Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In our 2025 State of the Underground report, we found that 384 unique varieties of malware were sold across the top three criminal forums in 2024, a 10% increase from 349 in 2023, signifying an expansion in the underground malware marketplace. These figures reflect malware explicitly offered for sale (not shared freely), and each distinct version or naming variation is counted independently.

It’s no secret that in cybersecurity, many attacks begin with some form of “‑ishing.” But what exactly are these tactics and who’s behind them? From classic phishing emails to more advanced impersonation schemes using AI and social platforms, attackers continue to evolve their methods to exploit human behavior. Understanding the full spectrum of “‑ishing” techniques is critical for organizations looking to protect their people, data, and reputation.

In its 2025 State of the Underground report, Bitsight TRACE identified the manufacturing sector as the most targeted industry for the third consecutive year, accounting for 22% of the 4,853 cyberattacks where sector attribution was possible. Manufacturing is the backbone of global supply chains, and when a cyberattack halts operations, even just briefly, the ripple effects can be enormous. Production delays, missed shipments, and service disruptions quickly cascade across industries.

Just do it. Think different. The happiest place on earth. Nike, Apple, Disney are three iconic brands that have forever cemented themselves in our consciousness. How did they get there? A catchy slogan? A flashy logo? Sure, while slogans and logos change over time, they still make an impact. But what truly secures a brand’s reputation is trust. And trust is built over years, even decades, through consistency, authenticity, and relentless effort.

A new era in third-party cyber risk and exposure management is underway, one that operates in real time, informed by intelligence and scaled by automation. This shift wasn’t feasible even a few years ago. The scale, speed, and complexity of today’s threat landscape—spanning thousands of vendors, assets, and attack vectors—demand more than human capacity can manage. Artificial Intelligence is the catalyst making this new model possible.

For years, security frameworks have served as essential tools for aligning cybersecurity practices, but they’ve also come with limitations. Designed primarily for compliance, many frameworks are rigid by nature, sometimes to the extent of being a checklist, making them ill-suited for today’s dynamic risk environments. But the threat landscape has evolved, and so too must our approach.

A newly surfaced set of vulnerabilities in the SonicWall SMA100 series appliances has captured the attention of cybersecurity professionals. While SonicWall has released patches for CVE-2025-40596 through CVE-2025-40599, and media reports point to a surge in Akira ransomware attacks targeting SonicWall SSL VPN infrastructure, CISA has not formally confirmed exploitation of these specific vulnerabilities by Akira at this time.