%term

How to Build an Effective Insider Risk Management Program

Dec 22, 2025 By Brian Hileman In Cyberhaven

Insider threats have become one of the most difficult and damaging challenges in cybersecurity. Unlike external attackers, insiders already have access to sensitive data and systems. Their actions often appear legitimate until it’s too late. Whether it’s a malicious employee stealing intellectual property or a well-meaning one accidentally leaking customer information, insider incidents are complex, nuanced, and often invisible to traditional security tools.

Read Post

Cyberhaven

Read more about How to Build an Effective Insider Risk Management Program

Security Shifts in 2026: Risk Moves Beyond the CISO

Dec 19, 2025 By Chris Jacob, Field CISO In Securonix

In 2026, cybersecurity will shift from being seen as the security team's responsibility to being part of how the entire company operates. Every business function will share ownership of risk. Finance, engineering, product, and marketing will all have clear roles in protecting customer trust.

Read Post

Securonix

Read more about Security Shifts in 2026: Risk Moves Beyond the CISO

Continuous Vendor Risk Monitoring: Real-Time Cyber Risk Visibility with Bitsight

Dec 19, 2025 By Bitsight In BitSight

Gain real-time visibility into cyber risks across your entire vendor ecosystem with Bitsight Continuous Monitoring. Continuously track third- and fourth-party security performance, uncover hidden vulnerabilities, and identify high-risk changes before they impact your business. Powered by the industry’s most comprehensive cyber risk data, Bitsight helps security and GRC teams respond faster to critical threats—including zero-day vulnerabilities—while improving vendor collaboration and strengthening overall supply chain resilience.

View Video

BitSight

Read more about Continuous Vendor Risk Monitoring: Real-Time Cyber Risk Visibility with Bitsight

This or That. CEO Shares Favorite Cybersecurity Books in SecurityScorecard Bracket #cybersecurity

Dec 19, 2025 By SecurityScorecard In SecurityScorecard

This or That. Favorite Books of SecurityScorecard Bracket, Cyber Edition is BACK – but this time it's Security Books! �� CEO and Co-Founder of SecurityScorecard Aleksandr Yampolskiy has another list of books you'll want to grab for some winter break reading and relaxation. Which ones are you hoping end up in your stocking this year? Drop a comment with your favorites and recommendations below.

View Video

SecurityScorecard

Read more about This or That. CEO Shares Favorite Cybersecurity Books in SecurityScorecard Bracket #cybersecurity

An Industry Analyst's Take on Nucleus 3.0

Dec 19, 2025 By Nucleus Security In Nucleus

In this episode of Nucleus Conversations, industry analyst and researcher Jon Oltsik unpacks the current state of exposure management, why so many organizations still struggle to manage cyber risk at scale, and the impact the recent Nucleus 3.0 releases will have for customers.

View Video

Nucleus

Read more about An Industry Analyst's Take on Nucleus 3.0

Why MDR Matters for Building Cyber Resilience in Telecoms

Dec 19, 2025 By Nik Levantis In Obrela

Telecom networks are the backbone of the digital economy. They must deliver secure, always-on connectivity at scale, supporting everything from critical national infrastructure to everyday consumer services. But cyber resilience today is no longer defined by uptime alone. It is about the ability to withstand, detect, and respond to highly targeted cyber threats that are designed to exploit the very fabric of telecom environments.

Read Post

Obrela

Read more about Why MDR Matters for Building Cyber Resilience in Telecoms

CultureAI Joins Microsoft's Agentic Launchpad: What This Means for the Future of AI Usage Control

Dec 18, 2025 By CultureAI Team In CultureAI

News AI Usage AI Risk Ria Manzanero Head of Marketing 18 December 2025 3 min read Share.

Read Post

CultureAI

Read more about CultureAI Joins Microsoft's Agentic Launchpad: What This Means for the Future of AI Usage Control

Looking Ahead to 2026: Why Cyber Economics Will Redefine the CISO's Mandate

Dec 18, 2025 By Jeff Gouge In Nucleus

Cybersecurity in 2026 will be driven by economics. Not hype. Not novelty. Economics. Attackers follow financial incentives and scale their operations faster than most enterprises can defend. CISOs must shift from reporting technical metrics to explaining business impact, guide safe AI adoption as Shadow AI grows, and design programs that emphasize resilience over perfection.

Read Post

Nucleus

Read more about Looking Ahead to 2026: Why Cyber Economics Will Redefine the CISO's Mandate

Why AppSec and Network Risk Management Must Be Unified in the Modern Enterprise

Dec 18, 2025 By Tiffany Jennings In Mend

How Mend.io’s ServiceNow integration helps organizations manage application, network, and operational risks together—at scale. Managing AppSec and network risk as separate programs is no longer realistic for enterprise security teams. Today’s digital environments are interconnected, distributed, and constantly changing. A single misconfiguration, unpatched server, or vulnerable open-source component can become a point of exploitation when combined with weaknesses elsewhere in the stack.

Read Post

Mend

Read more about Why AppSec and Network Risk Management Must Be Unified in the Modern Enterprise

CVE-2025-55182: First Days of React2Shell Exploitations

Dec 18, 2025 By João Godinho In BitSight

On December 3rd Lachlan Davidson disclosed an unauthenticated remote code execution vulnerability in React Server Components (RSC) that exploits how React.js (and Next.js) decodes payloads sent to React Server Function endpoints. On December 4th we started observing fingerprinting attempts for these vulnerabilities and on December 5th we started observing exploitation attempts. React.js is used by 66% of the global digital supply, in the top 0.06% of all technologies.

Read Post