All Posts

There’s a growing belief in some corners of industry that CMMC Level 2 can be achieved quickly by outsourcing all of the work. It’s an appealing idea, hand off the problem, get a clean bill of health, move on. But that’s not how CMMC Level 2 works. Even with strong partners, a skilled consultant, a reliable MSP, and a secure enclave, organizations still need to do the internal work. They must update processes, train staff, maintain documentation, and demonstrate that controls

A 2025 Guide for Defense Contractors and Suppliers CMMC is now fully in effect. As of November 10, 2025, the Cybersecurity Maturity Model Certification is active within the Department of Defense contracting ecosystem, and organizations across the Defense Industrial Base are expected to meet the required level of compliance. For companies that handle Federal Contract Information or Controlled Unclassified Information, this shift marks the beginning of a new standard for cybers

If you’ve already started the journey toward CMMC compliance, you know it’s not just a checkbox — it’s a commitment to securing your organization’s data, protecting your position in the defense supply chain, and future-proofing your ability to win DoD contracts. Whether you’re preparing for a formal audit or closing the final gaps in your CMMC readiness plan, this guide will walk you through what happens next, how to choose the right support, and what sets a successful submis

The Cybersecurity Maturity Model Certification (CMMC) is no longer just a government initiative — it’s a business opportunity. As the DoD begins enforcing CMMC 2.0 across contracts in 2025, thousands of small and mid-sized contractors will need help reaching and maintaining compliance. This creates a massive opportunity for Managed Service Providers (MSPs) to step in. MSPs already manage IT infrastructure, patching, access control, and endpoint protection. With the right part

The Department of Defense’s CMMC enforcement begins November 10, 2025. Learn what this milestone means, how it affects contractors, and how Cyberleaf’s four-phase approach helps you achieve compliance efficiently and at scale. The CMMC Rule Becomes Real On November 10, 2025, the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) program moves from policy to practice. Beginning this date, contracting officers can start including CMMC requirements in new

A discovery by Anton Cherepanov, a researcher at ESET, has revealed what may be the first AI-powered ransomware variant, codenamed PromptLock . This aligns with predictions that generative AI would be used this year to facilitate malicious scripts and exploits. Written in Golang, the newly identified strain uses the gpt-oss:20b  model from OpenAI locally via the Ollama API to generate malicious Lua scripts in real time. The open-weight language model was released by OpenAI e

When Governor Mike DeWine signed Ohio House Bill 96 into law on June 30, 2025, it set the stage for a major shift in how local...

On February 25, 2024, the City of Hamilton, Ontario experienced a cyberattack that disabled roughly 80 percent of its network and...

Allianz, Aflac, Caesars, MGM Resorts, Twilio, Snowflake customers, M&S, Co-Op, Harrods, Victoria's Secret, Philadelphia Insurance, Erie...