Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A supply chain compromise that impacted the Python package LiteLLM, with malicious versions 1.82.7 and 1.82.8 was published to PyPI on March 24, 2026. Bitsight Threat Intelligence, public reporting and vendor disclosures indicate the malicious releases included credential harvesting, Kubernetes-focused lateral movement, and persistence mechanisms, creating serious risk for cloud-native and AI-related environments that installed or ran the affected versions.

The fastest way to reduce risk at enterprise scale is to standardize on a vulnerability and exposure management platform that unifies asset visibility, prioritizes what matters, and automates workflow to remediate. In this article, we’ll break down the nine essential requirements security leaders should insist on when evaluating an enterprise vulnerability management system, whether it’s an existing tool in their tech stack or a potential new capability.

For channel partners, AI has quickly moved from a future conversation to a current customer problem. Clients are already using AI across their organisations, often faster than governance can keep up. What’s emerging is not just another technology trend, but a new class of risk that customers cannot fully see or control. Our latest research, based on insights from senior security leaders in highly regulated industries, highlights the scale of the issue.

Interest in cloud-native application protection platforms (CNAPPs) has exploded over the recent years, partly due to their ability to reduce alert noise by translating siloed misconfigurations into correlated, theoretical attack paths and exposures. While many organizations have adopted these solutions in pursuit of outcomes like zero critical issues, cloud breaches continue to rise.

‍At its root, cyber risk management is essentially a forward-looking discipline. The goal has never been solely to understand current exposure, but to determine which actions will reduce it most effectively, given the organization's priorities and constraints. Organizations today can assess control maturity and quantify financial exposure with increasing precision, giving security and GRC leaders a more comprehensive picture of their risk landscape than ever before.

Domains are foundational to digital trust. You visit your favorite online store or log in to your email without thinking twice about the web address in your browser. But what happens if that domain has been hijacked and you have just entered your personal information into an attacker’s trap?

Most organizations didn’t design their infrastructure to become hybrid. It happened gradually. A few workloads moved to the cloud first. Development teams adopted new services. Meanwhile, some systems stayed exactly where they were — inside internal data centers — because moving them wasn’t practical. Over time the environment expanded. Now many organizations run applications across cloud platforms, private infrastructure, and on-premise systems at the same time.

As businesses increasingly adopt hybrid cloud environments to gain flexibility and scalability, ensuring their security becomes a top priority. The hybrid cloud mixes resources from both public and private clouds, making operations more efficient than ever. But this connected design also poses significant risks, including data breaches, misconfigured systems, and unauthorized access. According to new studies, 82% of businesses had security incidents in their cloud environments in 2023.

There is a structural shift happening in enterprise environments that most security leaders recognise, but few have fully adapted to. AI is now embedded, decentralised, and operating across core workflows. At the same time, governance models are still largely built on assumptions that no longer hold: that tools are known, data flows are observable, and behaviour follows policy. The result is a widening gap between perceived control and operational reality.