SecurityScorecard STRIKE threat researchers discovered 12 zero-days in customer environments in the last year. Attacks are increasingly targeting third-party software. The zero-day vulnerability that emerged in Progress Software’s MOVEit Transfer product last year was a stark reminder of the real-world impact of such vulnerabilities. It wreaked havoc on businesses and governments worldwide, with cyber criminals exploiting it since May of 2023.

In 2014, the National Institute of Standards and Technology (NIST) released its Cybersecurity Framework (CSF) following a presidential executive order to help organizations better understand, reduce, and communicate cybersecurity risk. In the decade since its introduction, NIST CSF has become one of the most widely recognized and utilized frameworks globally, built upon five key functions: Identify, Protect, Detect, Respond, and Recover.

The National Vulnerability Database (NVD), the world’s most widely used vulnerability data source, has been having some problems recently, causing uncertainty and anxiety for everyone dealing with security vulnerabilities. Many organizations, including cybersecurity vendors, rely on CVE data provided by NVD. As a government organization operated by the U.S.

While the digital landscape evolves, cyber adversaries are also honing their tactics, techniques, and procedures. In recent years, ransomware groups have made major disruptions to the digital supply chain and, by extension, the world economy. What’s more, organizations in all industries and geographies continue to grapple with third-party threats, zero-day vulnerabilities, and more.

As Tax Day in the U.S. looms on the horizon, so too does the risk of falling victim to online scams. In 1986, the first year that e-filing was available, five people filed their returns electronically. Since then, the popularity of e-filing has increased so much that 92% of individual tax returns are now e-filed. As online tax filing and payment have become more popular, though, scams targeting unsuspecting taxpayers have as well.

Cyberattacks in the digital supply chain are now some of the most common cyber incidents today, with many of the recent major breaches resulting from a single vulnerability. Because of the rapid pace and scale of these attacks, cyber leaders can no longer rely on static analyses of their environments, and must continuously assess cyber risk across their entire supply chain and vendor ecosystem.