Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Artificial intelligence—it’s a term you’ve likely encountered more than once today, and this won’t be the last. And while it reshapes how businesses operate, it’s also introducing new risks. As organizations embrace AI-powered tools for efficiency and innovation, it becomes essential to understand what technologies your vendors rely on, and what those choices mean for your cybersecurity posture.

Today, we're taking a big step toward making trust management even easier for our customers: Vanta has acquired Riskey, a company leading the way in real-time third-party risk monitoring. Their continuous vendor monitoring and alerting will soon be part of Vanta’s Vendor Risk Management product. ‍ Managing vendor risk is more important than ever.

In our first article exploring vulnerability management vs. exposure management, we explored the growing recognition that exposure management is not just a rebranding of vulnerability management. Rather, it’s a strategic evolution. Where traditional vulnerability management often focuses narrowly on CVEs and technical severity, exposure management demands a broader, more integrated understanding of risk across assets, environments, and attack vectors.

‍ ‍ ‍Both the Marks & Spencer ransomware attack and the Qantas breach dominated headlines for weeks, each exposing serious lapses in how data and risk were managed at the organizational level. But within the cybersecurity community, the response took a different turn. Unlike with other commentary post-cyber incidents, the focus quickly moved away from compromised systems and toward something more structural. These weren’t framed as technical breakdowns.

This report details an investigation into a Fast Flux network observed in 2024. It covers the technical details of the network, its observable infrastructure, the malware associated with it, and its presence on the dark web.

‍

Cyberattacks on supply chains in 2025 have become more frequent and severe, moving from isolated incidents to major multi-sector crises. These crises involve data theft in software patches, ransomware disrupting food, pharmaceutical, and financial pipelines. As attackers target vendors as entry points, defensive measures must adapt. This includes enhanced vendor vetting, code provenance controls, firmware security, and robust third-party risk response.

You are the CISO of a mid-sized enterprise that is experiencing rapid growth, i.e., your security stack is becoming increasingly complex by the month, compliance auditors are asking more challenging questions, and your board wants measurable proof that security investments are actually reducing risk. Meanwhile, attack vectors are evolving daily, and your current risk assessments consistently lag behind.

Aligning with the Australian Government’s expectations for cybersecurity can present challenges, especially for organizations unfamiliar with the frameworks in use. For those looking to work with or support government programs, understanding how systems are assessed against the Information Security Manual (ISM) is critical. The ISM, maintained by the Australian Signals Directorate (ASD), sets out cybersecurity principles to guide the protection of government information and systems.