What's happening at Maverc — and across the mission.
Company announcements, press mentions, and Maverc commentary on the cybersecurity stories reshaping the Defense Industrial Base and critical infrastructure.
Department of War Suspends CMMC Phase Two Assessments
DoW paused third-party CMMC assessments pending a 60-day review by a newly stood-up Reform Task Force, citing a structural gap between DIB demand and C3PAO capacity.
Maverc takeDFARS 252.204-7012 and NIST 800-171 self-attestation stay in force. Contractors should treat SPRS scores as legal instruments and close operational gaps now — read our full breakdown on the blog.
Read the storyMaverc Technologies Registered as a CMMC Registered Provider Organization (RPO)
Maverc is now formally recognized by the Cyber AB as a Registered Provider Organization, expanding advisory capacity for defense contractors preparing for CMMC Level 2 assessments.
Entra Agent ID Role Scope Flaw Enables Service Principal Takeover
A misconfigured role scope in Microsoft Entra Agent ID allowed low-privilege administrators to hijack service principals across a tenant.
Maverc takeIdentity is the perimeter. Audit Entra role assignments, restrict Application Administrator scope, and enable Conditional Access on service principal sign-ins.
Read the storyIntroducing the Maverc GCC High Migration Practice
A dedicated practice for licensing, tenant provisioning, and CMMC-aligned hardening across Microsoft 365 GCC, GCC High, Azure Government, and Azure Government Secret.
Google: Indirect Prompt Injection Attacks Rising but Unsophisticated
Google researchers report a sharp increase in prompt injection attempts against LLM-integrated products, though most attempts remain low-sophistication.
Maverc takeTreat model output as untrusted input, isolate tool-call permissions, and log every model-to-tool boundary — the standard controls still work when they are actually applied.
Read the storyTwo Security Professionals Sentenced in BlackCat Ransomware Case
Two former incident responders received multi-year federal sentences after using BlackCat ransomware against U.S. companies they had access to through their day jobs.
Maverc takeSeparation of duties, privileged access reviews, and behavioral monitoring on your own security team are not optional controls.
Read the storyMaverc Awarded Statewide Cybersecurity Services Contract
Maverc has been awarded a multi-year statewide cybersecurity services contract to deliver managed detection, identity security, and compliance advisory across public-sector agencies.
Maverc to Present at ICS Cybersecurity Miami 2026
Maverc senior operators will lead a session on OT/ICS defense for water and energy utilities, focused on segmentation, protocol-aware detection, and incident tabletop exercises.
Read the story