Resources
BlogEventsBreachesResourcesNews

Cybersecurity & Risk Management Blog

Resources to help you keep up to date
with industry insights, best practices and more.
Categories
Attack Surface Management
Company news
Compliance and Regulations
Cybersecurity
Data breaches
Devops
Risks and Vulnerabilities
Third-Party Risk Management
Vendor Risk Management
Surviving a LockBit Ransomware Attack: The ROI of Visibility
Nicholas Sollitto
Nicholas Sollitto
June 1, 2026

Most recent posts

Cybersecurity

Surviving a LockBit Ransomware Attack: The ROI of Visibility

Read how veteran CISO Nick Gicinto saved his alma mater from a LockBit ransomware attack by discarding the standard playbook.
Nicholas Sollitto
Nicholas Sollitto
June 1, 2026
Risks and Vulnerabilities

25 Security Vulnerabilities That Have Defined the 2020s (Thus Far)

From Log4j to SolarWinds, discover the 25 critical security vulnerabilities that have reshaped cybersecurity thus far in the 2020s.
Nicholas Sollitto
Nicholas Sollitto
May 28, 2026
Attack Surface Management

Practical MCP Security: A Playbook for Mid-Market Teams

Move from zero to a defensible MCP security baseline in 90 days. Get a practical, phased playbook for lean teams to secure agentic AI infrastructure.
Shane Moosa
Shane Moosa
May 27, 2026
Attack Surface Management

Shadow MCP Servers: The AI Infrastructure You Can't See

In 2012, it was Dropbox. In 2026, it’s Shadow MCP. Discover why unvetted AI agents are an invisible threat and how to regain total visibility.
Shane Moosa
Shane Moosa
May 20, 2026

Attack Surface Management

Attack-Surface-Management

Practical MCP Security: A Playbook for Mid-Market Teams

Move from zero to a defensible MCP security baseline in 90 days. Get a practical, phased playbook for lean teams to secure agentic AI infrastructure.
Shane Moosa
Shane Moosa
May 27, 2026
Attack-Surface-Management

Shadow MCP Servers: The AI Infrastructure You Can't See

In 2012, it was Dropbox. In 2026, it’s Shadow MCP. Discover why unvetted AI agents are an invisible threat and how to regain total visibility.
Shane Moosa
Shane Moosa
May 20, 2026
Attack-Surface-Management

What is Financial Services Cybersecurity? Threats and Defenses

Understand the state of modern financial services cybersecurity to protect your assets, ensure compliance, and mitigate systemic risk.
Shane Moosa
Shane Moosa
May 18, 2026
Attack-Surface-Management

What is CVSS? A Complete Guide to Vulnerability Scoring

Master CVSS v4.0. Use EPSS and CISA KEV to prioritize vulnerabilities, reduce alert fatigue, and meet modern regulatory compliance.
Shane Moosa
Shane Moosa
May 18, 2026
All attack surface management posts

Company news

Company news

UpGuard Q3 2025 Summit Recap: What Did You Miss?

A recap of all the major announcements and product updates at UpGuard Summit, Q3 2025.
Edward Kost
Edward Kost
September 8, 2025
Company news

Cast a Wider Net: UpGuard Now Scans 5x More Sources

Introducing UpGuard’s enhanced news and incident coverage. 500% better coverage to keep you ahead of the latest security threats.
UpGuard Team
UpGuard Team
January 16, 2025
Company news

UpGuard Expands Vendor Risk Questionnaire Library with New DORA Questionnaire

Achieve compliance with DORA, UpGuard’s latest addition to its industry-leading Questionnaire Library.
Kyle Chin
Kyle Chin
November 19, 2024
Company news

G2 Names UpGuard #1 TPRM Software - Summer 2024

UpGuard has once again been recognized as a Leader in Third-Party and Supplier Risk Management Software by G2. Read on to discover more insights.
Kaushik Sen
Kaushik Sen
November 19, 2024
All company news posts

