Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The healthcare sector remains one of the most targeted industries for cyber attacks due to its critical role in national infrastructure and its extensive repositories of sensitive data containing personally identifiable information (PII). It’s widely assumed that threat actors target healthcare and related organizations because they are perceived as more likely to pay a ransom to restore critical systems and protect patient safety in the event of an attack.

The work of a cybersecurity professional never ends, and it’s never easy. Whether they’re responding to incidents in the SOC or briefing the board on supply chain vulnerabilities, security leaders and practitioners live under constant pressure. And while the reality of burnout may not be new, it’s still a growing threat. One that endangers not only the well-being of security professionals but also the resilience of the organizations they protect.

Today’s security teams face disconnected tools and scattered data, which makes managing cyber risk increasingly complex. With the rapid rise in ransomware, new CVEs, and a constant stream of emerging threats, it has become difficult to monitor not only an organization’s own security posture but also the security of its third- and fourth-party vendors.

In December 2024, we announced Dynamic Remediation, an initiative that accelerates the feedback of customers' remediation efforts. The goal was simple but ambitious: reduce the time between a remediation and seeing that improvement reflected in Bitsight Security Ratings. This initiative was built in response to direct customer input. You asked for faster validation of your remediation, more transparency, and credit when vulnerable assets were remediated or taken offline.

This post will describe a long-running spam campaign from a Brazilian group known for using the Lampion stealer. We’ll detail the latest updates on the infection chain and its components, share previously undescribed indicators, and cover key takeaways, including.

According to Bitsight TRACE’s 2025 State of the Underground report, the most exposed devices tied to critical vulnerabilities were found in the United States, and the most affected sectors included Information (telecom, IT) and Professional, Scientific, and Technical Services (including security and software vendors).

In its 2025 State of the Underground report, Bitsight TRACE found that ransomware activity continued to escalate in 2024, with a 25% increase in unique victims listed on leak sites and a 53% increase in the number of ransomware group-operated leak sites. The report also observed a 43% increase in data breaches shared on underground forums, with nearly one in five victims based in the United States. These findings highlight a continued upward trend in cyberattack activity.

Security teams today face a widening visibility gap: while exposures appear daily, traditional scanning cycles take weeks to reflect them.

On October 15, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive ED 26-01, ordering federal agencies to mitigate a significant security breach involving F5 BIG-IP products. F5 disclosed that nation-state threat actors maintained long-term unauthorized access to internal systems, exfiltrating: This breach represents a major risk to organizations running F5 devices, especially those with exposed management interfaces or unpatched systems.

Helping customers understand rating changes has always been a core commitment at Bitsight. A rating shift can spark questions from executives, board members, or regulators, and security leaders must be ready to answer with clarity and confidence. That’s why we’ve introduced new updates to the Bitsight platform designed to make our cyber risk intelligence solutions more actionable.