Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.
Your supply chain is bigger—and riskier—than you think. The Bitsight TRACE team uncovers the "Critical 99" and hidden vulnerabilities. Read the findings now.
Bitsight TRACE analyzes the March 10, 2025 DDoS attack on X, linking it to IoT botnets and misconfigurations. Dark Storm claims responsibility, but was it them?
This article provides details on how Bitsight TRACE addressed CVE-2024-23897, an arbitrary file read vulnerability that affects Jenkins.
Join Ben Edwards, as he takes a brief look back at one of the stories that was most interesting to him as a security data nerd from 2024.
CVE-2024-4577 is a critical vulnerability in Windows-based PHP installations, affecting CGI configurations, that allow remote code execution.
What impact has the ban had on US and global usage of Kaspersky? Has it been effective? A new analysis from Bitsight contains some surprising results.
The TRACE team investigated BADBOX, which is a large-scale cybercriminal operation selling off-brand Android TV boxes, smartphones, and other Android electronics with preinstalled malware.
After a year long investigation, Bitsight TRACE follows up on Socks5Systemz research.
Brandon Smith discusses some of the challenges an Automation Engineer face, Bitsight's partnership with Schneider Electric, and what manufacturers in general are doing to tackle ICS security.
Key risk indicators (KRIs) can help monitor and control cyber risk. But what KRIs should you focus on?
Bitsight’s visibility over infostealer malware which exfiltrates over Telegram suggests that the most infected countries are the USA, Turkey, and Russia, followed by India and Germany.
Recent investigation by Bitsight TRACE has discovered multiple critical 0-day vulnerabilities across six ATG systems from five different vendors.
I’ve had a number of requests to examine the finance sector in more detail including breakdowns of exactly what kind of financial organizations are experiencing greater risk and who is remediating more quickly. Here's some answers.
Want to know about Yet Another Vulnerability Scoring System (YASS)? Ben Edwards breaks down Stakeholder Specific Vulnerability Categorization and how to make it work.
An in-depth look into Web Application Security, and Bitsight's approach to related security metrics.