Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

bitsight

The Rise of Acreed Infostealer in the Post-LummaC2 Threat Landscape

Jul 22, 2025 By Emma Stevens In BitSight
Acreed, a new malware-as-a-service (MaaS) platform, appears to have taken the top spot in the infostealer ecosystem. We suspect this is due to the takedown of Lumma Stealer (LummaC2) in May 2025. In just its first week, Acreed was observed uploading over 4,000 stolen credential logs to a dark web Russian Market.
Read Post
bitsight

ToolShell Threat Brief: SharePoint RCE Vulnerabilities (CVE-2025-53770 & 53771) Explained

Jul 22, 2025 By Emma Stevens In BitSight
A serious new vulnerability (CVE-2025-53770, also known as “ToolShell”) is actively being exploited by cybercriminals to hack into on-premises Microsoft SharePoint Servers. The vulnerability, along with CVE-2025-53771 was discovered around July 18, 2025. Bitsight Research classifies CVE-2025-53770 as 10 out of 10 on our Dynamic Vulnerability Exploit (DVE) scale and CVE-2025-53771 as a 5.82 out of 10 indicating severe and moderate urgency respectively.
Read Post
cultureai

Humans Aren't the Weakest Link, Our Defences Are

Jul 22, 2025 By Oliver Simonnet In CultureAI
For decades now we’ve been locked in this game of cat-and-mouse where attackers develop a new technique and defenders catch up, or defenders introduce a new control and attackers adapt. From the evolution of network security to identity and access control, many of our technical controls have matured into strong and reliable defences. Yet as we continue to see in the media, attackers continue to get in, compromising even the most mature and secure of environments, in seemingly simple way.
Read Post
nucleus

Nucleus MCP Integration: Scaling Risk Reduction with AI-Driven Insights

Jul 22, 2025 By Rob Gibson In Nucleus
Today, we’re excited to announce a preview of the Model Context Protocol (MCP) Server for Nucleus. This marks an important step towards AI-native workflows for vulnerability and exposure management. Model Context Protocol (MCP) is an emerging industry standard enabling seamless integration between enterprise applications and AI models. Backed by leading organizations like OpenAI, Microsoft, and Google, MCP servers are quickly becoming the foundation for AI-enablement across the enterprise.
Read Post
How Outside Tech Experts Spot Business Risks You Can't See

How Outside Tech Experts Spot Business Risks You Can't See

Jul 22, 2025 By SecuritySenses In SecuritySenses
Your IT setup is likely under control. You've got in-house support, the systems are running, and there haven't been any significant problems. But the thing about unseen risks is they don't announce themselves until they've already caused damage. They build up quietly, through outdated configurations, unchecked access privileges, and overlooked software patches. By the time the issue surfaces, it's no longer just a minor glitch. It's downtime. It's lost data. It's angry customers.
Read Post
fidelis security

Proactive vs. Reactive Asset Risk Mitigation: How Deception Helps

Jul 21, 2025 By Fidelis Security In Fidelis Security
In today’s digital landscape, where cyber threats grow more sophisticated and frequent, organizations must prioritize robust strategies to protect their critical assets—data, systems, and networks. Asset risk mitigation is a cornerstone of cybersecurity, involving the identification, assessment, and management of risks to these valuable resources. Two primary approaches dominate this field: proactive and reactive risk mitigation.
Read Post

Third-party risk management: What's next | TrustTalks - Ep 35 | Security and GRC Podcast

Jul 20, 2025 By TrustCloud In TrustCloud
Akshay sits down with Paola to discuss Third-party risk management. Third-party risk isn’t just a security checkbox anymore, it’s becoming one of the most dynamic and high-stakes areas of enterprise risk. In this episode, we unpack where third-party risk management is headed: from static spreadsheets to real-time monitoring, from annual audits to AI-driven insights, and from compliance pressure to competitive advantage.
View Video
Featured Post
Navigating Cyber Threats in the Retail Sector

Navigating Cyber Threats in the Retail Sector

Jul 18, 2025 By Leigh Glasper, Director of Cyber Advisory In BlueVoyant
The UK retail sector stands at a critical crossroads. In a market where digital agility defines success and consumer trust can be won or lost in seconds, cyber security is no longer a back-office issue; it's a frontline brand priority. As malicious actors set their sights on retail's digital backbone from Point-of-Sale systems to complex supply chain networks, the potential for disruption has never been more tangible.
Read Post
fidelis security

How does Fidelis NDR Delivers Proactive Asset Risk Mitigation?

Jul 18, 2025 By Fidelis Security In Fidelis Security
Organizations operating in sprawling, hybrid IT environments often lack complete visibility into all assets and their communication patterns. This gap creates blind spots where vulnerabilities go undetected, third-party components remain unpatched, and unauthorized lateral movement can occur without raising alarms.
Read Post
Vanta Acquires Riskey to Transform Vendor Risk with Continuous, AI-Powered Monitoring

Vanta Acquires Riskey to Transform Vendor Risk with Continuous, AI-Powered Monitoring

Jul 17, 2025 By Vanta In Vanta
Vanta announces the acquisition of Riskey, a pioneer in real-time third- and fourth-party risk monitoring. The addition of Riskey's technology into Vanta Vendor Risk Management (VRM) significantly advances Vanta's capabilities in supporting security teams with an automated approach to VRM - replacing static point-in-time assessments with continuous, AI-driven risk intelligence.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.