Ep. 2 of the Fortress Podcast, Absolutely Critical. When Risk Stops Being Red and Starts Being Real

Platform
- - AI powered platform for holistic supply chain defense.
  - Supply Chain Risk Competitors
    
    Where other platforms leave you with unanswered questions and incomplete risk profiles, Fortress delivers clarity, action, and results.
- - A2V
    
    Gain immediate vendor and assessment intelligence for informed decision making.
  - NAESAD
    
    Unite industry partners for enhanced collaboration with SBOMs, HBOMs, and more.
  - Private Catalogs
    
    Leverage private catalogs for organization-exclusive insight and use.
- - Harness validated AI to gain better insights and risk mitigation.
  - AI Monitoring for Vendor Ecosystems
    
    Uncover vendor risks with AI and streamline remediation
  - AI Monitoring for Products
    
    Leverage AI to discover and address product risks
Featured post

Q2 2025 Threat Intelligence Report

Jul 25, 2025
Commercial
- - A2V
    
    Industry leader collaborative for improved vendor and asset insights.
  - NAESAD
    
    Join forces with industry allies for improved intelligence initiatives.
- - C-SCRM
    
    Safeguard critical infrastructure from cyber threats.
  - TPRM
    
    Control and mitigate third-party supply chain risks.
  - Vulnerability Management
    
    Identify and resolve critical cyber security vulnerabilities.
  - Software Supply Chain Security
    
    Secure software from production to deployment.
  - GRC
    
    Optimize GRC workflows and response
  - PPA
    
    Gain mission-critical visibility with in-depth evaluations of your hardware and software assets with Product Provenance Assessment.
- - Overview
  - Critical Manufacturing
  - Energy and Utilities
  - Oil and Gas
Featured post

A Complete Playbook for Third-Party Risk Management

May 19, 2025
Government
- - C-SCRM
    
    Protect vital supply chain assets against nation state threats.
  - Vulnerability Management
    
    Detect and address key cybersecurity weaknesses.
  - Software Supply Chain Security
    
    Ensure safe software from government software providers.
  - PPA
    
    Gain mission-critical visibility with in-depth evaluations of your hardware and software assets with Product Provenance Assessment.
- - Overview
  - Contract Vehicles
  - Federal Contractors
  - GSA SCRIPTS
  - IDIQ
Featured post

TPRM vs C-SCRM The Differences for Public Sector Leaders

May 1, 2025
Resources
- - Blog
  - Events & Webinars
  - eBooks
  - Glossary
  - Reports
  - Whitepapers
  - Videos
  - NVD Analysis Report
  - Threat Intelligence Hub
  - Trust Center
  - Podcast
Featured post

Seven Risk Areas Addressed by SBOMs

Sep 6, 2023

Featured post

On-Demand Webinar | Updates from the CISA SBOM Working Groups

Jul 24, 2023
Company
- - Leadership
  - Careers
  - News
  - Contact
Featured post

Seven Risk Areas Addressed by SBOMs

Sep 6, 2023

Featured post

Blog | Fortress Brings Awareness to Cybersecurity at DistribuTECH International

May 18, 2022

Platform
- - AI powered platform for holistic supply chain defense.
  - Supply Chain Risk Competitors
    
    Where other platforms leave you with unanswered questions and incomplete risk profiles, Fortress delivers clarity, action, and results.
- - A2V
    
    Gain immediate vendor and assessment intelligence for informed decision making.
  - NAESAD
    
    Unite industry partners for enhanced collaboration with SBOMs, HBOMs, and more.
  - Private Catalogs
    
    Leverage private catalogs for organization-exclusive insight and use.
- - Harness validated AI to gain better insights and risk mitigation.
  - AI Monitoring for Vendor Ecosystems
    
    Uncover vendor risks with AI and streamline remediation
  - AI Monitoring for Products
    
    Leverage AI to discover and address product risks
Featured post

Q2 2025 Threat Intelligence Report

Jul 25, 2025
Commercial
- - A2V
    
    Industry leader collaborative for improved vendor and asset insights.
  - NAESAD
    
    Join forces with industry allies for improved intelligence initiatives.
- - C-SCRM
    
    Safeguard critical infrastructure from cyber threats.
  - TPRM
    
    Control and mitigate third-party supply chain risks.
  - Vulnerability Management
    
    Identify and resolve critical cyber security vulnerabilities.
  - Software Supply Chain Security
    
    Secure software from production to deployment.
  - GRC
    
    Optimize GRC workflows and response
  - PPA
    
    Gain mission-critical visibility with in-depth evaluations of your hardware and software assets with Product Provenance Assessment.
- - Overview
  - Critical Manufacturing
  - Energy and Utilities
  - Oil and Gas
Featured post

A Complete Playbook for Third-Party Risk Management

May 19, 2025
Government
- - C-SCRM
    
    Protect vital supply chain assets against nation state threats.
  - Vulnerability Management
    
    Detect and address key cybersecurity weaknesses.
  - Software Supply Chain Security
    
    Ensure safe software from government software providers.
  - PPA
    
    Gain mission-critical visibility with in-depth evaluations of your hardware and software assets with Product Provenance Assessment.
- - Overview
  - Contract Vehicles
  - Federal Contractors
  - GSA SCRIPTS
  - IDIQ
Featured post

TPRM vs C-SCRM The Differences for Public Sector Leaders

May 1, 2025
Resources
- - Blog
  - Events & Webinars
  - eBooks
  - Glossary
  - Reports
  - Whitepapers
  - Videos
  - NVD Analysis Report
  - Threat Intelligence Hub
  - Trust Center
  - Podcast
Featured post

Seven Risk Areas Addressed by SBOMs

Sep 6, 2023

Featured post

On-Demand Webinar | Updates from the CISA SBOM Working Groups

Jul 24, 2023
Company
- - Leadership
  - Careers
  - News
  - Contact
Featured post

Seven Risk Areas Addressed by SBOMs

Sep 6, 2023

Featured post

Blog | Fortress Brings Awareness to Cybersecurity at DistribuTECH International

May 18, 2022

Tags

Cybersecurity Federal Commercial

Reports

MuddyWater: Active Intrusions and Operator Tradecraft

Iranian Actors Were Inside U.S. Networks Before the Conflict Began. Here's What They Left Behind.

Two independent research teams, publishing within 24 hours of each other, confirmed the same conclusion: Seedworm (MuddyWater), an Iranian government cyber unit operating under the Ministry of Intelligence and Security, was actively embedded in U.S. and allied networks as geopolitical tensions escalated.

Confirmed targets included a U.S. bank, a U.S. airport, the Israeli operations of a U.S. defense and aerospace software supplier, and multiple NGOs, all hit within the same February 2026 campaign window.

This isn't an elevated risk posture. This is active targeting.

What's Inside the Report:

Forensic analysis of two newly documented malware families, Dindoor and Fakeset, deployed across victim networks in the U.S., Israel, Egypt, Jordan, UAE, and Portugal.

A full breakdown of MuddyWater's three custom C2 frameworks (KeyC2, PersianC2, ArenaC2) recovered directly from a live operator server, including a blockchain-based command channel that standard IP blocklists cannot disrupt.

Active CVEs are being exploited at scale, including vulnerabilities in Fortinet, Ivanti, BeyondTrust, SolarWinds N-Central, and Citrix NetScaler.

Defensive actions organized by threat category, credential attacks, data exfiltration, persistence, and destructive attack preparation, with specific detection guidance and IOCs ready for immediate operationalization.

A full MITRE ATT&CK mapping of observed tactics, techniques, and procedures.

Who Should Read This: Security operations, threat intelligence, and risk teams supporting financial services, transportation, defense contracting, federal agencies, energy, and critical manufacturing.