, allowing attackers to steal Drift OAuth tokens. In response, Salesforce and Salesloft revoked all active Drift tokens and required customers to reauthenticate.

    The campaign also involved misuse of Drift Email tokens, which allowed access to a small number of Google Workspace email accounts.

    Well-known security and tech companies, including Cloudflare, Zscaler, Tenable, CyberArk, Elastic, BeyondTrust, Proofpoint, JFrog, Nutanix, Qualys, Rubrik, Cato Networks, and Palo Alto Networks, were among those reportedly affected.

    While the FBI did not formally attribute the campaigns, members of ShinyHunters told BleepingComputer they were involved, along with actors identifying as “Scattered Lapsus$ Hunters.” These groups claim to have overlap with Lapsus$ and Scattered Spider, two cybercrime gangs known for aggressive extortion.

    On Thursday, the hackers announced via a BreachForums-linked domain that they planned to “go dark” and stop publicizing operations on Telegram. However, in a final post, they claimed to have accessed the FBI’s E-Check background check system and Google’s Law Enforcement Request system, publishing screenshots as proof.

    If authentic, this level of access could allow impersonation of law enforcement and unauthorized retrieval of sensitive records.

    How Can Netizen Help?

    Founded in 2013, Netizen is an award-winning technology firm that develops and leverages cutting-edge solutions to create a more secure, integrated, and automated digital environment for government, defense, and commercial clients worldwide. Our innovative solutions transform complex cybersecurity and technology challenges into strategic advantages by delivering mission-critical capabilities that safeguard and optimize clients’ digital infrastructure. One example of this is our popular “CISO-as-a-Service” offering that enables organizations of any size to access executive level cybersecurity expertise at a fraction of the cost of hiring internally. 

    Netizen also operates a state-of-the-art 24x7x365 Security Operations Center (SOC) that delivers comprehensive cybersecurity monitoring solutions for defense, government, and commercial clients. Our service portfolio includes cybersecurity assessments and advisory, hosted SIEM and EDR/XDR solutions, software assurance, penetration testing, cybersecurity engineering, and compliance audit support. We specialize in serving organizations that operate within some of the world’s most highly sensitive and tightly regulated environments where unwavering security, strict compliance, technical excellence, and operational maturity are non-negotiable requirements. Our proven track record in these domains positions us as the premier trusted partner for organizations where technology reliability and security cannot be compromised.

    Netizen holds ISO 27001, ISO 9001, ISO 20000-1, and CMMI Level III SVC registrations demonstrating the maturity of our operations. We are a proud Service-Disabled Veteran-Owned Small Business (SDVOSB) certified by U.S. Small Business Administration (SBA) that has been named multiple times to the Inc. 5000 and Vet 100 lists of the most successful and fastest-growing private companies in the nation. Netizen has also been named a national “Best Workplace” by Inc. Magazine, a multiple awardee of the U.S. Department of Labor HIRE Vets Platinum Medallion for veteran hiring and retention, the Lehigh Valley Business of the Year and Veteran-Owned Business of the Year, and the recipient of dozens of other awards and accolades for innovation, community support, working environment, and growth.

    Looking for expert guidance to secure, automate, and streamline your IT infrastructure and operations? Start the conversation today.

  • Understanding Your CUI Boundary for CMMC Compliance

    Understanding Your CUI Boundary for CMMC Compliance

    As CMMC requirements begin appearing in defense contracts, organizations, particularly small and mid-sized businesses, face the difficult task of preparing for audits by a Certified Third-Party Assessor Organization (C3PAO). Compliance requires a serious reevaluation of how data, systems, and people interact across the enterprise. One of the most important steps before scheduling an audit is defining your Controlled Unclassified Information (CUI) boundary. Without this, your organization risks falling short before the assessment even begins.

    Defining Scope

    Before a CMMC Level 2 assessment, your organization must define and document the systems and services within scope. This step goes well beyond creating a simple inventory. It requires demonstrating an understanding of what CUI you have, where it is stored, how it is processed, where it flows across your environment, and who has access to it at every stage. In practice, this means creating a map of your information environment that shows how critical data moves, who touches it, and what technologies safeguard it.

    Your boundary must encompass every part of the environment that interacts with CUI. This includes physical infrastructure, cloud platforms, virtual systems, identity and access management tools, and any other services that handle sensitive information. Organizations should also take time to classify assets. These include systems that store CUI directly, technologies that defend or monitor CUI systems, specialized devices such as OT or IoT equipment that cannot easily be isolated, and systems that are truly out of scope. This classification allows you to make defensible scoping decisions and gives auditors confidence that your assessment will be accurate.

    It is during this stage that many organizations make mistakes. For example, contractors sometimes assume email servers are out of scope even though they transmit CUI, or they overlook a managed service provider that backs up data containing CUI. Others may ignore IoT or OT devices that cannot easily be patched or segmented. These oversights can derail an assessment quickly, which is why scoping must be both thorough and well-documented.

    What is CUI?

    Controlled Unclassified Information (CUI) refers to government-related data that requires safeguarding but does not meet the threshold for classification. It can include personally identifiable information, critical infrastructure data, proprietary business details, blueprints, and technical specifications. The CUI Registry defines the categories, but each organization must identify the exact types of CUI it handles and show how that information moves through its systems. A diagram of CUI flow is particularly valuable, since it highlights how information enters, where it is stored, how it is processed, and where it exits the organization.

    Including Cloud and Managed Service Providers

    Your CUI boundary should not be limited to systems under direct control. Many organizations rely on cloud service providers (CSPs) or managed service providers (MSPs), and these third parties are always in scope if they touch CUI or affect its security. Any CSP hosting or transmitting CUI must either hold a FedRAMP Moderate authorization or demonstrate equivalency. Similarly, any MSP with remote access, control over configurations, responsibility for backups, or other influence over the confidentiality, integrity, or availability of CUI must be included in your System Security Plan (SSP).

    It is also important to understand the shared responsibility model when working with these providers. A CSP may be FedRAMP authorized, but your organization is still responsible for how user accounts, access controls, and monitoring are configured. If these responsibilities are not clearly defined in your SSP, auditors may find gaps that count against your organization.

    Equally important is verifying the compliance posture of these partners. If an MSP has not passed a third-party audit, their shortcomings will count against your own assessment. Even changes in their toolsets or systems can trigger the need for reassessment, introducing both cost and delay.

    Segmentation and Boundary Protections

    Once your CUI boundary is established, you must also demonstrate how it is protected. This often means implementing network segmentation to isolate CUI systems from general IT environments, enforcing strict access controls, and monitoring points where CUI enters or leaves the network. Without these safeguards, a well-drawn boundary can still fail under scrutiny.

    Documentation and Evidence

    Defining a boundary is not enough on its own, auditors expect detailed documentation. At a minimum, this includes a System Security Plan (SSP) with diagrams of CUI flow, asset inventories, classification justifications, and network maps showing segmentation. These artifacts provide evidence that your scoping decisions are defensible and help teams maintain compliance as environments evolve.

    Next Steps

    Defining your CUI boundary is one of the earliest and most decisive steps in preparing for CMMC compliance. A weak or incomplete scope almost guarantees failure in front of auditors, while a thorough, well-documented one establishes the foundation for a smoother assessment.

    Organizations that succeed at this step do so by taking the time to map their information flow, account for every system and provider that touches CUI, classify assets in a way that supports defensible decisions, and document how the boundary is both defined and protected. They also recognize that scoping is not a one-time exercise. Major changes in infrastructure, vendors, or toolsets require re-scoping to remain compliant.

    Getting this right ensures the rest of your compliance journey is built on solid ground and positions your business to compete for defense contracts without avoidable setbacks.

    How Can Netizen Help?

    Founded in 2013, Netizen is an award-winning technology firm that develops and delivers innovative cybersecurity and technology solutions for government, defense, and commercial clients worldwide. Our mission is to transform complex security and compliance challenges into strategic advantages by safeguarding and optimizing digital infrastructure. One example is our “CISO-as-a-Service” offering, which enables organizations of any size to access executive-level cybersecurity expertise at a fraction of the cost of hiring internally.

    Netizen operates a state-of-the-art 24x7x365 Security Operations Center (SOC) and provides a full suite of services including vulnerability assessments, penetration testing, software assurance, managed detection and response, and compliance advisory. For organizations preparing for CMMC, we currently provide CMMC pre-assessments to help contractors evaluate their readiness, map gaps against requirements, and build a remediation roadmap before undergoing a third-party audit. This proactive approach allows companies to address deficiencies early and approach certification with greater confidence.

