Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

ToxicPanda is a banking trojan designed to infiltrate your mobile device, stealing financial details by targeting banking & financial apps. The malware keeps evolving, with the developers behind it being quick to add new features, such as overlaying pin & pattern codes, overlaying credential inputs for specific banking apps, allowing cybercriminals to remotely take control of compromised bank accounts and initiate unauthorized money transfers.

Acreed, a new malware-as-a-service (MaaS) platform, appears to have taken the top spot in the infostealer ecosystem. We suspect this is due to the takedown of Lumma Stealer (LummaC2) in May 2025. In just its first week, Acreed was observed uploading over 4,000 stolen credential logs to a dark web Russian Market.

A serious new vulnerability (CVE-2025-53770, also known as “ToolShell”) is actively being exploited by cybercriminals to hack into on-premises Microsoft SharePoint Servers. The vulnerability, along with CVE-2025-53771 was discovered around July 18, 2025. Bitsight Research classifies CVE-2025-53770 as 10 out of 10 on our Dynamic Vulnerability Exploit (DVE) scale and CVE-2025-53771 as a 5.82 out of 10 indicating severe and moderate urgency respectively.

Artificial intelligence—it’s a term you’ve likely encountered more than once today, and this won’t be the last. And while it reshapes how businesses operate, it’s also introducing new risks. As organizations embrace AI-powered tools for efficiency and innovation, it becomes essential to understand what technologies your vendors rely on, and what those choices mean for your cybersecurity posture.

This report details an investigation into a Fast Flux network observed in 2024. It covers the technical details of the network, its observable infrastructure, the malware associated with it, and its presence on the dark web.

SIM swapping is not a novel cyber threat; it has been a persistent issue for over a decade. This technique exploits vulnerabilities in mobile carrier procedures and identity verification protocols. Attackers employ social engineering tactics to deceive telecom providers into transferring a victim’s phone number to a SIM card under their control.

In the cybersecurity landscape, sensational headlines and alarming vulnerability disclosures are commonplace. Recent events have been a whirlwind, with claims of massive data breaches and widespread vulnerabilities affecting critical infrastructure. From the overstated impact of Next.js middleware vulnerabilities to the exaggerated reach of Nginx ingress issues, it's clear that the cybersecurity community needs a reality check.

Ransomware attacks are surging, and Bitsight data shows just how dramatic the rise has been. Our cyber threat intelligence (CTI) researchers observed a nearly 25% increase in unique ransomware victims listed on leak sites in 2024.

Cybersecurity weaknesses span both software and hardware systems, creating numerous opportunities for exploitation. Among the most common access vectors leveraged by threat actors are phishing attacks and Common Vulnerabilities and Exposures (CVEs). When left unpatched, CVEs can pose significant risks to an organization’s systems, exposing sensitive data and operational assets to potential compromise.

For the second time in a row, Bitsight has been named an Overall Leader in the KuppingerCole Leadership Compass for Attack Surface Management (ASM)—and it’s not just a title. The report offers a deep dive into how organizations are using ASM to get ahead of cyber threats by proactively managing their digital risk.