Compliance & Regulations

Compliance & Regulations

NIST compliance in 2026: A complete implementation guide

NIST compliance ensures alignment with leading cybersecurity frameworks. Explore how the NIST standards can safeguard sensitive data and manage third-party
Edward Kost
Edward Kost
January 5, 2026
Compliance & Regulations

Introducing UpGuard’s DPDP Act Security Questionnaire

Discover the latest addition to UpGuard's industry-leading Questionnaire Library and learn how to achieve comprehensive DPDP compliance.
Nicholas Sollitto
Nicholas Sollitto
November 19, 2024
Compliance & Regulations

APRA CPS 230: Definition, Summary & Compliance Guide

Learn about the new requirements of CPS 230 and how to achieve compliance before it comes into effect on 1 July 2025.
Leah Sadoian
Leah Sadoian
December 2, 2025
Compliance & Regulations

From NIS to NIS2: What Your Organization Needs to Know

Understanding the transition from NIS to NIS2 is crucial for protecting your organization. Explore the key changes and compliance steps in this blog.
Leah Sadoian
Leah Sadoian
July 4, 2025
All compliance and regulations posts

Cybersecurity

Cybersecurity

Surviving a LockBit Ransomware Attack: The ROI of Visibility

Read how veteran CISO Nick Gicinto saved his alma mater from a LockBit ransomware attack by discarding the standard playbook.
Nicholas Sollitto
Nicholas Sollitto
June 1, 2026
Cybersecurity

Productivity at a Price: The Rising Cost of AI Convenience

AI tools offer efficiency, but at a cost. UpGuard reveals how PII leaks and new supply chain vulnerabilities are hidden in widely used AI workflows.
Shane Moosa
Shane Moosa
January 28, 2026
Cybersecurity

Cybersecurity Predictions for 2026: Human Risk, AI Data Leaks, and the Next Big Breach

Get one step ahead of the next big shock. Four security predictions for 2026—likely, uncomfortable, and easy to miss.
Greg Pollock
Greg Pollock
December 18, 2025
Cybersecurity

Top 10 Security Events of 2025

Recap the ten most impactful events that reshaped the cybersecurity industry this year and the critical lessons each had to teach us. Read more here.
Revashni Moodley
Revashni Moodley
January 7, 2026
All cybersecurity posts

Data Breaches

Data Breaches

Salesforce Extortion Accelerates With New Leak Site

The hacker collective Scattered Lapsus$ Hunters has launched a new leak site threatening to release data stolen from Salesforce instances.
Greg Pollock
Greg Pollock
October 30, 2025
Data Breaches

The Mother of All Breaches: A Corporate Credential Security Wake-Up Call

The largest breach in the history of the internet exposed 16 billion logins. Key lessons and how to ensure the security of your corporate credentials.
Edward Kost
Edward Kost
December 1, 2025
Data Breaches

Asana Discloses Data Exposure Bug in MCP Server

Asana identified a bug in its Model Context Protocol (MCP) server that may have exposed data to MCP users in other Asana accounts.
Greg Pollock
Greg Pollock
August 12, 2025
Data Breaches

Threat Monitoring for Superannuation Security

Attackers breached superannuation customer accounts with stolen credentials. We look at one way to detect compromised accounts sooner.
Greg Pollock
Greg Pollock
October 23, 2025
All data breaches posts

DevOps

Dev Ops

Boost Your Cybersecurity with DevSecOps

Explore how DevSecOps can significantly enhance your organization's cybersecurity posture by integrating security into your development process.
Leah Sadoian
Leah Sadoian
July 4, 2025
Dev Ops

Release Testing Basics

Learn how to start testing your software before releasing it to the public, an essential part of the Software Development Lifecycle (SDLC).
UpGuard Team
UpGuard Team
November 19, 2024
Dev Ops

SCOM vs Splunk

How does Microsoft's data center monitoring solution compare to Splunk's leading platform for IT operational intelligence? Read more to find out.
Abi Tyas Tunggal
Abi Tyas Tunggal
November 19, 2024
Dev Ops

Agent vs Agentless Monitoring: Why We Chose Agentless

Agentless data collection involves collecting data without installing any new agents. Learn why we didn't choose agent monitoring.
UpGuard Team
UpGuard Team
November 19, 2024
All DevOps posts

Risks and Vulnerabilities

Risks & Vulnerabilities

25 Security Vulnerabilities That Have Defined the 2020s (Thus Far)

From Log4j to SolarWinds, discover the 25 critical security vulnerabilities that have reshaped cybersecurity thus far in the 2020s.
Nicholas Sollitto
Nicholas Sollitto
May 28, 2026
Risks & Vulnerabilities

Understanding and Mitigating CVE-2025-55182 (React2Shell)

CVE-2025-55182 is a critical unauthenticated RCE in React Server Components (CVSS 10.0). Check if your Next.js or React 19 app is vulnerable and patch now.
Edward Kost
Edward Kost
December 14, 2025
Risks & Vulnerabilities

Downstream Data: Investigating AI Data Leaks in Flowise

A thousand Flowise instances are exposed to the internet, many of them leaking confidential business data, passwords, and more.
Greg Pollock
Greg Pollock
December 1, 2025
Risks & Vulnerabilities

Beware the Sandworm: The Shai-Hulud Attack Explained

Learn about the Shai-Hulud worm, a self-replicating malware targeting the NPM ecosystem that steals developer credentials and exposes them.
Edward Kost
Edward Kost
September 21, 2025
Risks & Vulnerabilities

Third-Party Risk Management

Third-party Risk Management

Cyber TPRM vs Compliance TPRM: Which is right for you?

Cyber TPRM and compliance TPRM answer different questions and serve different buyers. Learn how to tell them apart and decide which is best for you.
Edward Kost
Edward Kost
April 16, 2026
Third-party Risk Management

6 Ways to Make Your Risk Assessments Land With Stakeholders

A misunderstood report may as well be blank. Here are 6 ways to communicate findings so they land with any stakeholder, from InfoSec to the C-suite.
Shane Moosa
Shane Moosa
October 3, 2025
Third-party Risk Management

TPCRM Framework: Building Digital Trust for Modern Enterprises

TPCRM fosters digital trust in modern ecosystems. Learn how to manage vendor risks, secure data, and ensure compliance in one framework.
Edward Kost
Edward Kost
June 15, 2025
Third-party Risk Management

47% of Breaches Involve Vendors: Is Your TPRM Ready?

Traditional TPRM is struggling as vendor breaches hit 47%. Uncover insights from the 2025 Ponemon Report to learn how you can future-proof your TPRM.
Edward Kost
Edward Kost
May 27, 2025
All third-party risk management posts

Vendor Risk Management

Vendor Risk Management

Shadow IT: Tiering the Unseen to Manage Vendor Risk

Invisible apps become riskier with time. Use real-time user signals to categorize every vendor in your ecosystem based on its true risk profile.
Revashni Moodley
Revashni Moodley
May 8, 2026
Vendor Risk Management

The Vendor Tiering Series: Tiering that Scales

An effective TPRM program begins with a logical framework. Learn how to tier vendors using weighted risk scoring to maintain a defensible program.
Revashni Moodley
Revashni Moodley
March 15, 2026
Vendor Risk Management

The Vendor Tiering Series: Mapping Tiers to Inherent Risk

Subjective labels do not categorize vendor risk. Learn how to build a defensible tiering architecture using objective criteria and a scalable model.
Revashni Moodley
Revashni Moodley
March 8, 2026
Vendor Risk Management

The Vendor Tiering Series: Why Tier Your Vendors

When every vendor is a priority, none actually are. Learn how effective vendor tiering defines criticality and maintains a defensible security posture.
Revashni Moodley
Revashni Moodley
February 25, 2026
All vendor risk management posts
Deliver icon

Sign up for our newsletter

UpGuard's monthly newsletter cuts through the noise and brings you what matters most: our breaking research, in-depth analysis of emerging threats, and actionable strategic insights.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating