The Future of Cyber Risk Is Unified | UpGuard Summit | Nov 18 & 20
Register now
Looking to streamline your TPRM? Join our Product Deep Dive Webinar with live Q&A!
Register Now
Release notes

Expanded risk detection with new risk types

Mark Barber
Mark Barber
released Oct 22, 2025
Release notes imageExpanded risk detection with new risk types

We have expanded our risk detection capabilities to include 62 new risk types, providing a more comprehensive assessment of external attack surfaces for you and your vendors. Our scanning engine now identifies a wide range of new services, which we've grouped into the following categories to help prioritize remediation efforts:

  • Remote Access & Management: We now detect critical interfaces for routers, VPNs, servers (HP iLO), and container platforms (Portainer). If exposed, these services provide a direct path for attackers into your network or vendors’, bypassing other security controls.
  • Databases & Data Stores: Our scans now identify exposed instances of ClickHouse, InfluxDB, and Firebird RDBMS, among others. Unsecured databases are a primary target for data theft and ransomware attacks.
  • Exposed IoT & Media Devices: We've expanded our detection to include a growing blind spot for security teams: exposed IP cameras, network video recorders, and smart home/office systems. These devices are often initial access vectors for breaches if not properly segmented and secured.
  • DevOps & Cloud-Native Tools: We can now identify misconfigured Kubernetes, Grafana, and Apache Airflow instances. When exposed, these tools can leak sensitive credentials, monitoring data, and even provide control over critical infrastructure.
  • Legacy & Insecure Protocols: Our scanning now flags outdated and unencrypted services, such as Rlogin, Remsh, and TFTP. These protocols are easy targets for attackers to intercept credentials and sensitive information.

To help users proactively address these items before they impact scores, for the first 4 weeks, these new risks will be flagged as "provisional." Users will be able to view them in their accounts, but they will not impact security scores during this period. This 4-week grace period is designed to provide teams with a clear window to review, prioritize, and remediate the newly identified risks. In the week of November 19th, they will become active and will be factored into scores like all other security risks.

Other improvements

  • Trust Exchange users can share their security rating instantly using an embedded badge. This badge links directly to their Trust Page, giving customers easy, immediate access to security and compliance information.
  • Our risk detection capabilities have been expanded to include CVE-2025-61882, a critical (CVSS 9.8) vulnerability in specific versions of Oracle E-Business Suite, recently added to the CISA Known Exploited Vulnerabilities (KEV) catalog.
  • We have added a new risk for insecure HTTPS-to-HTTP redirects to help users more accurately identify websites that downgrade secure connections, potentially exposing data to interception or tampering during transmission.
  • We have updated the questionnaire builder to allow 'File Upload' questions to be set as mandatory, helping ensure that vendors provide required documentation before they can submit a questionnaire.
  • This release includes a number of bug fixes.

  • Check icon
  • Check icon
  • Check icon
  • Check icon
  • Check icon
Book a free demo
View all release notes

UpGuard Release Notes

Learn about new features, changes, and improvements to UpGuard.
Workflow enhancement – streamlined threat triage
UpGuard logo
Workflow enhancement – streamlined threat triage
Abstract image background

Workflow enhancement – streamlined threat triage

Workflow enhancement – streamlined threat triage
Mark Barber
November 6, 2025
New detections for Cisco products
UpGuard logo
New detections for Cisco products
Abstract image background

New detections for Cisco products

New detections for Cisco products
Mark Barber
October 8, 2025
Assess your posture with your own Security Profile, then publish it to your Trust Page
UpGuard logo
Assess your posture with your own Security Profile, then publish it to your Trust Page
Abstract image background

Assess your posture with your own Security Profile, then publish it to your Trust Page

Assess your posture with your own Security Profile, then publish it to your Trust Page
Mark Barber
September 24, 2025
Easily manage threats at scale with new bulk actions
UpGuard logo
Easily manage threats at scale with new bulk actions
Abstract image background

Easily manage threats at scale with new bulk actions

Easily manage threats at scale with new bulk actions
Mark Barber
September 10, 2025
Important Update: Detect Salesloft Drift across your fourth-party ecosystem and Detected Products
UpGuard logo
Important Update: Detect Salesloft Drift across your fourth-party ecosystem and Detected Products
Abstract image background

Important Update: Detect Salesloft Drift across your fourth-party ecosystem and Detected Products

Important Update: Detect Salesloft Drift across your fourth-party ecosystem and Detected Products
Mark Barber
September 6, 2025
Now released in limited Early Access: User Risk
UpGuard logo
Now released in limited Early Access: User Risk
Abstract image background

Now released in limited Early Access: User Risk

Now released in limited Early Access: User Risk
Mark Barber
August 27, 2025
View all release notes
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.
Contact sales
Free demo
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating