The Future of Cyber Risk Is Unified | UpGuard Summit | Nov 18 & 20
Register now
Looking to streamline your TPRM? Join our Product Deep Dive Webinar with live Q&A!
Register Now
Resources
BlogEventsBreachesResourcesNews

Cybersecurity & Risk Management Blog

Resources to help you keep up to date
with industry insights, best practices and more.
Categories
Attack Surface Management
Company news
Compliance and Regulations
Cybersecurity
Data breaches
Devops
Risks and Vulnerabilities
Third-Party Risk Management
Vendor Risk Management
Top Cybersecurity Metrics and KPIs for 2025
Abi Tyas Tunggal
Abi Tyas Tunggal
October 13, 2025

Most recent posts

Cybersecurity

A CISO's Guide to Defending Against Social Media Impersonation

This guide provides a strategic framework for understanding and mitigating the explosive growth of social media-based brand impersonation attacks.
Peter Brittliff
Peter Brittliff
November 5, 2025
Vendor Risk Management

Why Risk Assessments Fail Stakeholders: Bridging the Gap

Learn how to prevent your risk assessment reports from stalling in stakeholder review by translating technical findings into actionable language.
Shane Moosa
Shane Moosa
October 28, 2025
Vendor Risk Management

The Do's & Don'ts of Writing Audit-Proof Risk Assessments

Are your third-party risk assessments built to pass audit examination? This practical guide reveals the do's and don'ts to ensure you pass with confidence.
Shane Moosa
Shane Moosa
October 28, 2025
Cybersecurity

Why Infostealer Malware Demands a New Defense Strategy

This guide explains why simply resetting a password is a dangerously flawed response and outlines a new, identity-centric defense framework.
Peter Brittliff
Peter Brittliff
October 26, 2025

Attack Surface Management

Attack-Surface-Management

Breach Risk Threat Monitoring: A Path to Clarity in Cyber Noise

Cut through the noise of constant security alerts to proactively identify and mitigate urgent breach risks before they escalate with threat monitoring.
Shane Moosa
Shane Moosa
September 3, 2025
Attack-Surface-Management

What is Shadow SaaS? Causes, Risks, and Management Tips

Discover what shadow SaaS is, the risks it poses, and how to detect, manage, and integrate it into your third-party risk management strategy.
Leah Sadoian
Leah Sadoian
July 30, 2025
Attack-Surface-Management

Open Chroma Databases: A New Attack Surface for AI Apps

One third of exposed instances discovered by UpGuard Research are lacking authentication. Learn how they can put your AI stack at risk.
Greg Pollock
Greg Pollock
June 11, 2025
Attack-Surface-Management

Digital Brand Protection in the Age of Impersonation

Fight brand impersonation and online fraud. Learn key strategies to protect your digital presence & reputation in today's cyber threat landscape.
Leah Sadoian
Leah Sadoian
July 10, 2025
All attack surface management posts

Company news

Company news

UpGuard Q3 2025 Summit Recap: What Did You Miss?

A recap of all the major announcements and product updates at UpGuard Summit, Q3 2025.
Edward Kost
Edward Kost
September 8, 2025
Company news

Cast a Wider Net: UpGuard Now Scans 5x More Sources

Introducing UpGuard’s enhanced news and incident coverage. 500% better coverage to keep you ahead of the latest security threats.
UpGuard Team
UpGuard Team
January 16, 2025
Company news

UpGuard Expands Vendor Risk Questionnaire Library with New DORA Questionnaire

Achieve compliance with DORA, UpGuard’s latest addition to its industry-leading Questionnaire Library.
Kyle Chin
Kyle Chin
November 18, 2024
Company news

G2 Names UpGuard #1 TPRM Software - Summer 2024

UpGuard has once again been recognized as a Leader in Third-Party and Supplier Risk Management Software by G2. Read on to discover more insights.
Kaushik Sen
Kaushik Sen
November 18, 2024
All company news posts

Compliance & Regulations

Compliance & Regulations

NIST compliance in 2025: A complete implementation guide

NIST compliance ensures alignment with leading cybersecurity frameworks. Explore how the NIST standards can safeguard sensitive data and manage third-party
Edward Kost
Edward Kost
October 22, 2025
Compliance & Regulations

Introducing UpGuard’s DPDP Act Security Questionnaire

Discover the latest addition to UpGuard's industry-leading Questionnaire Library and learn how to achieve comprehensive DPDP compliance.
Nicholas Sollitto
Nicholas Sollitto
November 18, 2024
Compliance & Regulations

APRA CPS 230: Definition, Summary & Compliance Guide

Learn about the new requirements of CPS 230 and how to achieve compliance before it comes into effect on 1 July 2025.
Leah Sadoian
Leah Sadoian
June 26, 2025
Compliance & Regulations

From NIS to NIS2: What Your Organization Needs to Know

Understanding the transition from NIS to NIS2 is crucial for protecting your organization. Explore the key changes and compliance steps in this blog.
Leah Sadoian
Leah Sadoian
July 3, 2025
All compliance and regulations posts

Cybersecurity

Cybersecurity

A CISO's Guide to Defending Against Social Media Impersonation

This guide provides a strategic framework for understanding and mitigating the explosive growth of social media-based brand impersonation attacks.
Peter Brittliff
Peter Brittliff
November 5, 2025
Cybersecurity

Why Infostealer Malware Demands a New Defense Strategy

This guide explains why simply resetting a password is a dangerously flawed response and outlines a new, identity-centric defense framework.
Peter Brittliff
Peter Brittliff
October 26, 2025
Cybersecurity

Grounded: The ARINC vMUSE Attack Disrupting Multiple Airports

A ransomware attack on a single vendor grounded flights across Europe. We take a look at the critical failures that made it possible.
Edward Kost
Edward Kost
September 24, 2025
Cybersecurity

Shai-Hulud's True Lesson for CISOs: A Crisis of Communication

Shai-Hulud was driven by a communication crisis between security and engineering. Get a CISO's perspective on how to finally bridge this gap.
Phil Ross
Phil Ross
September 19, 2025
All cybersecurity posts

Data Breaches

Data Breaches

Salesforce Extortion Accelerates With New Leak Site

The hacker collective Scattered Lapsus$ Hunters has launched a new leak site threatening to release data stolen from Salesforce instances.
Greg Pollock
Greg Pollock
October 30, 2025
Data Breaches

The Mother of All Breaches: A Corporate Credential Security Wake-Up Call

The largest breach in the history of the internet exposed 16 billion logins. Key lessons and how to ensure the security of your corporate credentials.
Edward Kost
Edward Kost
June 25, 2025
Data Breaches

Asana Discloses Data Exposure Bug in MCP Server

Asana identified a bug in its Model Context Protocol (MCP) server that may have exposed data to MCP users in other Asana accounts.
Greg Pollock
Greg Pollock
August 11, 2025
Data Breaches

Threat Monitoring for Superannuation Security

Attackers breached superannuation customer accounts with stolen credentials. We look at one way to detect compromised accounts sooner.
Greg Pollock
Greg Pollock
October 23, 2025
All data breaches posts

DevOps

Dev Ops

Boost Your Cybersecurity with DevSecOps

Explore how DevSecOps can significantly enhance your organization's cybersecurity posture by integrating security into your development process.
Leah Sadoian
Leah Sadoian
July 3, 2025
Dev Ops

Release Testing Basics

Learn how to start testing your software before releasing it to the public, an essential part of the Software Development Lifecycle (SDLC).
UpGuard Team
UpGuard Team
November 18, 2024
Dev Ops

SCOM vs Splunk

How does Microsoft's data center monitoring solution compare to Splunk's leading platform for IT operational intelligence? Read more to find out.
Abi Tyas Tunggal
Abi Tyas Tunggal
November 18, 2024
Dev Ops

