This month, we have a ransomware technique your team needs to know about, a CMMC deadline update, and a quick note on AI tools and your controlled data.
THREAT ADVISORY: “ClickFix” – The Fake Error Message That Opens Your Network
Ransomware groups are using a tactic called “ClickFix” to breach company networks, and it is spreading rapidly. An employee visits a website and sees what appears to be a security check or a browser error. The page tells them to press Windows+R and paste a command to “fix” the problem. That command downloads malware. Because the employee runs it themselves, endpoint protection often does not catch it. Groups linked to LockBit and BlackCat have used ClickFix against U.S. organizations as recently as this week.
What you can do:
- Tell your team: no legitimate website will ever ask you to open the Run dialog and paste a command. Close the tab.
- Ask us whether PowerShell is restricted on workstations that do not need it. (It is.)
- Since we manage your CrowdStrike deployment, we are already watching for this.
Source: BleepingComputer, March 8, 2026; Microsoft Threat Intelligence, February 2026
CMMC UPDATE: Phase 2 Is Eight Months Out
On November 10, 2026, the DoD will begin requiring third-party Level 2 certifications for contracts involving CUI. If you have not started your gap assessment, the window is shrinking. Also, as of February 1, the old DFARS 7019 self-assessment clause was removed under the FAR overhaul. Your compliance obligations now run through the CMMC clause (DFARS 252.204-7021) alone. Requirements did not get lighter—they got consolidated. Reach out if you are unsure where you stand.
Sources: Summit 7, February 2026; PreVeil CMMC Timeline, February 2026
DID YOU KNOW? Free AI Chatbots and Your CUI Do Not Mix
If an employee pastes text from a controlled drawing or bid proposal into ChatGPT or another free AI tool, that data has left your environment—and you may have a compliance problem under NIST 800-171. Simple rule: if you would not email it to a stranger, do not paste it into a free chatbot. Talk to us about AI options that keep your data where it belongs.
