Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Lumma Stealer is Out... of business!

Since mid-2024, Bitsight has been collaborating with Microsoft’s Digital Crimes Unit and other partners to dismantle the operational capabilities of Lumma Stealer (LummaC2) — currently the most widely distributed information stealer. Early this week, a coordinated action was carried out to disrupt its operations and take down the supporting malware infrastructure.

The First Domino: How Credential Theft Leads to Bigger Breaches

In 2024, we collected 2.9 billion unique sets of compromised credentials—a jump from the 2.2 billion collected in 2023. While this rise can be explained by advancement in Bitsight’s credential collection capabilities, we assess that the precise number of credentials shared on the underground has also risen, fueled by increased data breaches and the spike in stealer logs.

State of the Underground 2025: Key Trends Shaping Cyber Risk Today

We know that everyone loves a feel-good, optimistic story, and when we set out to write our annual State of the Underground report — an analysis of nearly 2 billion intelligence items that we collected in 2024, including posts from underground forums and markets, Telegram messages, and news articles — we hoped to find the cyber equivalent of a cup of hot chocolate.

5 Ways Cyber Threat Intelligence Boosts Cyber Risk Prioritization

As cyber risk leaders are called to balance the responsibility of managing risk in the face of both broader attack surfaces and increased regulatory and budgetary scrutiny, prioritization of work is everything. Cybersecurity resources are finite, while the vulnerabilities and threats just keep growing. The best way for modern security programs to keep up is by directing resources to the risks that matter most to their specific organizations.

Sensitive Data: Examples & How to Protect It

As a security professional navigating the new challenges constantly cropping up in cybersecurity, it’s critical to understand the ways your organization’s data could be exposed. Safeguarding sensitive information is paramount for organizations across all industries. Whether it's personal data of customers and employees or proprietary business information, the consequences of data breaches can be severe, ranging from financial losses to reputational damage.

Milestone Progress: Accelerated Rating Rescans

Bitsight customers and their third-party partners are well on their way to gaining faster clarity on how their remediation efforts impact their Bitsight Security Ratings. In an effort to support organizations that use Bitsight to prioritize internal security work, we started a phased rollout of Dynamic Remediation, a new initiative that accelerates the rating refresh process and makes it more responsive to meaningful security remediations.

How Research Supports the 2025 Bitsight Rating Algorithm Update

In keeping with Bitsight's ongoing commitment to making its ratings more meaningful and more representative of an ever-changing Cybersecurity landscape, the Ratings Algorithm Update for 2025 is scheduled to go into preview on April 8, 2025. The highlight of RAU 2025 is the incorporation of the Web Application Security(WAS) risk vector into the Bitsight Security Ratings1, and the associated deprecation/removal of Web Application Headers(WAH) risk vector.

Identifying Compromised Credentials with Identity Intelligence

Every day, stolen credentials are bought, sold, and exploited on the dark web, fueling account takeovers, data breaches, and financial fraud. Organizations must act fast to stop these threats before they escalate. Yet, traditional security tools struggle to detect compromised credentials before it’s too late. According to Bitsight’s upcoming State of the Underground 2025 report, leaked credentials surged by 24% and logs listed on underground markets rose by 13.2% in 2024 alone.

The European Supply Chain Battlefield: Cybersecurity, National Defense, and the NIS2 Directive

In an increasingly interconnected digital world, supply chain security has become a critical concern for European organizations, policymakers, and national defense agencies alike. With adversaries exploiting software dependencies, contractors, and managed service providers (MSPs), the cybersecurity risks embedded within supply chains have never been more significant.

Bringing Data Privacy and Cyber Insurance Together with Bitsight

The cyber insurance industry continues to face challenges related to traditional cyber security risks, and more recently, data privacy risks. In many cases, traditional cyber insurance policies may cover legal fees or costs related to a data privacy infringement. Organizations not only get hit with class action lawsuits following incidents like breach of PII/PHI, but are seeing demand letters from law firms who are looking to protect their clients from any possible disclosure of their sensitive data.