Agent vs Agentless Monitoring: Why We Chose Agentless

Agentless data collection involves collecting data without installing any new agents. Learn why we didn't choose agent monitoring.
UpGuard Team
UpGuard Team
November 18, 2024
All DevOps posts

Risks and Vulnerabilities

Risks & Vulnerabilities

Downstream Data: Investigating AI Data Leaks in Flowise

A thousand Flowise instances are exposed to the internet, many of them leaking confidential business data, passwords, and more.
Greg Pollock
Greg Pollock
October 23, 2025
Risks & Vulnerabilities

Beware the Sandworm: The Shai-Hulud Attack Explained

Learn about the Shai-Hulud worm, a self-replicating malware targeting the NPM ecosystem that steals developer credentials and exposes them.
Edward Kost
Edward Kost
September 19, 2025
Risks & Vulnerabilities

CVE-2016-10033: Detection and Response Guide for 2025

CVE-2016-10045 is still rearing its ugly head in 2025. Learn how to detect and shut down this risk.
Edward Kost
Edward Kost
July 8, 2025
Risks & Vulnerabilities

Data Leakage and Other Risks of Insecure LlamaIndex Apps

UpGuard Research surveyed accessible LlamaIndex chatbots to understand the real-world risks–including one instance leaking PII.
Greg Pollock
Greg Pollock
June 12, 2025
Risks & Vulnerabilities

Third-Party Risk Management

Third-party Risk Management

6 Ways to Make Your Risk Assessments Land With Stakeholders

A misunderstood report may as well be blank. Here are 6 ways to communicate findings so they land with any stakeholder, from InfoSec to the C-suite.
Shane Moosa
Shane Moosa
October 3, 2025
Third-party Risk Management

TPCRM Framework: Building Digital Trust for Modern Enterprises

TPCRM fosters digital trust in modern ecosystems. Learn how to manage vendor risks, secure data, and ensure compliance in one framework.
Edward Kost
Edward Kost
June 13, 2025
Third-party Risk Management

47% of Breaches Involve Vendors: Is Your TPRM Ready?

Traditional TPRM is struggling as vendor breaches hit 47%. Uncover insights from the 2025 Ponemon Report to learn how you can future-proof your TPRM.
Edward Kost
Edward Kost
May 27, 2025
Third-party Risk Management

The Risk of Third-Party AI Trained on User Data

Analyzing privacy policies can tell us which companies are using AI and training their models with your data.
Greg Pollock
Greg Pollock
April 16, 2025
All third-party risk management posts

Vendor Risk Management

Vendor Risk Management

Why Risk Assessments Fail Stakeholders: Bridging the Gap

Learn how to prevent your risk assessment reports from stalling in stakeholder review by translating technical findings into actionable language.
Shane Moosa
Shane Moosa
October 28, 2025
Vendor Risk Management

The Do's & Don'ts of Writing Audit-Proof Risk Assessments

Are your third-party risk assessments built to pass audit examination? This practical guide reveals the do's and don'ts to ensure you pass with confidence.
Shane Moosa
Shane Moosa
October 28, 2025
Vendor Risk Management

Vendor Security Review: Key Components And Implementation

Vendor security review is critical for safeguarding data. Discover key components and actionable steps to evaluate vendors effectively.
Edward Kost
Edward Kost
June 13, 2025
Vendor Risk Management

Third Party Security: Building Your Vendor Risk Program in 2025

Discover how third party security safeguards your vendor relationships and ensures compliance. Build a proactive risk program now.
Edward Kost
Edward Kost
June 13, 2025
All vendor risk management posts
Deliver icon

Sign up for our newsletter

UpGuard's monthly newsletter cuts through the noise and brings you what matters most: our breaking research, in-depth analysis of emerging threats, and actionable strategic insights.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating