Resources
BlogEventsBreachesResourcesNews

Cybersecurity & Risk Management Blog

Resources to help you keep up to date
with industry insights, best practices and more.
Categories
Attack Surface Management
Company news
Compliance and Regulations
Cybersecurity
Data breaches
Devops
Risks and Vulnerabilities
Third-Party Risk Management
Vendor Risk Management
Six MCP Security Incidents Every Security Leader Should Know
Shane Moosa
Shane Moosa
May 14, 2026

Most recent posts

Attack Surface Management

Six MCP Security Incidents Every Security Leader Should Know

From registry poisoning to filesystem wipes: discover the 6 MCP security incidents every leader must know to secure their AI agent workflows in 2026.
Shane Moosa
Shane Moosa
May 14, 2026
Vendor Risk Management
Human Cyber Risk

Shadow IT: Tiering the Unseen to Manage Vendor Risk

Invisible apps become riskier with time. Use real-time user signals to categorize every vendor in your ecosystem based on its true risk profile.
Revashni Moodley
Revashni Moodley
May 8, 2026
Attack Surface Management

AI GitHub Agents: How One Issue Leaked Private Repos

Uncover how indirect prompt injection and tool poisoning allow attackers to exfiltrate private data via AI agents—all without stealing a single credential.
Shane Moosa
Shane Moosa
May 13, 2026
Attack Surface Management

1 in 15 MCP Servers are Lookalikes: Is Your Org at Risk?

For every official MCP server, up to 15 lookalikes exist. Learn to identify these registry-layer threats and discover methods to protect your organization.
Shane Moosa
Shane Moosa
May 12, 2026

Attack Surface Management

Attack-Surface-Management

Six MCP Security Incidents Every Security Leader Should Know

From registry poisoning to filesystem wipes: discover the 6 MCP security incidents every leader must know to secure their AI agent workflows in 2026.
Shane Moosa
Shane Moosa
May 14, 2026
Attack-Surface-Management

AI GitHub Agents: How One Issue Leaked Private Repos

Uncover how indirect prompt injection and tool poisoning allow attackers to exfiltrate private data via AI agents—all without stealing a single credential.
Shane Moosa
Shane Moosa
May 13, 2026
Attack-Surface-Management

1 in 15 MCP Servers are Lookalikes: Is Your Org at Risk?

For every official MCP server, up to 15 lookalikes exist. Learn to identify these registry-layer threats and discover methods to protect your organization.
Shane Moosa
Shane Moosa
May 12, 2026
Attack-Surface-Management

MCP: The AI Protocol Quietly Expanding Your Attack Surface

As AI tools adopt MCP, security teams face a new shadow IT crisis. Learn what MCP is, why these servers carry risk, and how to begin gaining visibility.
Shane Moosa
Shane Moosa
May 12, 2026
All attack surface management posts

Company news

Company news

UpGuard Q3 2025 Summit Recap: What Did You Miss?

A recap of all the major announcements and product updates at UpGuard Summit, Q3 2025.
Edward Kost
Edward Kost
September 8, 2025
Company news

Cast a Wider Net: UpGuard Now Scans 5x More Sources

Introducing UpGuard’s enhanced news and incident coverage. 500% better coverage to keep you ahead of the latest security threats.
UpGuard Team
UpGuard Team
January 16, 2025
Company news

UpGuard Expands Vendor Risk Questionnaire Library with New DORA Questionnaire

Achieve compliance with DORA, UpGuard’s latest addition to its industry-leading Questionnaire Library.
Kyle Chin
Kyle Chin
November 19, 2024
Company news

G2 Names UpGuard #1 TPRM Software - Summer 2024

UpGuard has once again been recognized as a Leader in Third-Party and Supplier Risk Management Software by G2. Read on to discover more insights.
Kaushik Sen
Kaushik Sen
November 19, 2024
All company news posts

