Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Just do it. Think different. The happiest place on earth. Nike, Apple, Disney are three iconic brands that have forever cemented themselves in our consciousness. How did they get there? A catchy slogan? A flashy logo? Sure, while slogans and logos change over time, they still make an impact. But what truly secures a brand’s reputation is trust. And trust is built over years, even decades, through consistency, authenticity, and relentless effort.

A new era in third-party cyber risk and exposure management is underway, one that operates in real time, informed by intelligence and scaled by automation. This shift wasn’t feasible even a few years ago. The scale, speed, and complexity of today’s threat landscape—spanning thousands of vendors, assets, and attack vectors—demand more than human capacity can manage. Artificial Intelligence is the catalyst making this new model possible.

For years, security frameworks have served as essential tools for aligning cybersecurity practices, but they’ve also come with limitations. Designed primarily for compliance, many frameworks are rigid by nature, sometimes to the extent of being a checklist, making them ill-suited for today’s dynamic risk environments. But the threat landscape has evolved, and so too must our approach.

A newly surfaced set of vulnerabilities in the SonicWall SMA100 series appliances has captured the attention of cybersecurity professionals. While SonicWall has released patches for CVE-2025-40596 through CVE-2025-40599, and media reports point to a surge in Akira ransomware attacks targeting SonicWall SSL VPN infrastructure, CISA has not formally confirmed exploitation of these specific vulnerabilities by Akira at this time.

Ransomware activity continues to increase, and Bitsight data illustrates the scale of this growth. In our State of the Underground 2025 report, Bitsight TRACE observed a nearly 25% rise in unique ransomware victims publicly listed on leak sites. Additionally, the number of leak sites operated by ransomware groups grew by 53%.

In today’s environment—marked by accelerating threats like ransomware, increasingly complex supply chains, and the growing footprint of AI and IoT—managing cyber risk has never been more urgent or more difficult. Our latest research with Sapio Research, The State of Cyber Risk and Exposure 2025, draws on the insights of 1,000 cybersecurity and cyber risk leaders around the world to understand what they are focused on today and what will be keeping them up tomorrow.

Cybersecurity leaders in the UK are facing a stark reality: managing cyber risk is becoming significantly harder. Not only are threats growing in scale and complexity, but a lack of visibility into digital exposures—both internal and across the supply chain—is compounding the challenge.

ToxicPanda is a banking trojan designed to infiltrate your mobile device, stealing financial details by targeting banking & financial apps. The malware keeps evolving, with the developers behind it being quick to add new features, such as overlaying pin & pattern codes, overlaying credential inputs for specific banking apps, allowing cybercriminals to remotely take control of compromised bank accounts and initiate unauthorized money transfers.

Acreed, a new malware-as-a-service (MaaS) platform, appears to have taken the top spot in the infostealer ecosystem. We suspect this is due to the takedown of Lumma Stealer (LummaC2) in May 2025. In just its first week, Acreed was observed uploading over 4,000 stolen credential logs to a dark web Russian Market.