Once upon a time, the managed VPN (mVPN) was the hero of remote work. Employees worked from the office, servers lived in cupboards, and if you could gain access to the network, you were trusted. Fast forward to today, and that hero has not aged well. Hybrid work is permanent. Cloud apps rule. Attackers are smarter, faster, and annoyingly persistent. SMB IT teams are expected to hold it all together with limited time, limited budget, and zero tolerance for downtime.

Synthetic identity fraud used to be a specialty fraud job. Bad actors created synthetic identities by modifying personal information, combining multiple real identities, or combining real and fake information. But building up identities convincing enough to pass muster took time, research, and effort. As a result, you typically saw synthetic identity fraud when bad actors targeted organizations that could pay off in a significant way.

OpenClaw, an open-source AI agent previously known as Clawdbot and Moltbot, is a powerful personal assistant that can connect to LLMs, integrate with external APIs, and autonomously execute an array of tasks like sending email or controlling browsers. While OpenClaw carries the promise of AI-driven productivity, it also presents growing security concerns. OpenClaw is installed on local machines or dedicated servers.

In mid-January 2026, one of the most ironic cybersecurity incidents in recent memory occurred: eScan antivirus software from MicroWorld Technologies began delivering malware to its own users. Attackers gained unauthorized access to a regional update server and quietly replaced a legitimate update component with a malicious version. For roughly two hours on January 20, 2026, systems that attempted to fetch updates received a trojanized Reload.exe instead of a security patch.

Security governance was never meant to be this manual. Yet for most security and third-party risk teams, governance work still means reviewing documents line by line, mapping controls by hand, interpreting evidence subjectively, and repeating the same processes across internal teams, subsidiaries, and vendors. These activities are critical, but they’re also slow, inconsistent, and difficult to scale. At Bitsight, we believe cybersecurity governance should move at the speed of risk.

Traditional data loss prevention stops at detection. You get an alert. You know something happened. But you don't see the full picture. When a departing engineer downloads your entire codebase over the holiday break, you need more than a policy violation. You need to see what they were doing before that moment, where the data came from, and what happened after. You need context, timeline, and the ability to trace every action.

During independent security research conducted as part of the Wordfence Bug Bounty Program, we identified a broken access control vulnerability in the SupportCandy plugin for WordPress. SupportCandy is a helpdesk and customer support ticketing plugin that enables organisations to manage user-submitted support requests directly within their WordPress environment, including the ability to upload files and exchange attachments through ticket replies.