Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

bitsight

Major Security Event: Fortinet VPN Credentials and Configuration Data Exposed for 73,000 Devices

Jun 18, 2026 By Ebin Sandler In BitSight
A large-scale credential compromise campaign known as FortiBleed has exposed verified administrator credentials for more than 73,000 internet-facing Fortinet FortiGate firewalls. As of mid-June 2026, the dataset is reportedly circulating within criminal underground communities. Researchers estimate that approximately 50% of all internet-reachable FortiGate devices may be affected across 194 countries, making this one of the most significant Fortinet security incidents to date.
Read Post
upguard

What Is an RFP Response? A Guide for Security and GRC Teams

Jun 18, 2026 By Edward Kost In UpGuard
A request for proposal (RFP) response is a vendor's formal reply to a procurement document where a prospective buyer outlines all the information they need to make a final purchasing decision. It acts as a detailed pitch, typically covering pricing, solution architecture, references, and implementation timelines. For security and governance, risk, and compliance (GRC) teams, the section that consistently creates the most friction is the security and compliance questionnaire embedded inside an RFP.
Read Post
nucleus

Understanding and Navigating the Requirements of CISA BOD 26-04

Jun 18, 2026 By Tally Netzer In Nucleus
CISA Binding Operational Directive 26-04: Prioritizing Security Updates Based on Risk requires Federal Civilian Executive Branch (FCEB) agencies to prioritize security updates based on operational risk, not just severity. It builds on earlier Cybersecurity and Infrastructure Security Agency (CISA) directives by combining exposure, exploitation, impact, and prioritization logic into a more actionable remediation model.
Read Post

Weekly Brief: Driftnet Edition | Why SOC and TPRM Teams Need the Same Intelligence

Jun 18, 2026 By SecurityScorecard In SecurityScorecard
In this week's Weekly Brief: The Driftnet Edition, Brandon Torio explores why the most mature security organizations are breaking down the walls between Security Operations Center (SOC) and Third-Party Risk Management (TPRM) teams. Historically, these teams have approached risk from different angles. TPRM teams focus on vendor oversight, compliance, and risk workflows. SOC teams focus on attack surfaces, vulnerabilities, threat activity, and internet-facing exposures.
View Video
bitsight

Global Third-Party Cyber Risk Regulatory Trends to Know: US and Europe

Jun 17, 2026 By Jake Olcott In BitSight
The landscape of third-party cyber risk is undergoing a profound transformation, driven by an escalating threat environment, an expanding attack surface, AI, and a tidal wave of new global regulations. As organizations grapple with complex digital supply chains, regulators across the US and EMEA are stepping up oversight, making 2026 a pivotal year for compliance and risk management. This analysis explores the essential threat intelligence and regulatory shifts that demand immediate attention.
Read Post
vanta

Building a risk taxonomy: A guide to classifying risks

Jun 15, 2026 By Vanta In Vanta
Accelerating security solutions for small businesses‍ Tagore offers strategic services to small businesses. A partnership that can scale‍ Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate. Standing out from competitors‍ Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.
Read Post
Arctic Wolf

Turning Asset Visibility Into Risk Reduction

Jun 15, 2026 By Arctic Wolf In Arctic Wolf
Most vulnerability programs rely on scanning known assets and ranking findings based on static severity scores. That model breaks down quickly in modern environments. Asset lists are constantly changing, devices move between networks, workloads shift into cloud platforms, and unmanaged systems appear outside traditional inventory controls. When asset visibility is incomplete, vulnerability data is incomplete as well. The result is predictable. Prioritization becomes inconsistent.
Read Post
Best GRC Healthcare Compliance Software for Hospitals and Clinics

Best GRC Healthcare Compliance Software for Hospitals and Clinics

Jun 15, 2026 By SecuritySenses In SecuritySenses
Most healthcare compliance teams aren't failing because they lack effort. They're failing because they're managing HIPAA, HITECH, and CMS obligations across spreadsheets, shared drives, and siloed departments that don't communicate. The best GRC healthcare compliance software solves that problem entirely. After reviewing platforms for feature depth, audit-readiness support, vendor risk tracking, and real-world reviews, the options in this guide represent what actually holds up under the pressure of a real compliance program. Here's what to expect.
Read Post
The Importance of Structured Client Planning for Long-Term Business Growth

The Importance of Structured Client Planning for Long-Term Business Growth

Jun 15, 2026 By SecuritySenses In SecuritySenses
Every successful business understands that growth is not simply about attracting new customers. While customer acquisition often receives significant attention, long-term success is frequently determined by how effectively organizations manage and develop relationships with existing clients. Businesses that consistently grow year after year rarely rely on luck. Instead, they invest time in understanding customer needs, aligning objectives, identifying opportunities, and building strong partnerships that create lasting value.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.