Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

bitsight

Security Alert: CVE-2025-14847 MongoDB "MongoBleed" Actively Exploited

Dec 29, 2025 By Emma Stevens In BitSight
A high-severity vulnerability, CVE-2025-14847, affecting MongoDB Server is being actively exploited in the wild with a Bitsight Dynamic Vulnerability Exploit (DVE) score of 9.71. The flaw, commonly referred to as “MongoBleed,” is an unauthenticated memory-read vulnerability caused by improper handling of zlib-compressed network message headers, which may allow attackers to read uninitialized heap memory remotely.
Read Post
bitsight

Bitsight Threat Intelligence Briefing: Top TTPs Leveraged by Threat Actors in 2025

Dec 22, 2025 By Emma Stevens In BitSight
As the global cyber threat landscape evolves, adversaries continue to refine and adapt their tactics. Bitsight threat intelligence indicates that there are several tactics, techniques, and procedures (TTPs) that are most commonly and consistently leveraged by threat actors. These attacks are not isolated; they’re systemic.
Read Post

Continuous Vendor Risk Monitoring: Real-Time Cyber Risk Visibility with Bitsight

Dec 19, 2025 By Bitsight In BitSight
Gain real-time visibility into cyber risks across your entire vendor ecosystem with Bitsight Continuous Monitoring. Continuously track third- and fourth-party security performance, uncover hidden vulnerabilities, and identify high-risk changes before they impact your business. Powered by the industry’s most comprehensive cyber risk data, Bitsight helps security and GRC teams respond faster to critical threats—including zero-day vulnerabilities—while improving vendor collaboration and strengthening overall supply chain resilience.
View Video
bitsight

CVE-2025-55182: First Days of React2Shell Exploitations

Dec 18, 2025 By João Godinho In BitSight
On December 3rd Lachlan Davidson disclosed an unauthenticated remote code execution vulnerability in React Server Components (RSC) that exploits how React.js (and Next.js) decodes payloads sent to React Server Function endpoints. On December 4th we started observing fingerprinting attempts for these vulnerabilities and on December 5th we started observing exploitation attempts. React.js is used by 66% of the global digital supply, in the top 0.06% of all technologies.
Read Post
bitsight

Practitioner Insight: 4 Best Practices for Supply Chain Risk Resilience in Finance

Dec 16, 2025 By Greg Keshian In BitSight
Like any other global industry, financial services companies face tremendous challenges of scale and complexity when it comes to managing cyber risk across their digital supply chain. The financial services supply chain is composed of more than 1.6M third-party relationships across the industry ecosystem.
Read Post

Reimagining Third-Party Risk: How Framework Intelligence Transforms Compliance

Dec 12, 2025 By Bitsight In BitSight
30% of data breaches come from third parties. That number is accelerating—and it’s why smarter, connected risk management has never been more critical. In our latest “F” Word webinar, Bitsight SVP of Product Management Vanessa Jankowski shared how forward-thinking teams are reimagining third-party risk management with Bitsight Framework Intelligence—turning compliance from a static checklist into a real-time intelligence engine.
View Video

Evolving Your Cyber Framework: From Checklists to Intelligence Engines

Dec 12, 2025 By Bitsight In BitSight
Risk isn’t static—so why should your frameworks be? In this clip from The “F” Word webinar, Vanessa Jankowski shares how Bitsight Framework Intelligence helps organizations move beyond checkbox compliance to proactive risk mitigation. By automating control mapping and enriching frameworks with real-time exposure data, Bitsight empowers teams to anticipate threats, not just respond to them. When frameworks evolve into intelligence engines, risk mitigation becomes faster, smarter, and measurable.
View Video

Bitsight TRACE: State of the Underground: What's Lurking Beneath the Surface of Cybercrime

Dec 12, 2025 By Bitsight In BitSight
Cyber risk doesn’t start at your network’s edge—it starts in the underground. In just 34 seconds, discover how Bitsight shines a light on hidden threats, providing organizations with unmatched visibility into the evolving cybercrime ecosystem.
View Video
bitsight

It's 2 AM. Do You Know Which AIs Your MCP Server Is Talking To?

Dec 11, 2025 By João Cruz In BitSight
When Anthropic dropped the Model Context Protocol (MCP) in late 2024, it felt like the missing puzzle piece for AI tooling: a standard way for Large Language Models (LLMs) to talk to data sources, APIs, and pretty much anything else you can think of. Think of it as a USB-C port for AI, as the protocol’s creators like to say. But like most shiny new standards, the devil’s in the details.
Read Post
bitsight

Unsubscribed Doesn't Mean Disconnected: The Persistent Risk of Calendar Domains

Dec 10, 2025 By Emma Stevens In BitSight
We trust our devices to keep our lives organized, from reminders and appointments to birthdays and holidays. But behind that convenience lies an invisible risk. Every time you subscribe to an external calendar, you may be granting an unknown third party the ability to send events directly to your device for as long as the subscription remains active.
Read Post
bitsight

Security Alert: CVE-2025-66478 & CVE-2025-55182 (React2Shell) - Next.js React Server Components Remote Code Execution

Dec 4, 2025 By Emma Stevens In BitSight
A critical vulnerability, CVE-2025-66478, has been identified in Next.js applications using React Server Components (RSC) with the App Router. This vulnerability receives a CVSS score of 10.0 and a Bitsight Dynamic Vulnerability Exploit (DVE) score of 7.85. This vulnerability may allow remote code execution (RCE) when affected servers process attacker-controlled RSC requests. CVE-2025-66478 is tied to an upstream React issue (CVE-2025-55182–DVE score 9.15) affecting the RSC protocol implementation.
Read Post
bitsight

Paying the Ransom: A Short-Term Fix or Long-Term Risks?

Dec 3, 2025 By Emma Stevens In BitSight
According to our 2025 State of the Underground report, ransomware attacks rose by nearly 25% in 2024, and the number of ransomware group leak sites jumped 53%. This surge sets the stage for a critical question: if compromised, should you pay ransomware demands or not? The stakes are enormous, including downtime, data loss, brand damage, and legal risk all hang in the balance.
Read Post
bitsight

Making DORA Strategy Practical: What Cybersecurity Leaders Need to Succeed in 2026

Dec 2, 2025 By Raquel Oliveira In BitSight
For many cybersecurity teams, the race to comply with the Digital Operational Resilience Act (DORA) is well underway, but clarity and confidence remain elusive. With enforcement set to take effect in January 2026, the countdown is on for financial institutions and their ICT providers to prove that they can withstand and recover from digital disruptions. The regulation sets high expectations for cross-functional coordination, ICT risk oversight, third-party accountability, and real-time monitoring.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.