|
By Jake Olcott
For organizations within the Defense Industrial Base (DIB), the Cybersecurity Maturity Model Certification (CMMC) 2.0 represents more than a regulatory hurdle. It is becoming a core requirement for doing business with the Department of Defense and for protecting sensitive information across the defense supply chain.
|
By Sofia Lourenço
Security leaders are under pressure to do more than identify issues. They need to show that security work is reducing real risk. That’s harder than it should be. Attack surfaces keep expanding, threats keep changing, and many teams are still working through long lists of issues without enough context to know what deserves attention first. That's where Threat Insights in Bitsight Security Posture Management can make a real difference.
|
By Omer Carmi
The ripple effects of a cyberattack rarely stay contained. Modern organizations rely on vast ecosystems of vendors, suppliers, SaaS providers, and partners. As those connections deepen, so does the potential blast radius of a third-party compromise. What begins as an exposed system or stolen credential inside a vendor environment can quickly cascade across the supply chain. Attackers understand this. Increasingly, they target trusted third parties as an indirect path into larger organizations.
|
By Emma Stevens
When a new vulnerability is announced, the race begins. Security teams jump into action, checking exposure, triaging events, identifying affected systems, and figuring out how quickly they can patch. The clock is ticking and they know it. At the same moment, threat actors are doing their own version of that work. They’re reading the same advisories, watching the same feeds, and asking a much simpler question: Who is still vulnerable?
|
By Omer Carmi
No man is an island, entire of itself; Every man is a piece of the continent, a part of the main.– John Donne Let’s face it, we have a gap in our cyber posture. Thirty percent of breaches originate from third parties, yet as organizations become increasingly exposed to supply chain attacks, they often lack the visibility, context, and workflows to detect and respond to them. Why?
|
By Greg Keshian
Something fundamentally shifted in cybersecurity. Claude Mythos, Anthropic’s frontier AI model, signaled the arrival of what the Cloud Security Alliance called an “AI vulnerability storm,” a world where vulnerabilities are discovered and exploited at machine speed. This is a compression event, collapsing timelines, expanding attack surfaces, and forcing a rewrite of how organizations think about security operations, software development, risk, and ultimately, business survival.
|
By Valter Santos
Residential proxy services, also called RESIP, present a persistent operational hurdle for tracking and attributing malicious network activity, as they allow threat actors to mask their true origins behind seemingly benign, geographically diverse IP addresses. While often marketed for legitimate use cases, these networks are aggressively leveraged for fraud, credential abuse, and perimeter evasion.
|
By Gabi Reish
I’ve spent a lot of time recently thinking about what "innovation" actually means in an industry that moves as fast as cybersecurity. It’s a term that gets thrown around a lot, but as a product leader at Bitsight, I see it as something much deeper than just shipping new features. It's about a fundamental shift in how we help organizations stay resilient.
|
By Greg Keshian
A recent open letter from the UK government on AI-driven cyber threats highlights a clear shift in the threat landscape. Cyberattacks are no longer constrained in the same way by human expertise, as advanced AI models can now help identify vulnerabilities, generate exploit code, and increase the speed and scale of attacks.
|
By Emma Stevens
A critical vulnerability CVE-2026-41940 has been identified in cPanel, WHM, and WP Squared, affecting cPanel & WHM versions after 11.40, as well as WP Squared. These web hosting control panels are commonly used to manage websites, email, databases, and server configurations, making unauthorized access a serious security concern.
|
By Bitsight
Frontier AI models like Mythos have intensified the urgency to rethink cybersecurity. But for third-party risk teams, the harder question remains: how do we prioritize the actions that actually drive business outcomes? As TPRM becomes more tightly tied to business impact, resilience, continuity, and revenue protection, leaders need a clearer view of the hard truths shaping their programs.
|
By Bitsight
As organizations shift to cloud services and third-party vendors, maintaining visibility and control over cyber risk has become increasingly complex. In this video, we explore one of the biggest challenges facing security leaders today: how to manage cyber risk without full visibility into your environment. Learn why visibility is critical to effective cybersecurity—and how the right data enables organizations to.
|
By Bitsight
The cyber risk landscape is evolving faster than ever—creating new challenges for organizations trying to maintain visibility and control. In this video, we explore why data is the foundation of effective cyber risk management. As risk becomes more dynamic and complex, organizations must be able to: Respond to threats as they emerge—not after the fact Without high-quality, actionable data, managing cyber risk simply isn’t possible.
|
By Bitsight
Vendor relationships don’t stay static—and neither does the risk they introduce. In this video, we break down a common misconception in third-party risk management: that vendor risk remains constant after onboarding. The reality? As vendors grow and their digital footprint expands, risk increases over time. Learn why organizations must move beyond point-in-time assessments and adopt a more modern approach to vendor risk management.
|
By Bitsight
Bitsight is the global leader in cyber risk intelligence, leveraging advanced AI to empower organizations with precise insights derived from the industry’s most extensive external cybersecurity dataset. With more than 3,500 customers and over 68,000 organizations active on its platform, Bitsight delivers real-time visibility into cyber risk and threat exposure, enabling teams to rapidly identify vulnerabilities, detect emerging threats, prioritize remediation, and mitigate risks across their extended attack surface.
|
By Bitsight
When it comes to cybersecurity, there’s no such thing as being too prepared. In this clip, Ryan Swimm, Senior Manager, GRC Program from Bitsight explains why "softball" security drills just don't cut it. To truly protect your organization, you need to practice for the worst-case scenario—your own "Armageddon" drill. Inside the Drill: Don't wait for a real crisis to find the gaps in your strategy. Practice for doomsday today!
|
By Bitsight
For many risk and compliance leaders, the reality of Third-Party Risk Management (TPRM) is a mountain of disorganized spreadsheets, overflowing inboxes, and endless PDFs. When an audit is seven days away or the Board asks for a risk posture update, documentation overload becomes a liability. In this video, we explore the transition from vendor chaos to risk clarity. The Challenge.
|
By Bitsight
Cyber risk is evolving fast—and 2026 will demand more from security leaders than ever before. In this forward-looking webinar, Bitsight Co-Founder Stephen Boyer and SVP Vanessa Jankowski break down the biggest cyber threats shaping the year ahead, from AI-driven attacks and expanding attack surfaces to third-party and cloud risk.
|
By Bitsight
When a critical vulnerability is exploited, the first 72 hours of a cyber incident can determine the outcome. In this scenario-driven webinar, Bitsight experts break down how security, GRC, and threat intelligence teams must work together—fast—to detect risk, prioritize action, and communicate clearly under pressure.
|
By Bitsight
Your organization’s attack surface doesn’t stop at the network—and in financial services, that reality can’t be ignored. In this clip, Dov Lerner explains why even companies with strong internal security programs remain vulnerable when attackers target customers through phishing and account takeover schemes.
|
By BitSight
Cybersecurity ROI isn't about cost savings. It's about how your cybersecurity program helps you achieve your goals while managing risk to a level that your executive team is comfortable with. So if you shouldn't measure success in cost savings, how do you measure it? BitSight is providing five steps that help CISOs and executive teams evaluate their company's cybersecurity performance.
|
By BitSight
Are you overwhelmed by the intricacies of your attack surface? Concerned about the rising risk of vulnerabilities in your and your partners' digital ecosystems? New BitSight research finds that the average vulnerability remediation rate across organizations is about 5 percent per month, sparking concern that the status quo of exposure and vulnerability management is broken. Moreover, organizations face significant challenges in managing vulnerabilities in their extended, third-party ecosystem, and most security leaders do not have the tools to address these emerging threats.
|
By BitSight
Traditional vendor risk management programs are not effective at mitigating risk in ever-expanding third-party networks, and yet 69% of businesses still rely on manual processes. It's time to take your program to the next level. How can you centralize, automate, and streamline your process to manage hundreds of vendors as effectively as you manage ten? Scalable VRM continuously detects, monitors, and mitigates risk, going beyond due diligence and initial assessments to constantly reassess and proactively act on vendor risk.
|
By BitSight
Stop reacting to cyber risk as it comes. BitSight for Security Performance Management empowers security leaders to strengthen cyber resilience over time with objective, meaningful, and evidence-based metrics. Gain insights, drive decisions, and build confidence with our suite of advanced analytics.
- May 2026 (10)
- April 2026 (9)
- March 2026 (12)
- February 2026 (13)
- January 2026 (12)
- December 2025 (15)
- November 2025 (10)
- October 2025 (15)
- September 2025 (12)
- August 2025 (8)
- July 2025 (10)
- June 2025 (7)
- May 2025 (5)
- April 2025 (6)
- March 2025 (6)
- February 2025 (8)
- January 2025 (16)
- December 2024 (10)
- November 2024 (4)
- October 2024 (10)
- September 2024 (8)
- August 2024 (7)
- July 2024 (11)
- June 2024 (8)
- May 2024 (14)
- April 2024 (11)
- March 2024 (6)
- February 2024 (7)
- January 2024 (26)
- December 2023 (4)
- November 2023 (7)
- October 2023 (10)
- September 2023 (11)
- August 2023 (16)
- July 2023 (15)
- June 2023 (13)
- May 2023 (17)
- April 2023 (19)
- March 2023 (7)
- December 2022 (2)
- August 2022 (2)
- July 2022 (8)
Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Global enterprises, governments, and organizations rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss. When unrelenting market pressure pushes organizations to uncertainty and caution, they turn to Bitsight to confidently navigate cyber risk and grow with confidence.
Bitsight's universally recognized risk standard and market-leading data provides actionable insights into how companies set and manage to standards and report results to internal and external stakeholders. Built on over a decade of technological innovation, Bitsight's integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.
Bitsight is on a mission to free the global economy from the material impact of cyber incidents.