Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security governance was never meant to be this manual. Yet for most security and third-party risk teams, governance work still means reviewing documents line by line, mapping controls by hand, interpreting evidence subjectively, and repeating the same processes across internal teams, subsidiaries, and vendors. These activities are critical, but they’re also slow, inconsistent, and difficult to scale. At Bitsight, we believe cybersecurity governance should move at the speed of risk.

In mid-January 2026, one of the most ironic cybersecurity incidents in recent memory occurred: eScan antivirus software from MicroWorld Technologies began delivering malware to its own users. Attackers gained unauthorized access to a regional update server and quietly replaced a legitimate update component with a malicious version. For roughly two hours on January 20, 2026, systems that attempted to fetch updates received a trojanized Reload.exe instead of a security patch.

Synthetic identity fraud used to be a specialty fraud job. Bad actors created synthetic identities by modifying personal information, combining multiple real identities, or combining real and fake information. But building up identities convincing enough to pass muster took time, research, and effort. As a result, you typically saw synthetic identity fraud when bad actors targeted organizations that could pay off in a significant way.

Once upon a time, the managed VPN (mVPN) was the hero of remote work. Employees worked from the office, servers lived in cupboards, and if you could gain access to the network, you were trusted. Fast forward to today, and that hero has not aged well. Hybrid work is permanent. Cloud apps rule. Attackers are smarter, faster, and annoyingly persistent. SMB IT teams are expected to hold it all together with limited time, limited budget, and zero tolerance for downtime.

Account takeover (ATO) fraud is a critical threat to digital businesses. Despite heavy investment in MFA and login anomaly detection, many attacks succeed because they bypass traditional safeguards entirely. Modern ATO doesn’t start at the login screen. It begins upstream with pre-login exposure and real-time credential relay, allowing attackers to hijack sessions before traditional defenses even engage.

AT&T, through a partnership with LevelBlue, has been positioned in the Leaders Category in the IDC MarketScape: Worldwide Managed SASE Services 2025 Vendor Assessment (doc October 2025). The IDC MarketScape noted, “AT&T offers managed SASE services globally through a strategic partnership with LevelBlue — AT&T's spun-off cybersecurity arm, now a joint venture with WillJam Ventures.

Securonix Threat Research has been tracking a stealthy malware campaign that uses an uncommon chain of VHD abuse, script-based execution, self-parsing batch logic, fileless PowerShell injections and ultimately dropping RAT. The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memory shellcode injection into trusted Windows processes, never dropping a decrypted binary to disk.

Passwords are still used almost everywhere. People reuse and share their passwords without knowing the risks. Attackers take advantage of these situations. Phishing emails and malware are enough to steal a password, and this is how many security incidents start. The problem can be reduced using passwordless authentication. When passwords are removed from the login process, attackers would find it difficult to attack that device or account.

BlueVoyant's Digital Risk Protection (DRP) team and Threat Fusion Cell (TFC) identified and analyzed a credential harvesting phishing campaign targeting a global array of financial institutions, with a pronounced focus on U.S.-based banks and credit unions.