Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When the Federal Financial Institutions Examination Council (FFIEC) released its Cybersecurity Assessment Tool (CAT) in 2015, it became the industry standard for evaluating cyber readiness. ‍ A decade later, the threat landscape has evolved—and rather than updating the CAT, the FFIEC retired it on August 31, 2025. With CAT no longer the industry's best practice, many financial institutions are asking: What’s next? ‍

CurrentWare version 11.0.2 is here! This update introduces SIEM integration, Workforce Cost Summary to quantify the cost of underutilized employees, Idle Exclusion List to ensure more accurate employee productivity analytics, alert templates to simplify the alert creation process, the ability to block Bluetooth file transfers while allowing Bluetooth audio, and several security fixes based on penetration testing by third-party security consultants. Need help upgrading?

Imagine a company ordering new Android phones for their sales team. Without the right management solution in place, the IT team would spend hours (sometimes days) unboxing each phone, setting it up, downloading company apps, and repeating the same steps over and over again. The risk? delayed device rollouts and wasted time and energy.

In traditional cybersecurity, Security Posture Management (SPM) is an essential discipline. Organizations routinely monitor their cloud configurations, SaaS applications, and infrastructure for misconfigurations and vulnerabilities that could expose them to threats. It’s a recognition of a fundamental truth that even the most sophisticated security systems are only as strong as they’re configured to be.

Even the best-prepared teams can stumble when an information security (IS) issue surfaces; the real risk isn’t just the incident itself, but how quickly and clearly your employees know what to do next. When an alert goes off, every second counts: Who do they call? Which system do they isolate? What’s the escalation path? Without a well-defined, practiced response plan, confusion can spread faster than the threat.

At Bitsight, one of the responsibilities of the Vulnerability Research team is to develop fingerprinting methods to not only identify exposed services, but also vulnerabilities in those services. When it comes to detecting vulnerabilities, there are increased challenges depending on the complexity of both the vulnerability and the vulnerable service.

CSPM tools thrived by making cloud posture issues easy to find, but posture alone didn’t stop breaches. The market evolved into CNAPP – uniting posture, runtime, identity, and shift‑left – to deliver protection, not just visibility. DSPM is on the same trajectory: discovery and classification at rest are necessary but insufficient, especially as AI fragments data into shareable snippets that evade label‑centric controls.

CYJAX has expanded its ransomware group coverage, giving clients broader visibility and faster intelligence on emerging threats. This blog highlights the surge in global ransomware attacks and explains how this product update enhances organisational resilience in an evolving threat landscape.

Artificial intelligence (AI) is quickly transforming the workplace as we know it. According to a recent Forbes article, many organizations will move from experimenting with Generative AI to making it a fundamental part of their business—transforming essential functions from human resources to customer service and supply chain management. Data analysis that used to take hours can now be done in minutes with ChatGPT.

In October 2025, researchers uncovered a phishing operation that weaponizes the npm ecosystem, but this time not to infect developers at install time, but rather to host and deliver phishing scripts via the trusted unpkg.com CDN.