    Our organization holds ISO 27001, ISO 9001, ISO 20000-1, and CMMI Level III SVC certifications, demonstrating the maturity of our own operations. We are also a Service-Disabled Veteran-Owned Small Business (SDVOSB) recognized by the U.S. Small Business Administration, and we’ve been named to the Inc. 5000 and Vet 100 lists of the fastest-growing private companies in the nation. Netizen has been recognized as a national “Best Workplace” by Inc. Magazine and is a multi-year recipient of the U.S. Department of Labor’s HIRE Vets Platinum Medallion for veteran hiring and retention.

    If your organization is preparing for CMMC compliance, Netizen can help you start with a clear picture of your current state. Our pre-assessments provide the guidance needed to plan effectively, reduce risks of failed audits, and ensure long-term alignment with DoD cybersecurity requirements.

    Looking for expert guidance to secure, automate, and streamline your IT infrastructure and operations? Start the conversation today.

  • The History of CMMC

    The History of CMMC

    The Cybersecurity Maturity Model Certification (CMMC) has become one of the most significant compliance requirements for companies operating within the Defense Industrial Base (DIB). Contractors across the supply chain are now being asked not only if they are compliant, but how quickly they can prove it. Understanding where CMMC came from and how it has evolved provides valuable context for organizations preparing to meet the latest requirements.

    Early Foundations

    The roots of CMMC stretch back to 2010, when Executive Order 13556 formally established the concept of Controlled Unclassified Information (CUI). The order defined what constitutes CUI and laid the groundwork for consistent handling requirements across government and industry.

    By 2017, defense contractors were already expected to comply with NIST SP 800-171, a set of 110 security controls designed to protect CUI. Under this model, contractors could self-attest to their compliance, but it quickly became clear that self-attestation did not provide the level of assurance the Department of Defense (DoD) required.

    The Birth of CMMC

    In 2019, the DoD announced the Cybersecurity Maturity Model Certification as a way to strengthen accountability and verification. The idea was to move beyond self-attestation and introduce third-party assessments where necessary.

    The first formal version, CMMC 1.0, arrived in November 2020 alongside an interim DFARS rule that added new clauses (252.204-7019 and 252.204-7020). These required contractors to post their NIST SP 800-171 self-assessment scores in the Supplier Performance Risk System (SPRS). CMMC 1.0 included five maturity levels ranging from Basic to Advanced Cyber Hygiene. While Level 1 was intended for contractors handling only Federal Contract Information (FCI), higher levels applied to organizations dealing with CUI.

    Streamlining to CMMC 2.0

    By November 2021, the DoD responded to industry feedback by introducing CMMC 2.0. The model reduced complexity by consolidating the five levels down to three:

    • Level 1 (Foundational): Focused on protecting FCI with basic practices, allowing for annual self-assessment and affirmation.
    • Level 2 (Advanced): Built directly on the 110 NIST SP 800-171 requirements. Depending on the solicitation, this level may require either a self-assessment or a third-party assessment by a Certified Third-Party Assessor Organization (C3PAO).
    • Level 3 (Expert): Intended for the most sensitive defense programs, this level requires controls beyond NIST 800-171 and audits performed by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC).

    Rulemaking and Finalization

    The DoD began the formal rulemaking process in 2023 under Title 32 and Title 48 of the Code of Federal Regulations. After extensive reviews and public feedback, the final program rule for CMMC was published on October 15, 2024, and became effective on December 16, 2024. This rule formally codified the structure of CMMC 2.0.

    A second rule followed on September 10, 2025, when the DoD published a final DFARS rule making CMMC a contractual requirement. That DFARS rule is scheduled to take effect on November 10, 2025. Beginning then, solicitations can include DFARS clauses such as 252.204-7021 and 252.204-7025, specifying the CMMC level required. Contractors that cannot meet the designated level at the time of award risk being deemed ineligible.

    What Has Changed for Contractors

    Under the most recent rules, CMMC requirements will be phased into contracts over a three-year period, with gradual expansion until full application across the DIB. The rule also introduces the option for Plans of Action and Milestones (POA&Ms) at Levels 2 and 3. Contractors can achieve conditional certification while closing gaps, but remediation must be completed within 180 days or the certification will lapse.

    Service providers remain in scope of a contractor’s audit if they process, store, transmit, or can affect the security of CUI systems. While these providers may not be required to hold independent certification in every case, contractors are strongly advised to work with C3PAO-validated partners. If a provider lacks sufficient security controls, it can still impact the outcome of the contractor’s assessment.

