%term

Asana Discloses Data Exposure Bug in MCP Server

Jun 16, 2025 By Greg Pollock In UpGuard

On June 4, Asana identified a bug in its Model Context Protocol (MCP) server and took the server offline to investigate. While the incident was not the result of an external attack, the bug could have exposed data belonging to Asana MCP users to users in other accounts.

Read Post

UpGuard

Read more about Asana Discloses Data Exposure Bug in MCP Server

What Is Cyber Risk

Jun 16, 2025 By Daniel Ghillione In LevelBlue

Did you know that it is estimated that 45% of organizations worldwide will have suffered attacks on their software supply chains this year? Cyber risk is real, and its consequences can be devastating. As digital transformation continues to reshape how businesses operate globally, cyber threats are increasing at a rapid and alarming pace. The term cyber risk refers to the damage posed by these cyber threats.

Read Post

LevelBlue

Read more about What Is Cyber Risk

Checkups and Checklists: Cyber Risk Isn't Just a Technical Problem

Jun 13, 2025 By James McQuiggan In KnowBe4

There are many things in our lives we must prepare for to be ready. For other things, we wing it, or we're not prepared to deal with it at the moment. For me, I've reached that point in my life where I needed to have a medical procedure done, and it was something I've put off for several years. It may not be very comfortable to admit, but last week, I had a colonoscopy. That's not exactly how you'd expect a cybersecurity blog to start, but hear me out on this one!

Read Post

KnowBe4

Read more about Checkups and Checklists: Cyber Risk Isn't Just a Technical Problem

Shadow AI: Examples, Risks, and 8 Ways to Mitigate Them

Jun 13, 2025 By Mend.io Communications In Mend

Shadow AI refers to the unauthorized or unmanaged use of AI tools, models, frameworks, APIs or platforms within an organization, operating outside established governance frameworks. While employees may adopt these AI tools with good intentions, seeking to enhance productivity or solve problems more efficiently, the lack of oversight creates significant security, compliance, and operational risks.

Read Post

Mend

Read more about Shadow AI: Examples, Risks, and 8 Ways to Mitigate Them

Veracode: Application Risk Management for today's AI-driven world

Jun 13, 2025 By VERACODE In Veracode

Discover Veracode, the comprehensive application risk management platform designed for today's AI-driven world. This video provides an overview of how Veracode empowers organizations to build and deploy secure software by offering unified visibility, AI-driven prioritization, and integrated tools for detecting and remediating vulnerabilities. Learn about Veracode's key capabilities, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and risk management.

View Video

Veracode

Read more about Veracode: Application Risk Management for today's AI-driven world

TPCRM Framework: Building Digital Trust for Modern Enterprises

Jun 13, 2025 By Edward Kost In UpGuard

Third-party cyber risk management (TPCRM) has emerged as a critical discipline, moving beyond traditional approaches to address the unique and evolving cyber threats posed by vendor relationships. This post explains the core tenets of TPCRM, outlines key requirements for ideal tools, and suggests implementation strategies for this new, important branch of cybersecurity.

Read Post

UpGuard

Read more about TPCRM Framework: Building Digital Trust for Modern Enterprises

ISO 27001 Risk Register Setup: Step-by-Step Guide

Jun 13, 2025 By Max Aulakh In Ignyte

While we talk a lot on this site about the US Government’s various cybersecurity frameworks, like FedRAMP and CMMC, there’s one significant framework that deserves just as much attention: ISO 27001. ISO 27001, being an ISO standard, is an international framework for cybersecurity divorced from any one country’s government.

Read Post

Ignyte

Read more about ISO 27001 Risk Register Setup: Step-by-Step Guide

Bitsight AI Empowers Microsoft's New Threat Intelligence Briefing Agent

Jun 12, 2025 By Yaniv Cherfas In BitSight

Threat Intelligence (TI) has become the secret weapon of modern security teams—essential for identifying possible emerging threats before they escalate. But TI is only as valuable as its accuracy, relevancy, and timeliness. Unfortunately, many traditional TI approaches can no longer keep up, as security teams are plagued with information overload: too many signals, too little context, and limited resources to process everything. This is why the coupling of GenAI and TI is a game changer.

Read Post

BitSight

Read more about Bitsight AI Empowers Microsoft's New Threat Intelligence Briefing Agent

AI is already embedded in our everyday tools, often without us realizing it. | UpGuard #ai

Jun 12, 2025 By UpGuard In UpGuard

“AI is already embedded in our everyday tools, often without us realizing it. That changes how security teams need to adapt.” Hear from Randy Vickers, Deputy CISO at the National Student Clearinghouse, in this fireside chat from UpGuard Summit 20, as he shares how his team is staying ahead of AI’s evolving role in cybersecurity.

View Video

UpGuard

Read more about AI is already embedded in our everyday tools, often without us realizing it. | UpGuard #ai

The Real AI Agent Risk Isn't Data Loss. It's Unauthorized Action.

Jun 12, 2025 By Dina Durutlic In Zenity

Your AI Agent just updated a vendor’s payment details in your Enterprise Resource Planning (ERP) system based on a seemingly harmless prompt. No data was exfiltrated. No access policy was violated. But now, a $250,000 payment is sitting in a fraudulent bank account. This is the new face of AI risk. As enterprises adopt AI Agents - either off the shelf or custom built, security teams are facing a fast-moving shift.

Read Post