Looking to streamline your TPRM? Join our Product Deep Dive Webinar with live Q&A!
Register Now
Resources
BlogEventsBreachesResourcesNews

Cybersecurity & Risk Management Blog

Resources to help you keep up to date
with industry insights, best practices and more.
Categories
Attack Surface Management
Company news
Compliance and Regulations
Cybersecurity
Data breaches
Devops
Risks and Vulnerabilities
Third-Party Risk Management
Vendor Risk Management
Typosquatting Explained with Real-World Examples
Abi Tyas Tunggal
Abi Tyas Tunggal
December 1, 2025

Most recent posts

Risks and Vulnerabilities

Understanding and Mitigating CVE-2025-55182 (React2Shell)

CVE-2025-55182 is a critical unauthenticated RCE in React Server Components (CVSS 10.0). Check if your Next.js or React 19 app is vulnerable and patch now.
Edward Kost
Edward Kost
December 4, 2025
Attack Surface Management

Attack Surface Monitoring Guide for Security Teams

Learn how to implement attack surface monitoring to reduce external risk, discover exposed assets in real time, and strengthen your cybersecurity posture.
Revashni Moodley
Revashni Moodley
December 3, 2025
Human Cyber Risk

Solving Human Risk: Automate Governance and Prioritize Action

Visibility is not enough. Discover how User Risk empowers automated governance and drives immediate action by prioritizing human risk data.
Shane Moosa
Shane Moosa
December 1, 2025
Human Cyber Risk

Solving Human Risk: Close the Visibility Gap

Don't fly blind. In this blog, we expose the full scope of human risk visibility challenges and explore how User Risk provides the tools to address them.
Shane Moosa
Shane Moosa
November 21, 2025

Attack Surface Management

Attack-Surface-Management

Attack Surface Monitoring Guide for Security Teams

Learn how to implement attack surface monitoring to reduce external risk, discover exposed assets in real time, and strengthen your cybersecurity posture.
Revashni Moodley
Revashni Moodley
December 3, 2025
Attack-Surface-Management

Attack Surface Discovery: A Quick Overview

Explore how attack surface discovery works, what tools help identify hidden risks, and how security teams can secure complex environments in real time.
Revashni Moodley
Revashni Moodley
December 3, 2025
Attack-Surface-Management

Lookalike Domain Attacks Explained

Learn about lookalike domain attacks, why they’re on the rise, and how to prevent them using automated monitoring and layered cybersecurity defenses.
Revashni Moodley
Revashni Moodley
November 18, 2025
Attack-Surface-Management

Breach Risk Threat Monitoring: A Path to Clarity in Cyber Noise

Cut through the noise of constant security alerts to proactively identify and mitigate urgent breach risks before they escalate with threat monitoring.
Shane Moosa
Shane Moosa
September 3, 2025
All attack surface management posts

Company news

Company news

UpGuard Q3 2025 Summit Recap: What Did You Miss?

A recap of all the major announcements and product updates at UpGuard Summit, Q3 2025.
Edward Kost
Edward Kost
September 8, 2025
Company news

Cast a Wider Net: UpGuard Now Scans 5x More Sources

Introducing UpGuard’s enhanced news and incident coverage. 500% better coverage to keep you ahead of the latest security threats.
UpGuard Team
UpGuard Team
January 16, 2025
Company news

UpGuard Expands Vendor Risk Questionnaire Library with New DORA Questionnaire

Achieve compliance with DORA, UpGuard’s latest addition to its industry-leading Questionnaire Library.
Kyle Chin
Kyle Chin
November 18, 2024
Company news

G2 Names UpGuard #1 TPRM Software - Summer 2024

UpGuard has once again been recognized as a Leader in Third-Party and Supplier Risk Management Software by G2. Read on to discover more insights.
Kaushik Sen
Kaushik Sen
November 18, 2024
All company news posts