    Looking Ahead

    CMMC has evolved from an idea in 2019 into a fully codified requirement now tied directly to DoD contracting. What began as a five-level model has been streamlined to three, but the intent remains the same: to enforce stronger protection of CUI and Federal Contract Information across the entire defense supply chain.

    For contractors, the path forward is clear. Compliance is no longer optional, and preparation must begin well before contracts are awarded. Mapping CUI boundaries, documenting controls, engaging with accredited C3PAOs, and selecting trustworthy service providers are now baseline requirements for maintaining eligibility in the defense market.

    CMMC’s history shows how quickly compliance expectations can shift. Its future will continue to shape the way the defense industrial base approaches cybersecurity, risk management, and trust with the Department of Defense.

    How Can Netizen Help?

    Founded in 2013, Netizen is an award-winning technology firm that develops and delivers innovative cybersecurity and technology solutions for government, defense, and commercial clients worldwide. Our mission is to transform complex security and compliance challenges into strategic advantages by safeguarding and optimizing digital infrastructure. One example is our “CISO-as-a-Service” offering, which enables organizations of any size to access executive-level cybersecurity expertise at a fraction of the cost of hiring internally.

    Netizen operates a state-of-the-art 24x7x365 Security Operations Center (SOC) and provides a full suite of services including vulnerability assessments, penetration testing, software assurance, managed detection and response, and compliance advisory. For organizations preparing for CMMC, we currently provide CMMC pre-assessments to help contractors evaluate their readiness, map gaps against requirements, and build a remediation roadmap before undergoing a third-party audit. This proactive approach allows companies to address deficiencies early and approach certification with greater confidence.

    Our organization holds ISO 27001, ISO 9001, ISO 20000-1, and CMMI Level III SVC certifications, demonstrating the maturity of our own operations. We are also a Service-Disabled Veteran-Owned Small Business (SDVOSB) recognized by the U.S. Small Business Administration, and we’ve been named to the Inc. 5000 and Vet 100 lists of the fastest-growing private companies in the nation. Netizen has been recognized as a national “Best Workplace” by Inc. Magazine and is a multi-year recipient of the U.S. Department of Labor’s HIRE Vets Platinum Medallion for veteran hiring and retention.

    If your organization is preparing for CMMC compliance, Netizen can help you start with a clear picture of your current state. Our pre-assessments provide the guidance needed to plan effectively, reduce risks of failed audits, and ensure long-term alignment with DoD cybersecurity requirements.

    Looking for expert guidance to secure, automate, and streamline your IT infrastructure and operations? Start the conversation today.

  • Hidden Prompts in Images Threaten Gemini, Vertex AI, and Other Platforms

    Hidden Prompts in Images Threaten Gemini, Vertex AI, and Other Platforms

    Researchers at Trail of Bits have unveiled a novel attack that leverages image downscaling artifacts to perform hidden prompt injections against large language models (LLMs). The attack embeds malicious instructions into high-resolution images that appear harmless to the human eye but become visible when the image is downscaled, a process most AI systems perform automatically for efficiency.

    This allows attackers to execute prompt injections without the user’s knowledge, potentially leading to data exfiltration, unauthorized tool execution, or manipulation of outputs across AI platforms.

    How the Attack Works

    When users upload images into AI systems, the images are often downscaled using algorithms like nearest neighbor, bilinear, or bicubic interpolation. These resampling methods unintentionally introduce aliasing artifacts, which attackers can exploit by carefully crafting pixel arrangements.

    In practice:

    • The full-resolution image looks benign.
    • Once downscaled, hidden instructions appear (for example, dark areas shifting to red and text appearing in black).
    • The AI model interprets the hidden text as part of the user’s instructions and executes it.

    Trail of Bits demonstrated this by exfiltrating Google Calendar data via Gemini CLI using Zapier MCP with trust=True. The attack required no user confirmation since the tool calls were automatically approved.

    Affected Platforms

    The researchers confirmed that their attack is feasible against multiple production AI systems, including:

    • Google Gemini CLI
    • Vertex AI Studio (Gemini backend)
    • Gemini’s web interface and API
    • Google Assistant (Android)
    • Genspark

    To aid reproducibility, they released Anamorpher, an open-source tool capable of generating crafted images for different downscaling algorithms.

    Why This Works: The Image-Scaling Blind Spot

    This attack builds on earlier academic research (2020, TU Braunschweig) that described the possibility of image-scaling attacks in machine learning. While originally focused on computer vision, Trail of Bits weaponized the idea for multi-modal prompt injection.

