Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In October 2025, researchers uncovered a phishing operation that weaponizes the npm ecosystem, but this time not to infect developers at install time, but rather to host and deliver phishing scripts via the trusted unpkg.com CDN.

Artificial intelligence (AI) is quickly transforming the workplace as we know it. According to a recent Forbes article, many organizations will move from experimenting with Generative AI to making it a fundamental part of their business—transforming essential functions from human resources to customer service and supply chain management. Data analysis that used to take hours can now be done in minutes with ChatGPT.

CYJAX has expanded its ransomware group coverage, giving clients broader visibility and faster intelligence on emerging threats. This blog highlights the surge in global ransomware attacks and explains how this product update enhances organisational resilience in an evolving threat landscape.

CSPM tools thrived by making cloud posture issues easy to find, but posture alone didn’t stop breaches. The market evolved into CNAPP – uniting posture, runtime, identity, and shift‑left – to deliver protection, not just visibility. DSPM is on the same trajectory: discovery and classification at rest are necessary but insufficient, especially as AI fragments data into shareable snippets that evade label‑centric controls.

The real horror story is happening inside SOCs every single day. Analysts are buried alive under endless alerts. Silent screams when critical threats slip through. Empty chairs as burnout claims another teammate. Here are the five nightmares every SOC analyst knows too well — and how Torq HyperSOC turns them from never-ending sequels into closed cases.

At Bitsight, one of the responsibilities of the Vulnerability Research team is to develop fingerprinting methods to not only identify exposed services, but also vulnerabilities in those services. When it comes to detecting vulnerabilities, there are increased challenges depending on the complexity of both the vulnerability and the vulnerable service.

Even the best-prepared teams can stumble when an information security (IS) issue surfaces; the real risk isn’t just the incident itself, but how quickly and clearly your employees know what to do next. When an alert goes off, every second counts: Who do they call? Which system do they isolate? What’s the escalation path? Without a well-defined, practiced response plan, confusion can spread faster than the threat.

In traditional cybersecurity, Security Posture Management (SPM) is an essential discipline. Organizations routinely monitor their cloud configurations, SaaS applications, and infrastructure for misconfigurations and vulnerabilities that could expose them to threats. It’s a recognition of a fundamental truth that even the most sophisticated security systems are only as strong as they’re configured to be.

Imagine a company ordering new Android phones for their sales team. Without the right management solution in place, the IT team would spend hours (sometimes days) unboxing each phone, setting it up, downloading company apps, and repeating the same steps over and over again. The risk? delayed device rollouts and wasted time and energy.

When the Federal Financial Institutions Examination Council (FFIEC) released its Cybersecurity Assessment Tool (CAT) in 2015, it became the industry standard for evaluating cyber readiness. ‍ A decade later, the threat landscape has evolved—and rather than updating the CAT, the FFIEC retired it on August 31, 2025. With CAT no longer the industry's best practice, many financial institutions are asking: What’s next? ‍