Compliance & Regulations

Compliance & Regulations

NIST compliance in 2025: A complete implementation guide

NIST compliance ensures alignment with leading cybersecurity frameworks. Explore how the NIST standards can safeguard sensitive data and manage third-party
Edward Kost
Edward Kost
December 2, 2025
Compliance & Regulations

Introducing UpGuard’s DPDP Act Security Questionnaire

Discover the latest addition to UpGuard's industry-leading Questionnaire Library and learn how to achieve comprehensive DPDP compliance.
Nicholas Sollitto
Nicholas Sollitto
November 18, 2024
Compliance & Regulations

APRA CPS 230: Definition, Summary & Compliance Guide

Learn about the new requirements of CPS 230 and how to achieve compliance before it comes into effect on 1 July 2025.
Leah Sadoian
Leah Sadoian
December 2, 2025
Compliance & Regulations

From NIS to NIS2: What Your Organization Needs to Know

Understanding the transition from NIS to NIS2 is crucial for protecting your organization. Explore the key changes and compliance steps in this blog.
Leah Sadoian
Leah Sadoian
July 3, 2025
All compliance and regulations posts

Cybersecurity

Cybersecurity

Trust Exchange Paid: Scaling Security Communication

Trust Exchange Paid automates due diligence, featuring AI autofills, custom pages, watermarked PDFs, and upcoming multiple trust pages. Learn more here.
Revashni Moodley
Revashni Moodley
November 19, 2025
Cybersecurity

Risk Automations: The Shift From Catch-Up to Command

Connect intelligence to system execution with Risk Automations, your new resolution layer for risk. Reduce remediation from hours to seconds - read more.
Revashni Moodley
Revashni Moodley
December 1, 2025
Cybersecurity

A CISO's Guide to Defending Against Social Media Impersonation

This guide provides a strategic framework for understanding and mitigating the explosive growth of social media-based brand impersonation attacks.
Peter Brittliff
Peter Brittliff
November 5, 2025
Cybersecurity

Why Infostealer Malware Demands a New Defense Strategy

This guide explains why simply resetting a password is a dangerously flawed response and outlines a new, identity-centric defense framework.
Peter Brittliff
Peter Brittliff
October 26, 2025
All cybersecurity posts

Data Breaches

Data Breaches

Salesforce Extortion Accelerates With New Leak Site

The hacker collective Scattered Lapsus$ Hunters has launched a new leak site threatening to release data stolen from Salesforce instances.
Greg Pollock
Greg Pollock
October 30, 2025
Data Breaches

The Mother of All Breaches: A Corporate Credential Security Wake-Up Call

The largest breach in the history of the internet exposed 16 billion logins. Key lessons and how to ensure the security of your corporate credentials.
Edward Kost
Edward Kost
December 1, 2025
Data Breaches

Asana Discloses Data Exposure Bug in MCP Server

Asana identified a bug in its Model Context Protocol (MCP) server that may have exposed data to MCP users in other Asana accounts.
Greg Pollock
Greg Pollock
August 11, 2025
Data Breaches

Threat Monitoring for Superannuation Security

Attackers breached superannuation customer accounts with stolen credentials. We look at one way to detect compromised accounts sooner.
Greg Pollock
Greg Pollock
October 23, 2025
All data breaches posts

DevOps

Dev Ops

Boost Your Cybersecurity with DevSecOps

Explore how DevSecOps can significantly enhance your organization's cybersecurity posture by integrating security into your development process.
Leah Sadoian
Leah Sadoian
July 3, 2025
Dev Ops

Release Testing Basics

Learn how to start testing your software before releasing it to the public, an essential part of the Software Development Lifecycle (SDLC).
UpGuard Team
UpGuard Team
November 18, 2024
Dev Ops

SCOM vs Splunk

How does Microsoft's data center monitoring solution compare to Splunk's leading platform for IT operational intelligence? Read more to find out.
Abi Tyas Tunggal
Abi Tyas Tunggal
November 18, 2024
Dev Ops

