Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

bitsight

The Top 5 Vulnerabilities Attackers Are Using Against Your Vendors (And What It Says About Third-Party Risk)

Jan 27, 2026 By Emma Stevens In BitSight
When threat actors target your vendors, they’re not just looking to exploit a system for a single attack. They’re looking for every opportunity to scale up their operations. This means seeking ways to push their compromises as far downstream into the supply chain as they can go.
Read Post

The CEO's Take: Bridging the Cybersecurity Divide To Address Cyber Risk

Jan 27, 2026 By SecurityScorecard In SecurityScorecard
“150 companies account for 90% of the technology products and services across the global attack surface. 41% of those companies had evidence of at least one compromised device in the past year.” With organizations as interconnected as they are, even organizations who “have” good cybersecurity are only as good as their weakest link.
View Video
kovrr

How Organizations Should Prioritize AI Security Risks

Jan 27, 2026 By Kovrr In Kovrr
‍ ‍Artificial intelligence (AI) systems and GenAI tools are no longer merely being experimented with in the market. Instead, they are being embedded into the organizational infrastructure at large, shaping how enterprises process data, automate decisions, and provide core services to customers. Unfortunately, while this integration increases efficiency, it simultaneously increases exposure to a dramatic extent.
Read Post
riscosity

The Strengths and Shortcomings of AI Control Tower

Jan 26, 2026 By Anirban Banerjee In Riscosity
This is why platforms like ServiceNow AI Control Tower are showing up in governance roadmaps. Control Tower helps organizations standardize how AI systems are requested, reviewed, cataloged, and managed across their lifecycle. It can bring order to chaos. But there’s a second, equally important reality: the strongest governance workflow in the world can’t govern what it can’t see.
Read Post
Safeguarding Transactions Outside Traditional Banking Channels

Safeguarding Transactions Outside Traditional Banking Channels

Jan 26, 2026 By SecuritySenses In SecuritySenses
Compliance teams often focus on banks, yet value can move through many routes that never touch a branch or a core banking platform. In safeguarding transactions outside traditional banking channels, the hardest part is defining the perimeter: nonbank payment providers, prepaid instruments, merchant networks, and informal value transfer systems that rely on trust, netting, or cash settlement.
Read Post

Cyber Resilience in 2026: Why Supply Chains Are the New Front Line

Jan 23, 2026 By SecurityScorecard In SecurityScorecard
"When cyber risk is treated as an internal problem, governments miss where most modern attacks actually begin: in their vendors, their service providers, digital dependencies that sit outside their direct control." SecurityScorecard's Head of Public Policy Michael Centrella shares his key takeaways and insights from the latest World Economic Forum’s Global Cybersecurity Outlook 2026 which states a simple, clear truth: cyber risk no longer lives inside the firewall.
View Video
The Hidden Security Risk of Enterprise Documents and Why AI Amplifies It

The Hidden Security Risk of Enterprise Documents and Why AI Amplifies It

Jan 23, 2026 By SecuritySenses In SecuritySenses
For years, enterprise security strategies have evolved around visible and measurable threats: network intrusions, endpoint compromise, identity misuse, and cloud misconfigurations. These domains are well understood, heavily monitored, and continuously audited. Yet one of the most critical security risk surfaces in modern enterprises remains largely under-governed: documents and unstructured data.
Read Post
bitsight

Inside the Rise of Clone Phishing and CAPTCHA-Based Social Engineering

Jan 22, 2026 By Emma Stevens In BitSight
In our previous two posts, The ABC’s of Ishing and From Lure to Breach, we broke down the foundational tactics used by cybercriminals to deceive users and gain unauthorized access. This follow-up report expands on that foundation by exploring three evolving phishing threats that go beyond traditional email lures: clone phishing, deepfake phishing, and Captcha phishing.
Read Post

Breaking Silos with SCDR: How SOCs & TPRM Teams Drive Integrated Cyber Strategies

Jan 22, 2026 By SecurityScorecard In SecurityScorecard
Too often, vendor risk management operates in a silo, focused on compliance checkboxes, while the SOC team is on the frontlines of threat intelligence and response. These two groups should be allies, but instead, they’re often working in isolation. That’s a problem because cyber risk isn’t just a compliance issue… it’s a threat issue. Join Steve Cobb for this talk on: SecurityScorecard monitors and scores over 12 million companies worldwide.
View Video
nucleus

Custom Risk Scoring Is the Missing Link Between Disconnected Findings and Real Exposure Management

Jan 20, 2026 By Rob Gibson In Nucleus
Most large organizations rely on multiple vulnerability and exposure scanning tools out of necessity. Infrastructure scanners, cloud security platforms, application security testing tools, container scanners, and attack surface management solutions all play a role. Each one is designed to answer a specific question. But when it comes to understanding the risk of the vulnerabilities and exposures they detect, each tool has its own approach to quantifying it.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.