    The vulnerability arises because:

    1. AI systems enforce fixed image sizes, making downscaling inevitable.
    2. Interpolation creates predictable patterns that attackers can reverse-engineer.
    3. Users see the high-resolution input, but the LLM sees the downscaled version, creating a mismatch between perception and processing.

    Security Implications

    The attack is particularly dangerous because it exploits a fundamental preprocessing step in AI pipelines rather than relying on a single bug. It highlights:

    • A mismatch between what the user sees and what the model processes.
    • The risk of silent prompt injection hidden inside non-textual data.
    • The potential for cross-system exploitation, as the same crafted image may work against multiple AI systems using similar algorithms.

    This expands the attack surface for AI, particularly in multi-modal systems that handle both text and images.

    Mitigation Strategies

    Trail of Bits recommends several defensive measures:

    1. Avoid automatic downscaling when possible; enforce fixed input dimensions instead.
    2. Preview the downscaled image to users so they can see what the model sees.
    3. Require explicit confirmation for sensitive tool calls, especially if hidden text is detected within images.
    4. Adopt secure design patterns that mitigate prompt injection across modalities, rather than patching single attack vectors.

    How Can Netizen Help?

    Founded in 2013, Netizen is an award-winning technology firm that develops and leverages cutting-edge solutions to create a more secure, integrated, and automated digital environment for government, defense, and commercial clients worldwide. Our innovative solutions transform complex cybersecurity and technology challenges into strategic advantages by delivering mission-critical capabilities that safeguard and optimize clients’ digital infrastructure. One example of this is our popular “CISO-as-a-Service” offering that enables organizations of any size to access executive level cybersecurity expertise at a fraction of the cost of hiring internally. 

    Netizen also operates a state-of-the-art 24x7x365 Security Operations Center (SOC) that delivers comprehensive cybersecurity monitoring solutions for defense, government, and commercial clients. Our service portfolio includes cybersecurity assessments and advisory, hosted SIEM and EDR/XDR solutions, software assurance, penetration testing, cybersecurity engineering, and compliance audit support. We specialize in serving organizations that operate within some of the world’s most highly sensitive and tightly regulated environments where unwavering security, strict compliance, technical excellence, and operational maturity are non-negotiable requirements. Our proven track record in these domains positions us as the premier trusted partner for organizations where technology reliability and security cannot be compromised.

    Netizen holds ISO 27001, ISO 9001, ISO 20000-1, and CMMI Level III SVC registrations demonstrating the maturity of our operations. We are a proud Service-Disabled Veteran-Owned Small Business (SDVOSB) certified by U.S. Small Business Administration (SBA) that has been named multiple times to the Inc. 5000 and Vet 100 lists of the most successful and fastest-growing private companies in the nation. Netizen has also been named a national “Best Workplace” by Inc. Magazine, a multiple awardee of the U.S. Department of Labor HIRE Vets Platinum Medallion for veteran hiring and retention, the Lehigh Valley Business of the Year and Veteran-Owned Business of the Year, and the recipient of dozens of other awards and accolades for innovation, community support, working environment, and growth.

    Looking for expert guidance to secure, automate, and streamline your IT infrastructure and operations? Start the conversation today.

  • Microsoft September 2025 Patch Tuesday Fixes 81 Flaws, Two Publicly Disclosed Zero-Days

    Microsoft September 2025 Patch Tuesday Fixes 81 Flaws, Two Publicly Disclosed Zero-Days

    Microsoft’s September 2025 Patch Tuesday delivers fixes for 81 vulnerabilities, including two publicly disclosed zero-days. Nine flaws are classified as critical, with five involving remote code execution, one tied to information disclosure, and two to elevation of privilege.

    Breakdown of Vulnerabilities

    • 41 Elevation of Privilege vulnerabilities
    • 22 Remote Code Execution vulnerabilities
    • 16 Information Disclosure vulnerabilities
    • 2 Security Feature Bypass vulnerabilities
    • 3 Denial of Service vulnerabilities
    • 1 Spoofing vulnerability

    These totals do not include earlier fixes for three Azure flaws, one Dynamics 365 FastTrack Implementation Assets flaw, two Mariner bugs, five Microsoft Edge issues, and one Xbox vulnerability. Non-security updates released this month include Windows 11 KB5065426 and KB5065431, and Windows 10 KB5065429.

