|
By Emma Stevens
Picture the first meeting after a serious security event. The Security Operations team is talking about alerts, detections, and lateral movement. Threat Intelligence is talking about adversary tradecraft and known campaigns. Governance and Risk is talking about control gaps, exposure, and business risk. And leadership? They only care about how bad this event is, and what the team is doing about it. Security teams often agree on the mission: deter and stop threat actors at all costs.
|
By Greg Keshian
The rise of AI-driven vulnerability discovery using Anthropic's Claude Mythos, as well as similar tools from Google and OpenAI, is completely changing the calculus of cyber risk. The number of vulnerabilities is exploding. The time it takes for exploits to appear is shrinking. The patching cadences and scan intervals, assessments and risk registers that many organizations still rely on are rapidly becoming ineffective.
|
By João Godinho
A few weeks ago we published the first part of this series where we described the infrastructure used by the RondoDox threat actors to scan and exploit vulnerable systems. In this second post we’ll take a deep dive into the malware that is deployed into vulnerable systems. Specifically, we’ll look at the initial implant used to fetch the RondoDox binary and the binary itself, detailing its behaviour, how it communicates with the Command and Control (C2), and its malicious capabilities.
|
By Emma Stevens
Security compliance audits can feel intimidating, especially if your team has never been through one before. For many organizations, an audit feels like a high-pressure project with a hard deadline, a long list of evidence requests, and a lot of manual work spread across security, IT, legal, and compliance teams. For vendors and companies in highly regulated industries, audits and risk assessments may already be a routine part of doing business.
|
By Jake Olcott
Risk is expanding faster than most organizations can measure it, communicate it, and act on it. The convergence of AI, an ever-expanding attack surface, and deep, often hidden supply chain risks—extending into third-, fourth-, and fifth-party connections—all pose strategic and material risks to companies. Security leaders are ultimately looking for better ways to identify risk, prioritize action, and support stronger risk decisions across the entire business ecosystem.
|
By Emma Stevens
When people talk about AI security risks, the conversation usually starts with the model. Can it be jailbroken? Can someone get around the guardrails? Can an attacker make it say or do something it should not? Those are fair questions, but they are not the most important ones. The bigger risk is not the model on its own: it’s everything the model is connected to.
|
By Threat Research Team
Phorpiex, also known as Trik, is a resilient and long-running botnet with a history dating back to 2011. While it has grabbed some headlines, its sustained presence and adaptability make it a subject of ongoing concern for the cybersecurity community. Phorpiex has consistently demonstrated its capability to evolve, shifting from a pure spam operation to a sophisticated platform.
|
By Ariela Silberstein
Each year, the threat environment changes, and the way we measure cyber risk has to keep up. Attackers adjust quickly. At the same time, organizations add cloud services, SaaS applications, and third parties to their environments. That makes it harder to maintain a stable, external measure of security performance. At Bitsight, the Ratings Algorithm Update (RAU) is one of the major initiatives that helps keep the Bitsight Security Rating a reliable indicator of security performance.
|
By Emma Stevens
A supply chain compromise that impacted the Python package LiteLLM, with malicious versions 1.82.7 and 1.82.8 was published to PyPI on March 24, 2026. Bitsight Threat Intelligence, public reporting and vendor disclosures indicate the malicious releases included credential harvesting, Kubernetes-focused lateral movement, and persistence mechanisms, creating serious risk for cloud-native and AI-related environments that installed or ran the affected versions.
|
By Emma Stevens
Domains are foundational to digital trust. You visit your favorite online store or log in to your email without thinking twice about the web address in your browser. But what happens if that domain has been hijacked and you have just entered your personal information into an attacker’s trap?
|
By Bitsight
As organizations shift to cloud services and third-party vendors, maintaining visibility and control over cyber risk has become increasingly complex. In this video, we explore one of the biggest challenges facing security leaders today: how to manage cyber risk without full visibility into your environment. Learn why visibility is critical to effective cybersecurity—and how the right data enables organizations to.
|
By Bitsight
The cyber risk landscape is evolving faster than ever—creating new challenges for organizations trying to maintain visibility and control. In this video, we explore why data is the foundation of effective cyber risk management. As risk becomes more dynamic and complex, organizations must be able to: Respond to threats as they emerge—not after the fact Without high-quality, actionable data, managing cyber risk simply isn’t possible.
|
By Bitsight
Vendor relationships don’t stay static—and neither does the risk they introduce. In this video, we break down a common misconception in third-party risk management: that vendor risk remains constant after onboarding. The reality? As vendors grow and their digital footprint expands, risk increases over time. Learn why organizations must move beyond point-in-time assessments and adopt a more modern approach to vendor risk management.
|
By Bitsight
Bitsight is the global leader in cyber risk intelligence, leveraging advanced AI to empower organizations with precise insights derived from the industry’s most extensive external cybersecurity dataset. With more than 3,500 customers and over 68,000 organizations active on its platform, Bitsight delivers real-time visibility into cyber risk and threat exposure, enabling teams to rapidly identify vulnerabilities, detect emerging threats, prioritize remediation, and mitigate risks across their extended attack surface.