Agent vs Agentless Monitoring: Why We Chose Agentless

Agentless data collection involves collecting data without installing any new agents. Learn why we didn't choose agent monitoring.
UpGuard Team
UpGuard Team
November 18, 2024
All DevOps posts

Risks and Vulnerabilities

Risks & Vulnerabilities

Understanding and Mitigating CVE-2025-55182 (React2Shell)

CVE-2025-55182 is a critical unauthenticated RCE in React Server Components (CVSS 10.0). Check if your Next.js or React 19 app is vulnerable and patch now.
Edward Kost
Edward Kost
December 4, 2025
Risks & Vulnerabilities

Downstream Data: Investigating AI Data Leaks in Flowise

A thousand Flowise instances are exposed to the internet, many of them leaking confidential business data, passwords, and more.
Greg Pollock
Greg Pollock
December 1, 2025
Risks & Vulnerabilities

Beware the Sandworm: The Shai-Hulud Attack Explained

Learn about the Shai-Hulud worm, a self-replicating malware targeting the NPM ecosystem that steals developer credentials and exposes them.
Edward Kost
Edward Kost
September 19, 2025
Risks & Vulnerabilities

CVE-2016-10033: Detection and Response Guide for 2025

CVE-2016-10045 is still rearing its ugly head in 2025. Learn how to detect and shut down this risk.
Edward Kost
Edward Kost
July 8, 2025
Risks & Vulnerabilities

Third-Party Risk Management

Third-party Risk Management

6 Ways to Make Your Risk Assessments Land With Stakeholders

A misunderstood report may as well be blank. Here are 6 ways to communicate findings so they land with any stakeholder, from InfoSec to the C-suite.
Shane Moosa
Shane Moosa
October 3, 2025
Third-party Risk Management

TPCRM Framework: Building Digital Trust for Modern Enterprises

TPCRM fosters digital trust in modern ecosystems. Learn how to manage vendor risks, secure data, and ensure compliance in one framework.
Edward Kost
Edward Kost
June 13, 2025
Third-party Risk Management

47% of Breaches Involve Vendors: Is Your TPRM Ready?

Traditional TPRM is struggling as vendor breaches hit 47%. Uncover insights from the 2025 Ponemon Report to learn how you can future-proof your TPRM.
Edward Kost
Edward Kost
May 27, 2025
Third-party Risk Management

The Risk of Third-Party AI Trained on User Data

Analyzing privacy policies can tell us which companies are using AI and training their models with your data.
Greg Pollock
Greg Pollock
April 16, 2025
All third-party risk management posts

Vendor Risk Management

Vendor Risk Management

Supply Chain Cybersecurity Strategies for Modern Business

Strengthen your supply chain cybersecurity with actionable steps and best practices for reducing risks across all vendor networks. Read more here.
Revashni Moodley
Revashni Moodley
November 18, 2025
Vendor Risk Management

Why Risk Assessments Fail Stakeholders: Bridging the Gap

Learn how to prevent your risk assessment reports from stalling in stakeholder review by translating technical findings into actionable language.
Shane Moosa
Shane Moosa
October 28, 2025
Vendor Risk Management

The Do's & Don'ts of Writing Audit-Proof Risk Assessments

Are your third-party risk assessments built to pass audit examination? This practical guide reveals the do's and don'ts to ensure you pass with confidence.
Shane Moosa
Shane Moosa
November 28, 2025
Vendor Risk Management

Vendor Security Review: Key Components And Implementation

Vendor security review is critical for safeguarding data. Discover key components and actionable steps to evaluate vendors effectively.
Edward Kost
Edward Kost
December 1, 2025
All vendor risk management posts
Deliver icon

Sign up for our newsletter

UpGuard's monthly newsletter cuts through the noise and brings you what matters most: our breaking research, in-depth analysis of emerging threats, and actionable strategic insights.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating