Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security analysts work on the front lines, responsible for protecting organizations every hour of the day from all threats. Our mission has always been to empower the SOC with end-to-end visibility to focus on what matters most and act with clarity, context and speed to resolve any attack.

A critical Server-Side Request Forgery (SSRF) vulnerability—CVE-2025-8085—has been discovered in the popular WordPress plugin “Ditty (News Ticker & Display Items)” for versions prior to 3.1.58. The issue resides in the displayItems REST API endpoint (wp-json/dittyeditor/v1/displayItems), which lacks authentication and authorization, allowing unauthenticated attackers to force the server to fetch arbitrary URLs—internal or external—via crafted JSON payloads.

On September 9, 2025, SAP released its September 2025 Security Patch Day update with patches for 21 vulnerabilities. The most severe of these, CVE-2025-42944, is a maximum-severity deserialization vulnerability of untrusted Java objects in SAP NetWeaver that resides in the RMI-RP4 module. A remote unauthenticated threat actor can exploit this vulnerability by submitting a malicious payload to an open port to achieve arbitrary OS command execution.

Delivering safe and reliable power around the clock is a huge challenge. A task made even more difficult by the sharp rise in cyberattacks on the energy and utilities sector. Recent research from Trustwave SpiderLabs found that cyber threats against the sector have surged by 80% year-over-year, costing organizations nearly half a million dollars more per breach than the cross-industry average of $4.8 million.

Over night, starting at 01:16 UTC on September 9th, we were alerted to more packages being compromised, these included: These packages all had a new version 1.3.3 released (In the case of the wasm version, it was version 1.29.2), which contained the same malicious code as we saw in the compromise of packages with 2 billion+ downloads.

Industries, governments, and enterprises of all kinds have adopted large language models (LLMs) and generative AI (GenAI) into their operations and workflows, unlocking new possibilities for everything from customer interaction to complex data analysis. But with this innovation comes new challenges for security, observability, and data science teams.

In our day-to-day work and conversations with security experts, one concern comes up regularly: how consistent is our WAF protection? Our answer is always the same: not as much as you think. The truth is that in the case of enterprises, web application firewall (WAF) coverage is rarely uniform. Protection is often a mixed bag of products from different vendors, managed by separate teams, each guarding only part of the attack surface.

In order to collect various security-related metrics, Bitsight scans the entire internet, collecting a unique set of data that enables us to carry out a variety of studies that would be extremely difficult for any other company to conduct. One of the metrics that we collect is related to the presence of certain vulnerabilities. For this, we need to take into consideration all possible mitigation strategies that are available and that allow us to reduce the risk.

Recent cyberattacks on retailers in the UK and the U.S. are now shifting to target the financial sector, with news on breaches reaching headlines almost daily. These stories track how today’s threat actors operate: they are strategic, pivot quickly, exploit weak links and are highly opportunistic. This opportunism means that if threat actors discover an unlocked door in one business within an industry, they will try every door within that industry to find a common weakness.

Security teams are drowning in findings, but only a fraction of exposures actually put the business at risk. Treating every issue as equal spreads resources thin, slows down remediation, and leaves critical systems exposed. Threat Exposure Management (TEM) changes the equation by forcing teams to focus on the exposures most likely to cause real damage – and to build the operating model that ensures they get fixed.