%term

Cyber Resilience and AI Risk: Safeguarding Critical Infrastructure in a New Threat Landscape

Dec 7, 2025 By David Morimanno, Field CTO NA In Xalient

In October, the UK put a spotlight on cyber resilience with the release of the NCSC's 2025 Annual Review. CEO Richard Horne warned that failing to prepare for cyberattacks risks a company's future. The urgency behind this statement is backed by data: the NCSC handled 204 major cyber incidents between September 2024 and 2025, and 43% of UK businesses reported a breach in the past year.

Read Post

Xalient

Read more about Cyber Resilience and AI Risk: Safeguarding Critical Infrastructure in a New Threat Landscape

Automating SLAs in Risk-Based Vulnerability Management: Turning Deadlines into Results

Dec 5, 2025 By Aaron Attarzadeh In Nucleus

Many organizations set remediation SLAs, but static severity-based timelines and manual tracking prevent them from meeting those deadlines in a way that meaningfully reduces risk. This article outlines how automated, risk-based SLAs connect timelines to real exploitability, exposure, and asset value, turning deadlines into reliable, measurable outcomes. Key takeaways from this article.

Read Post

Nucleus

Read more about Automating SLAs in Risk-Based Vulnerability Management: Turning Deadlines into Results

Head of Public Policy Mike Centrella talks CISA Shutdown Updates - Nov. 13, 2025

Dec 5, 2025 By SecurityScorecard In SecurityScorecard

News alert: With the government shutdown coming to an end, the continuing resolution includes the extension of CISA 2015 (Cybersecurity Information Sharing Act). However, sustained information sharing isn't optional, it's crucial for national resilience and security. A reinstitution of CISA 2015 for the coming weeks is just the beginning. "Timely, trusted threat intelligence sharing is foundational to both national security and private sector resilience.".

View Video

SecurityScorecard

Read more about Head of Public Policy Mike Centrella talks CISA Shutdown Updates - Nov. 13, 2025

Does Your Team Trust AI More Than You?

Dec 4, 2025 By UpGuard In UpGuard

Managers: When your team needs answers, are they coming to you or to AI? Our new report found 27% of employees now trust AI more than their colleagues or managers. In this video, we break down why banning AI creates a trust vacuum that's fundamentally breaking team structures.

View Video

UpGuard

Read more about Does Your Team Trust AI More Than You?

Understanding and Mitigating CVE-2025-55182 (React2Shell)

Dec 4, 2025 By Edward Kost In UpGuard

Designated CVE-2025-55182 and widely dubbed "React2Shell," this vulnerability represents a worst-case scenario for modern web applications: Unauthenticated Remote Code Execution (RCE) on default configurations.

Read Post

UpGuard

Read more about Understanding and Mitigating CVE-2025-55182 (React2Shell)

Security Alert: CVE-2025-66478 & CVE-2025-55182 (React2Shell) - Next.js React Server Components Remote Code Execution

Dec 4, 2025 By Emma Stevens In BitSight

A critical vulnerability, CVE-2025-66478, has been identified in Next.js applications using React Server Components (RSC) with the App Router. This vulnerability receives a CVSS score of 10.0 and a Bitsight Dynamic Vulnerability Exploit (DVE) score of 7.85. This vulnerability may allow remote code execution (RCE) when affected servers process attacker-controlled RSC requests. CVE-2025-66478 is tied to an upstream React issue (CVE-2025-55182–DVE score 9.15) affecting the RSC protocol implementation.

Read Post

BitSight

Read more about Security Alert: CVE-2025-66478 & CVE-2025-55182 (React2Shell) - Next.js React Server Components Remote Code Execution

Paying the Ransom: A Short-Term Fix or Long-Term Risks?

Dec 3, 2025 By Emma Stevens In BitSight

According to our 2025 State of the Underground report, ransomware attacks rose by nearly 25% in 2024, and the number of ransomware group leak sites jumped 53%. This surge sets the stage for a critical question: if compromised, should you pay ransomware demands or not? The stakes are enormous, including downtime, data loss, brand damage, and legal risk all hang in the balance.

Read Post

BitSight

Read more about Paying the Ransom: A Short-Term Fix or Long-Term Risks?

Attack Surface Monitoring Guide for Security Teams

Dec 3, 2025 By Revashni Moodley In UpGuard

The rising threat of cybercrime, projected to reach an astonishing $13.82 trillion by 2028, is largely attributed to the expanding attack surface. This signals that organizations are more vulnerable than ever. Assuming your organization is safe, without ongoing visibility is dangerous. That’s because every digital asset poses a threat, whether a new tool or forgotten assets. Security and Operations Center (SOC) teams require real-time insight, which is why attack surface monitoring is crucial.

Read Post

UpGuard

Read more about Attack Surface Monitoring Guide for Security Teams

Communicating AI Risk to the Board: Bridging the AI Governance Gap

Dec 3, 2025 By Kovrr In Kovrr

‍AI is altering business operations and workflows at a pace that few leaders have experienced before. GenAI deployments are rising across every department, expanding their influence and maximizing business productivity and efficiency. However, the moment the conversation shifts from AI's advantages to its inherent risk, the dynamic changes.

Read Post

Kovrr

Read more about Communicating AI Risk to the Board: Bridging the AI Governance Gap

Why Data Transformation Techniques Are Essential for Security Intelligence

Dec 3, 2025 By SecuritySenses In SecuritySenses

In today's digital world, the amount of data generated by organizations is growing at an unprecedented rate. Every day, businesses, governments, and individuals produce vast streams of information, from financial records and customer interactions to logs from security systems. While this data holds incredible potential for insights, it is often raw, unstructured, and scattered across multiple sources. Security intelligence, which relies on accurate and actionable information to detect threats and make informed decisions, cannot function effectively without proper preparation of this data.

Read Post