|
By Bitsight TRACE
On June 24, 2026, demonstrating the power of public-private collaboration, Europol and the Microsoft Digital Crimes Unit, alongside our team and other global partners, executed a coordinated disruption as part of Operation Endgame, impacting two of the most prolific commodity malware families on Windows: the Amadey loader/botnet and the StealC information stealer.
|
By Emma Stevens
In Bitsight’s annual State of the Underground report we discuss cyber threat trends, key players, attack vectors, and why it all matters. The key theme from the 2026 State of the Underground is that cyber risk is changing as we know it. We are starting to see threat actors pivot alongside the changing threat landscape. We also explored how the threat landscape is reacting to the ever-growing changes brought on by AI.
|
By Ebin Sandler
A large-scale credential compromise campaign known as FortiBleed has exposed verified administrator credentials for more than 73,000 internet-facing Fortinet FortiGate firewalls. As of mid-June 2026, the dataset is reportedly circulating within criminal underground communities. Researchers estimate that approximately 50% of all internet-reachable FortiGate devices may be affected across 194 countries, making this one of the most significant Fortinet security incidents to date.
|
By Jake Olcott
The landscape of third-party cyber risk is undergoing a profound transformation, driven by an escalating threat environment, an expanding attack surface, AI, and a tidal wave of new global regulations. As organizations grapple with complex digital supply chains, regulators across the US and EMEA are stepping up oversight, making 2026 a pivotal year for compliance and risk management. This analysis explores the essential threat intelligence and regulatory shifts that demand immediate attention.
|
By Terence Cheong
Hong Kong’s Protection of Critical Infrastructures (Computer Systems) Ordinance (Cap. 653) represents a major shift in cybersecurity regulation. The law moves beyond traditional compliance exercises and places a much stronger emphasis on continuous operational resilience. For designated Critical Infrastructure (CI) operators, the challenge is no longer simply deploying security controls.
|
By Raquel Oliveira
Third-party assessments often succeed at one thing: surfacing where a vendor falls short. But the process that follows can be difficult to scale across a growing vendor ecosystem.
|
By Emma Stevens
Anthropic recently announced the release of Claude Fable 5, a public version of its more powerful Mythos AI model. Technology that was previously only accessible to a select few organizations is now available to businesses at an enterprise level. AI vendors are building the guardrails while threat actors are studying their attack vectors. Essentially, we are giving the keys to the AI world to businesses and hoping the guardrails hold steady. Security teams need to prepare even faster now.
|
By Gabi Reish
The recent wave of announcements surrounding Claude Mythos and Project Glasswing has certainly filled our feeds. While these developments are technically interesting, the real story for me lately has been what they reveal about where the cybersecurity market is heading and how quickly that evolution is reshaping the risk conversation.
|
By Pedro Umbelino
Are the repeated warnings throughout the years taking effect? Although we would like to say they are, the answer is complex and, most likely, we aren’t quite there yet.
|
By Bitsight Team
According to Bitsight Threat Intelligence, NoName057(16) remains one of the most visible pro-Russian hacktivist groups conducting distributed denial-of-service (DDoS) attacks against countries and organizations perceived as supporting Ukraine. This matters because the risk can extend beyond direct business ties to Ukraine, and the group may also target organizations that do business with vendors, suppliers, partners, or service providers perceived as supporting Ukraine.
|
By Bitsight
Frontier AI is compressing the time between vulnerability discovery and exploitation, making reactive security strategies harder to sustain. In this webinar, Roland Cloutier (Former CISO of of ByteDance & TikTok, ADP, and EMC) and Gabi Reish discuss how security leaders can move beyond patching everything to prioritize real risk, measure cyber readiness, and communicate security posture to the board.
|
By Bitsight
Frontier AI models like Mythos have intensified the urgency to rethink cybersecurity. But for third-party risk teams, the harder question remains: how do we prioritize the actions that actually drive business outcomes? As TPRM becomes more tightly tied to business impact, resilience, continuity, and revenue protection, leaders need a clearer view of the hard truths shaping their programs.
|
By Bitsight
Vendor relationships don’t stay static—and neither does the risk they introduce. In this video, we break down a common misconception in third-party risk management: that vendor risk remains constant after onboarding. The reality? As vendors grow and their digital footprint expands, risk increases over time. Learn why organizations must move beyond point-in-time assessments and adopt a more modern approach to vendor risk management.
|
By Bitsight
As organizations shift to cloud services and third-party vendors, maintaining visibility and control over cyber risk has become increasingly complex. In this video, we explore one of the biggest challenges facing security leaders today: how to manage cyber risk without full visibility into your environment. Learn why visibility is critical to effective cybersecurity—and how the right data enables organizations to.
|
By Bitsight
The cyber risk landscape is evolving faster than ever—creating new challenges for organizations trying to maintain visibility and control. In this video, we explore why data is the foundation of effective cyber risk management. As risk becomes more dynamic and complex, organizations must be able to: Respond to threats as they emerge—not after the fact Without high-quality, actionable data, managing cyber risk simply isn’t possible.