    Zero-Day Vulnerability

    CVE-2025-55234 | Windows SMB Elevation of Privilege Vulnerability

    This vulnerability can be exploited through relay attacks. Depending on configuration, an attacker could relay SMB sessions and gain elevated privileges. Microsoft recommends enabling SMB Server Signing and Extended Protection for Authentication (EPA) to mitigate risk, though both may introduce compatibility issues with older devices. September updates introduce new auditing capabilities to help administrators assess client compatibility with SMB hardening.

    CVE-2024-21907 | Newtonsoft.Json Denial of Service Vulnerability in SQL Server

    This flaw arises from mishandling exceptional conditions in Newtonsoft.Json prior to version 13.0.1. Passing crafted data to the JsonConvert.DeserializeObject method can trigger a StackOverflow exception, causing denial of service. Updates for SQL Server now integrate the patched Newtonsoft.Json library. This vulnerability was originally disclosed in 2024.

    Other Critical Vulnerabilities

    Microsoft also patched multiple remote code execution flaws across Windows components and Microsoft Office, as well as high-severity information disclosure and privilege escalation vulnerabilities. These issues remain attractive targets for attackers and should be prioritized in patching schedules.

    Adobe and Other Vendor Updates

    Other vendors issuing security updates in September 2025 include:

    • Adobe: Patched a Magento flaw called “SessionReaper” impacting eCommerce sites
    • Argo: Fixed an Argo CD bug allowing low-privileged tokens to access repository credentials
    • Cisco: Released updates for WebEx, Cisco ASA, and related products
    • Google: Issued September Android updates addressing 84 flaws, including two zero-days under active exploitation
    • SAP: Released updates across multiple products, including a maximum-severity command execution flaw in NetWeaver
    • Sitecore: Addressed an actively exploited zero-day tracked as CVE-2025-53690
    • TP-Link: Confirmed a zero-day in certain router models, with patches in development for US customers

    Recommendations for Users and Administrators

    Organizations should prioritize applying patches for systems using SMB Server and SQL Server given the public disclosure of both zero-days. Administrators are advised to test and enable SMB Server Signing and EPA where possible and use the new auditing capabilities to prepare for enforcement. SQL Server deployments should be updated to versions incorporating Newtonsoft.Json 13.0.1 or later.

    Security teams should also review vendor advisories from Adobe, Cisco, Google, SAP, and Sitecore, particularly where vulnerabilities are confirmed to be under active attack.

    How Can Netizen Help?

    Founded in 2013, Netizen is an award-winning technology firm that develops and leverages cutting-edge solutions to create a more secure, integrated, and automated digital environment for government, defense, and commercial clients worldwide. Our innovative solutions transform complex cybersecurity and technology challenges into strategic advantages by delivering mission-critical capabilities that safeguard and optimize clients’ digital infrastructure. One example of this is our popular “CISO-as-a-Service” offering that enables organizations of any size to access executive level cybersecurity expertise at a fraction of the cost of hiring internally. 

    Netizen also operates a state-of-the-art 24x7x365 Security Operations Center (SOC) that delivers comprehensive cybersecurity monitoring solutions for defense, government, and commercial clients. Our service portfolio includes cybersecurity assessments and advisory, hosted SIEM and EDR/XDR solutions, software assurance, penetration testing, cybersecurity engineering, and compliance audit support. We specialize in serving organizations that operate within some of the world’s most highly sensitive and tightly regulated environments where unwavering security, strict compliance, technical excellence, and operational maturity are non-negotiable requirements. Our proven track record in these domains positions us as the premier trusted partner for organizations where technology reliability and security cannot be compromised.

    Netizen holds ISO 27001, ISO 9001, ISO 20000-1, and CMMI Level III SVC registrations demonstrating the maturity of our operations. We are a proud Service-Disabled Veteran-Owned Small Business (SDVOSB) certified by U.S. Small Business Administration (SBA) that has been named multiple times to the Inc. 5000 and Vet 100 lists of the most successful and fastest-growing private companies in the nation. Netizen has also been named a national “Best Workplace” by Inc. Magazine, a multiple awardee of the U.S. Department of Labor HIRE Vets Platinum Medallion for veteran hiring and retention, the Lehigh Valley Business of the Year and Veteran-Owned Business of the Year, and the recipient of dozens of other awards and accolades for innovation, community support, working environment, and growth.

    Looking for expert guidance to secure, automate, and streamline your IT infrastructure and operations? Start the conversation today.