|
By Bitsight
When it comes to cybersecurity, there’s no such thing as being too prepared. In this clip, Ryan Swimm, Senior Manager, GRC Program from Bitsight explains why "softball" security drills just don't cut it. To truly protect your organization, you need to practice for the worst-case scenario—your own "Armageddon" drill. Inside the Drill: Don't wait for a real crisis to find the gaps in your strategy. Practice for doomsday today!
|
By Bitsight
For many risk and compliance leaders, the reality of Third-Party Risk Management (TPRM) is a mountain of disorganized spreadsheets, overflowing inboxes, and endless PDFs. When an audit is seven days away or the Board asks for a risk posture update, documentation overload becomes a liability. In this video, we explore the transition from vendor chaos to risk clarity. The Challenge.
|
By Bitsight
Cyber risk is evolving fast—and 2026 will demand more from security leaders than ever before. In this forward-looking webinar, Bitsight Co-Founder Stephen Boyer and SVP Vanessa Jankowski break down the biggest cyber threats shaping the year ahead, from AI-driven attacks and expanding attack surfaces to third-party and cloud risk.
|
By Bitsight
When a critical vulnerability is exploited, the first 72 hours of a cyber incident can determine the outcome. In this scenario-driven webinar, Bitsight experts break down how security, GRC, and threat intelligence teams must work together—fast—to detect risk, prioritize action, and communicate clearly under pressure.
|
By Bitsight
Your organization’s attack surface doesn’t stop at the network—and in financial services, that reality can’t be ignored. In this clip, Dov Lerner explains why even companies with strong internal security programs remain vulnerable when attackers target customers through phishing and account takeover schemes.
|
By Bitsight
The deep and dark web isn’t chaos—it’s a fully functioning marketplace. In this clip from Exposed: Cyber Risk in the Financial Sector and its Supply Chain, Dov Lerner explains how aspiring attackers can purchase phishing kits, stolen bank credentials, initial network access, and even cash-out services—often without technical expertise.
|
By BitSight
Cybersecurity ROI isn't about cost savings. It's about how your cybersecurity program helps you achieve your goals while managing risk to a level that your executive team is comfortable with. So if you shouldn't measure success in cost savings, how do you measure it? BitSight is providing five steps that help CISOs and executive teams evaluate their company's cybersecurity performance.
|
By BitSight
Are you overwhelmed by the intricacies of your attack surface? Concerned about the rising risk of vulnerabilities in your and your partners' digital ecosystems? New BitSight research finds that the average vulnerability remediation rate across organizations is about 5 percent per month, sparking concern that the status quo of exposure and vulnerability management is broken. Moreover, organizations face significant challenges in managing vulnerabilities in their extended, third-party ecosystem, and most security leaders do not have the tools to address these emerging threats.
|
By BitSight
Traditional vendor risk management programs are not effective at mitigating risk in ever-expanding third-party networks, and yet 69% of businesses still rely on manual processes. It's time to take your program to the next level. How can you centralize, automate, and streamline your process to manage hundreds of vendors as effectively as you manage ten? Scalable VRM continuously detects, monitors, and mitigates risk, going beyond due diligence and initial assessments to constantly reassess and proactively act on vendor risk.
|
By BitSight
Stop reacting to cyber risk as it comes. BitSight for Security Performance Management empowers security leaders to strengthen cyber resilience over time with objective, meaningful, and evidence-based metrics. Gain insights, drive decisions, and build confidence with our suite of advanced analytics.
- April 2026 (8)
- March 2026 (12)
- February 2026 (13)
- January 2026 (12)
- December 2025 (15)
- November 2025 (10)
- October 2025 (15)
- September 2025 (12)
- August 2025 (8)
- July 2025 (10)
- June 2025 (7)
- May 2025 (5)
- April 2025 (6)
- March 2025 (6)
- February 2025 (8)
- January 2025 (16)
- December 2024 (10)
- November 2024 (4)
- October 2024 (10)
- September 2024 (8)
- August 2024 (7)
- July 2024 (11)
- June 2024 (8)
- May 2024 (14)
- April 2024 (11)
- March 2024 (6)
- February 2024 (7)
- January 2024 (26)
- December 2023 (4)
- November 2023 (7)
- October 2023 (10)
- September 2023 (11)
- August 2023 (16)
- July 2023 (15)
- June 2023 (13)
- May 2023 (17)
- April 2023 (19)
- March 2023 (7)
- December 2022 (2)
- August 2022 (2)
- July 2022 (8)
Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Global enterprises, governments, and organizations rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss. When unrelenting market pressure pushes organizations to uncertainty and caution, they turn to Bitsight to confidently navigate cyber risk and grow with confidence.
Bitsight's universally recognized risk standard and market-leading data provides actionable insights into how companies set and manage to standards and report results to internal and external stakeholders. Built on over a decade of technological innovation, Bitsight's integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.
Bitsight is on a mission to free the global economy from the material impact of cyber incidents.