|
By Bitsight
Bitsight is the global leader in cyber risk intelligence, leveraging advanced AI to empower organizations with precise insights derived from the industry’s most extensive external cybersecurity dataset. With more than 3,500 customers and over 68,000 organizations active on its platform, Bitsight delivers real-time visibility into cyber risk and threat exposure, enabling teams to rapidly identify vulnerabilities, detect emerging threats, prioritize remediation, and mitigate risks across their extended attack surface.
|
By Bitsight
When it comes to cybersecurity, there’s no such thing as being too prepared. In this clip, Ryan Swimm, Senior Manager, GRC Program from Bitsight explains why "softball" security drills just don't cut it. To truly protect your organization, you need to practice for the worst-case scenario—your own "Armageddon" drill. Inside the Drill: Don't wait for a real crisis to find the gaps in your strategy. Practice for doomsday today!
|
By Bitsight
For many risk and compliance leaders, the reality of Third-Party Risk Management (TPRM) is a mountain of disorganized spreadsheets, overflowing inboxes, and endless PDFs. When an audit is seven days away or the Board asks for a risk posture update, documentation overload becomes a liability. In this video, we explore the transition from vendor chaos to risk clarity. The Challenge.
|
By Bitsight
Cyber risk is evolving fast—and 2026 will demand more from security leaders than ever before. In this forward-looking webinar, Bitsight Co-Founder Stephen Boyer and SVP Vanessa Jankowski break down the biggest cyber threats shaping the year ahead, from AI-driven attacks and expanding attack surfaces to third-party and cloud risk.
|
By Bitsight
When a critical vulnerability is exploited, the first 72 hours of a cyber incident can determine the outcome. In this scenario-driven webinar, Bitsight experts break down how security, GRC, and threat intelligence teams must work together—fast—to detect risk, prioritize action, and communicate clearly under pressure.
|
By BitSight
Cybersecurity ROI isn't about cost savings. It's about how your cybersecurity program helps you achieve your goals while managing risk to a level that your executive team is comfortable with. So if you shouldn't measure success in cost savings, how do you measure it? BitSight is providing five steps that help CISOs and executive teams evaluate their company's cybersecurity performance.
|
By BitSight
Are you overwhelmed by the intricacies of your attack surface? Concerned about the rising risk of vulnerabilities in your and your partners' digital ecosystems? New BitSight research finds that the average vulnerability remediation rate across organizations is about 5 percent per month, sparking concern that the status quo of exposure and vulnerability management is broken. Moreover, organizations face significant challenges in managing vulnerabilities in their extended, third-party ecosystem, and most security leaders do not have the tools to address these emerging threats.
|
By BitSight
Traditional vendor risk management programs are not effective at mitigating risk in ever-expanding third-party networks, and yet 69% of businesses still rely on manual processes. It's time to take your program to the next level. How can you centralize, automate, and streamline your process to manage hundreds of vendors as effectively as you manage ten? Scalable VRM continuously detects, monitors, and mitigates risk, going beyond due diligence and initial assessments to constantly reassess and proactively act on vendor risk.
|
By BitSight
Stop reacting to cyber risk as it comes. BitSight for Security Performance Management empowers security leaders to strengthen cyber resilience over time with objective, meaningful, and evidence-based metrics. Gain insights, drive decisions, and build confidence with our suite of advanced analytics.
- June 2026 (11)
- May 2026 (11)
- April 2026 (9)
- March 2026 (12)
- February 2026 (13)
- January 2026 (12)
- December 2025 (15)
- November 2025 (10)
- October 2025 (15)
- September 2025 (12)
- August 2025 (8)
- July 2025 (10)
- June 2025 (7)
- May 2025 (5)
- April 2025 (6)
- March 2025 (6)
- February 2025 (8)
- January 2025 (16)
- December 2024 (10)
- November 2024 (4)
- October 2024 (10)
- September 2024 (8)
- August 2024 (7)
- July 2024 (11)
- June 2024 (8)
- May 2024 (14)
- April 2024 (11)
- March 2024 (6)
- February 2024 (7)
- January 2024 (26)
- December 2023 (4)
- November 2023 (7)
- October 2023 (10)
- September 2023 (11)
- August 2023 (16)
- July 2023 (15)
- June 2023 (13)
- May 2023 (17)
- April 2023 (19)
- March 2023 (7)
- December 2022 (2)
- August 2022 (2)
- July 2022 (8)
Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Global enterprises, governments, and organizations rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss. When unrelenting market pressure pushes organizations to uncertainty and caution, they turn to Bitsight to confidently navigate cyber risk and grow with confidence.
Bitsight's universally recognized risk standard and market-leading data provides actionable insights into how companies set and manage to standards and report results to internal and external stakeholders. Built on over a decade of technological innovation, Bitsight's integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.
Bitsight is on a mission to free the global economy from the material impact of cyber incidents.