Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Navigating the maze that is vendor-supplied evidence is one of the most time-consuming and frustrating tasks security teams face during the risk assessment process. Imagine spending countless hours chasing down security information from a vendor only to receive a mountain of dense, unstructured (sometimes contradictory) documents. How can you possibly move forward? Security analysts have long dealt with this very problem.

UpGuard recently published its State of Cybersecurity 2025 | S&P 500 Report, highlighting cybersecurity trends of the leading industries throughout the United States. Alongside reviewing the most impactful incidents of 2024, the report also details which industries are leading (and which are lagging) in their cybersecurity measures and risk management. With growing cyber threats from AI and software supply chain attacks on the rise, maintaining a strong cybersecurity posture is more crucial than ever.

Inefficiencies, like slow vendor responses, often plague security teams like a persistent headache. At first, it’s just a dull throb in the background. Yes, it’s annoying, but analysts often accept it as the way things are, pushing through the pain and getting the job done. However, over time, this headache intensifies.

Organizations across nearly every industry have become reliant on third-party relationships to accomplish their business operations. You’d be hard-pressed to find an organization that doesn’t partner with at least one third-party vendor. However, this growing reliance on vendors has also created an evolving threat landscape—vendors are now prime targets for cyberattacks.

Artificial intelligence (AI) is one of the hottest buzzwords across industries, seemingly connected to almost every aspect of technology. AI models are helping software and tech products take their services to the next level, enhancing speed, accuracy, and efficiency. But this leap forward also introduces a deceptive shadow: AI-powered cybercrime. Companies may feel adequately protected against standard cyber threats, but many underestimate AI-powered cybercrime risks.

Efficient cyber threat detection is the cornerstone of an effective cybersecurity program. This post ranks the top eight cyber threat detection tools dominating the cybersecurity solution market in 2025.

Advocating for a larger budget is a common need for most security professionals. With so many business obligations fighting for priority and funding, even vital concerns like Vendor Risk Management can fall through the cracks. However, third-party cyber risks can devastate businesses in the blink of an eye—meaning maintaining a proper third-party risk management program should be at the top of your priority list.

The explosion of AI has led to the creation of tools that make it more accessible, leading to more adoption and more numerous, less sophisticated users. As with cloud computing, that pattern of growth leads to misconfigurations and, ultimately, leaks. One vector for AI leakage is exposed Ollama APIs that allow access to running AI models. Those exposed APIs create potential information security problems for the models’ owners.

Since the launch of ChatGPT in late 2022, gen AI (generative artificial intelligence) has transformed nearly every facet of our lives, including our professions and workplace environments. Adoption has been driven by employees looking for faster, better ways to perform. For example, applications like ChatGPT, DALL-E, and Jasper are helping employees across industries boost productivity, overcome roadblocks, and brainstorm creative solutions.

Mitel’s MiCollab Unified Communications solutions are widely used by businesses to streamline communications. However, two critical vulnerabilities, CVE-2024-35286 and CVE-2024-41713, have been identified across several versions of Mitel MiCollab. CVE-2024-35286 has been identified in versions 9.8.0.33 and earlier and CVE-2024-41713 has been identified in versions 9.8 SP1 FP2 (9.8.1.201) and earlier.