Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When people talk about AI security risks, the conversation usually starts with the model. Can it be jailbroken? Can someone get around the guardrails? Can an attacker make it say or do something it should not? Those are fair questions, but they are not the most important ones. The bigger risk is not the model on its own: it’s everything the model is connected to.

Phorpiex, also known as Trik, is a resilient and long-running botnet with a history dating back to 2011. While it has grabbed some headlines, its sustained presence and adaptability make it a subject of ongoing concern for the cybersecurity community. Phorpiex has consistently demonstrated its capability to evolve, shifting from a pure spam operation to a sophisticated platform.

Each year, the threat environment changes, and the way we measure cyber risk has to keep up. Attackers adjust quickly. At the same time, organizations add cloud services, SaaS applications, and third parties to their environments. That makes it harder to maintain a stable, external measure of security performance. At Bitsight, the Ratings Algorithm Update (RAU) is one of the major initiatives that helps keep the Bitsight Security Rating a reliable indicator of security performance.

A supply chain compromise that impacted the Python package LiteLLM, with malicious versions 1.82.7 and 1.82.8 was published to PyPI on March 24, 2026. Bitsight Threat Intelligence, public reporting and vendor disclosures indicate the malicious releases included credential harvesting, Kubernetes-focused lateral movement, and persistence mechanisms, creating serious risk for cloud-native and AI-related environments that installed or ran the affected versions.

Domains are foundational to digital trust. You visit your favorite online store or log in to your email without thinking twice about the web address in your browser. But what happens if that domain has been hijacked and you have just entered your personal information into an attacker’s trap?

For years, security leaders were asked a simple question: are we secure? Today, that question is harder to answer. Boards, regulators, insurers, and customers want proof of resilience: assurance that organizations understand their exposure, are prioritizing the right work, and are reducing risk over time.

AI security tools are no longer just defensive layers. They are high value targets being studied, fingerprinted, and bypassed much like traditional endpoint detection and response (EDR) platforms and antivirus solutions were in their early days. The speed and scale at which these tools are being deployed makes reactive defense increasingly unsustainable.

According to a 2024 report from IoT Analytics, there were 16.6 billion Internet of Things (IoT) connected devices at the end of 2023, and that number is expected to grow to 41.1 billion by 2030. This means an increased attack surface for malicious actors to take advantage of, especially given that the security posture of the vendors that provide these devices varies greatly.

The automotive industry is changing faster than ever, with smarter factories, connected vehicles, digital supply chains, and software-driven everything. But as the industry accelerates into this new era, something else is racing alongside it: cyber threats. Over the past year, Bitsight Threat Intelligence data has shown a sharp rise in ransomware activity targeting companies across the auto ecosystem. And what’s striking is how often the same names keep appearing.

When threat actors compromise your vendors, they are rarely aiming for a single, isolated win. They are looking for leverage. Every third party represents a potential force multiplier: a trusted connection, a shared platform, a pathway into multiple downstream environments. We recently looked at the vulnerabilities that are most commonly being used against vendors, but vulnerabilities alone don’t tell the full story.

Over the past year, Bitsight TRACE has identified 14,220 unique internet-exposed Open Platform Communications Unified Architecture (OPC UA) servers globally. Given OPC UA's critical role as a communication backbone for modern industrial control systems (ICS) across numerous sectors, this level of exposure warrants a closer look. Our analysis reveals that over half (51.74%) of these devices allow unauthenticated access, while 80.26% transmit data in plaintext without encryption or integrity protection.

Organizations are facing a complicated and unwieldy cybersecurity perimeter due to the sprawling web of third-party dependencies that now account for 30% of all data breaches. This network of interconnected applications and infrastructure gives threat actors an opportunity through an extended attack surface to exploit organizations. Attackers are also moving faster by leveraging AI to weaponize zero-day vulnerabilities in days rather than weeks, and most organizations remain dangerously behind the curve.