Compliance & Regulations

Compliance & Regulations

NIST compliance in 2026: A complete implementation guide

NIST compliance ensures alignment with leading cybersecurity frameworks. Explore how the NIST standards can safeguard sensitive data and manage third-party
Edward Kost
Edward Kost
January 5, 2026
Compliance & Regulations

Introducing UpGuard’s DPDP Act Security Questionnaire

Discover the latest addition to UpGuard's industry-leading Questionnaire Library and learn how to achieve comprehensive DPDP compliance.
Nicholas Sollitto
Nicholas Sollitto
November 19, 2024
Compliance & Regulations

APRA CPS 230: Definition, Summary & Compliance Guide

Learn about the new requirements of CPS 230 and how to achieve compliance before it comes into effect on 1 July 2025.
Leah Sadoian
Leah Sadoian
December 2, 2025
Compliance & Regulations

From NIS to NIS2: What Your Organization Needs to Know

Understanding the transition from NIS to NIS2 is crucial for protecting your organization. Explore the key changes and compliance steps in this blog.
Leah Sadoian
Leah Sadoian
July 4, 2025
All compliance and regulations posts

Cybersecurity

Cybersecurity

Productivity at a Price: The Rising Cost of AI Convenience

AI tools offer efficiency, but at a cost. UpGuard reveals how PII leaks and new supply chain vulnerabilities are hidden in widely used AI workflows.
Shane Moosa
Shane Moosa
January 28, 2026
Cybersecurity

Cybersecurity Predictions for 2026: Human Risk, AI Data Leaks, and the Next Big Breach

Get one step ahead of the next big shock. Four security predictions for 2026—likely, uncomfortable, and easy to miss.
Greg Pollock
Greg Pollock
December 18, 2025
Cybersecurity

Top 10 Security Events of 2025

Recap the ten most impactful events that reshaped the cybersecurity industry this year and the critical lessons each had to teach us. Read more here.
Revashni Moodley
Revashni Moodley
January 7, 2026
Cybersecurity

Trust Exchange Paid: Scaling Security Communication

Trust Exchange Paid automates due diligence, featuring AI autofills, custom pages, watermarked PDFs, and upcoming multiple trust pages. Learn more here.
Revashni Moodley
Revashni Moodley
November 19, 2025
All cybersecurity posts

Data Breaches

Data Breaches

Salesforce Extortion Accelerates With New Leak Site

The hacker collective Scattered Lapsus$ Hunters has launched a new leak site threatening to release data stolen from Salesforce instances.
Greg Pollock
Greg Pollock
October 30, 2025
Data Breaches

The Mother of All Breaches: A Corporate Credential Security Wake-Up Call

The largest breach in the history of the internet exposed 16 billion logins. Key lessons and how to ensure the security of your corporate credentials.
Edward Kost
Edward Kost
December 1, 2025
Data Breaches

Asana Discloses Data Exposure Bug in MCP Server

Asana identified a bug in its Model Context Protocol (MCP) server that may have exposed data to MCP users in other Asana accounts.
Greg Pollock
Greg Pollock
August 12, 2025
Data Breaches

Threat Monitoring for Superannuation Security

Attackers breached superannuation customer accounts with stolen credentials. We look at one way to detect compromised accounts sooner.
Greg Pollock
Greg Pollock
October 23, 2025
All data breaches posts

DevOps

Dev Ops

Boost Your Cybersecurity with DevSecOps

Explore how DevSecOps can significantly enhance your organization's cybersecurity posture by integrating security into your development process.
Leah Sadoian
Leah Sadoian
July 4, 2025
Dev Ops

Release Testing Basics

Learn how to start testing your software before releasing it to the public, an essential part of the Software Development Lifecycle (SDLC).
UpGuard Team
UpGuard Team
November 19, 2024
Dev Ops

SCOM vs Splunk

How does Microsoft's data center monitoring solution compare to Splunk's leading platform for IT operational intelligence? Read more to find out.
Abi Tyas Tunggal
Abi Tyas Tunggal
November 19, 2024
Dev Ops

