%term

CVE-2025-55182: First Days of React2Shell Exploitations

Dec 18, 2025 By João Godinho In BitSight

On December 3rd Lachlan Davidson disclosed an unauthenticated remote code execution vulnerability in React Server Components (RSC) that exploits how React.js (and Next.js) decodes payloads sent to React Server Function endpoints. On December 4th we started observing fingerprinting attempts for these vulnerabilities and on December 5th we started observing exploitation attempts. React.js is used by 66% of the global digital supply, in the top 0.06% of all technologies.

Read Post

BitSight

Read more about CVE-2025-55182: First Days of React2Shell Exploitations

Cyber Threat Intelligence Simplified: Introducing Bitsight Pulse

Dec 18, 2025 By Bitsight In BitSight

Drowning in threat data? You’re not alone. Bitsight Pulse turns overwhelming intel into clear, actionable insights — so you can see what matters and skip what doesn’t.

View Video

BitSight

Read more about Cyber Threat Intelligence Simplified: Introducing Bitsight Pulse

Top 10 Security Events of 2025

Dec 17, 2025 By Revashni Moodley In UpGuard

If 2025 has taught us anything, it’s that risk is no longer confined to the edges of your network. The traditional security perimeter has dissolved, with risk creeping into the very tools we use to run our businesses. Organizations faced off against catastrophic configuration errors, the weaponization of third-party trust connections, Multi-Factor Authentication (MFA) failures, and attackers who clearly love the holidays.

Read Post

UpGuard

Read more about Top 10 Security Events of 2025

SecurityScorecard CISO Steve Cobb as Cyber Santa's 2025 Naughty and List 2025

Dec 17, 2025 By SecurityScorecard In SecurityScorecard

AI dominated headlines this year and threat actor groups made bold moves in 2025. From threat actors like Imperial Kitten and scammers using tools like Sora AI to mimc real human voices to Congressional action on the PILLAR act and a $50 billion rural healthcare investment from the U.S. government, there are a lot of moments this year that make up Cyber Santa's Naughty and Nice List for 2025.

View Video

SecurityScorecard

Read more about SecurityScorecard CISO Steve Cobb as Cyber Santa's 2025 Naughty and List 2025

Risk Acceptance vs Risk Exposure: Making Smarter Security Investments

Dec 17, 2025 By Reach Security In Reach Security

Before investing in new security tools, it’s critical to understand what your current stack is actually delivering. Barmak Meftah spoke about the importance of baselining existing investments to truly grasp risk acceptance versus real risk exposure. Without that foundation, new acquisitions lack context and are often driven by trends rather than necessity. Smarter decisions come from understanding:︎ What is already deployed︎ How it is configured︎ Where exposure persists.

View Video

Reach Security

Read more about Risk Acceptance vs Risk Exposure: Making Smarter Security Investments

Compliance Requirements That Make Cybersecurity Training Essential

Dec 17, 2025 By SecuritySenses In SecuritySenses

Cybersecurity threats continue to evolve, but one constant remains: human error is still one of the leading causes of data breaches. As a result, cybersecurity training has become more than a best practice-it is increasingly a requirement driven by regulations, insurance providers, and industry standards. Organizations that fail to properly train employees not only expose themselves to cyber risk but may also fall out of compliance with critical legal and contractual obligations.

Read Post

SecuritySenses

Read more about Compliance Requirements That Make Cybersecurity Training Essential

Practitioner Insight: 4 Best Practices for Supply Chain Risk Resilience in Finance

Dec 16, 2025 By Greg Keshian In BitSight

Like any other global industry, financial services companies face tremendous challenges of scale and complexity when it comes to managing cyber risk across their digital supply chain. The financial services supply chain is composed of more than 1.6M third-party relationships across the industry ecosystem.

Read Post

BitSight

Read more about Practitioner Insight: 4 Best Practices for Supply Chain Risk Resilience in Finance

How To Reduce Risk This Holiday Season

Dec 16, 2025 By Adam Marrè In Arctic Wolf

The holiday season is traditionally a period of goodwill, gift giving, and time with loved ones, but if you are responsible for your enterprise’s cyber defenses it’s also a time when you should have a heightened awareness of cyber risk. Cybercriminals often treat this time of year as a prime opportunity to exploit the unprepared and unwary.

Read Post

Arctic Wolf

Read more about How To Reduce Risk This Holiday Season

Finding the Best AI Governance Software for Enterprises

Dec 16, 2025 By Kovrr In Kovrr

‍ ‍AI governance software provides GRC leaders and security and risk managers (SRMs) with a dependable way to understand how AI is being used across the business and whether safeguards are functioning as intended. The software can translate a complex ecosystem of tools and models into concrete insights that stakeholders can evaluate.

Read Post

Kovrr

Read more about Finding the Best AI Governance Software for Enterprises

The Author's Take: The Past, Present, & Future of Third Party (Cyber) Risk Management

Dec 16, 2025 By SecurityScorecard In SecurityScorecard

“It is also a common trap of giving inexperienced customers a false sense of security…”~Navigating Supply Chain Cyber Risk TPRM processes today are filled with thousands of pages of questionnaires, assessments, and more, but does that status quo really help secure your vendor ecosystem? Join Aleksandr Yampolskiy (CEO & Co-Founder, SecurityScorecard) and Alex Golbin (Co-Author, Navigating Supply Chain Cyber Risk) as they chat about.

View Video