Agent vs Agentless Monitoring: Why We Chose Agentless

Agentless data collection involves collecting data without installing any new agents. Learn why we didn't choose agent monitoring.
UpGuard Team
UpGuard Team
November 19, 2024
All DevOps posts

Risks and Vulnerabilities

Risks & Vulnerabilities

Understanding and Mitigating CVE-2025-55182 (React2Shell)

CVE-2025-55182 is a critical unauthenticated RCE in React Server Components (CVSS 10.0). Check if your Next.js or React 19 app is vulnerable and patch now.
Edward Kost
Edward Kost
December 14, 2025
Risks & Vulnerabilities

Downstream Data: Investigating AI Data Leaks in Flowise

A thousand Flowise instances are exposed to the internet, many of them leaking confidential business data, passwords, and more.
Greg Pollock
Greg Pollock
December 1, 2025
Risks & Vulnerabilities

Beware the Sandworm: The Shai-Hulud Attack Explained

Learn about the Shai-Hulud worm, a self-replicating malware targeting the NPM ecosystem that steals developer credentials and exposes them.
Edward Kost
Edward Kost
September 21, 2025
Risks & Vulnerabilities

CVE-2016-10033: Detection and Response Guide for 2025

CVE-2016-10045 is still rearing its ugly head in 2025. Learn how to detect and shut down this risk.
Edward Kost
Edward Kost
July 10, 2025
Risks & Vulnerabilities

Third-Party Risk Management

Third-party Risk Management

Cyber TPRM vs Compliance TPRM: Which is right for you?

Cyber TPRM and compliance TPRM answer different questions and serve different buyers. Learn how to tell them apart and decide which is best for you.
Edward Kost
Edward Kost
April 16, 2026
Third-party Risk Management

6 Ways to Make Your Risk Assessments Land With Stakeholders

A misunderstood report may as well be blank. Here are 6 ways to communicate findings so they land with any stakeholder, from InfoSec to the C-suite.
Shane Moosa
Shane Moosa
October 3, 2025
Third-party Risk Management

TPCRM Framework: Building Digital Trust for Modern Enterprises

TPCRM fosters digital trust in modern ecosystems. Learn how to manage vendor risks, secure data, and ensure compliance in one framework.
Edward Kost
Edward Kost
June 15, 2025
Third-party Risk Management

47% of Breaches Involve Vendors: Is Your TPRM Ready?

Traditional TPRM is struggling as vendor breaches hit 47%. Uncover insights from the 2025 Ponemon Report to learn how you can future-proof your TPRM.
Edward Kost
Edward Kost
May 27, 2025
All third-party risk management posts

Vendor Risk Management

Vendor Risk Management

Shadow IT: Tiering the Unseen to Manage Vendor Risk

Invisible apps become riskier with time. Use real-time user signals to categorize every vendor in your ecosystem based on its true risk profile.
Revashni Moodley
Revashni Moodley
May 8, 2026
Vendor Risk Management

The Vendor Tiering Series: Tiering that Scales

An effective TPRM program begins with a logical framework. Learn how to tier vendors using weighted risk scoring to maintain a defensible program.
Revashni Moodley
Revashni Moodley
March 15, 2026
Vendor Risk Management

The Vendor Tiering Series: Mapping Tiers to Inherent Risk

Subjective labels do not categorize vendor risk. Learn how to build a defensible tiering architecture using objective criteria and a scalable model.
Revashni Moodley
Revashni Moodley
March 8, 2026
Vendor Risk Management

The Vendor Tiering Series: Why Tier Your Vendors

When every vendor is a priority, none actually are. Learn how effective vendor tiering defines criticality and maintains a defensible security posture.
Revashni Moodley
Revashni Moodley
February 25, 2026
All vendor risk management posts
Deliver icon

Sign up for our newsletter

UpGuard's monthly newsletter cuts through the noise and brings you what matters most: our breaking research, in-depth analysis of emerging threats, and actionable strategic insights.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating