%term

The UK Government's Open Letter on AI Cyber Threats Underscores the Need for Measurable Security

May 5, 2026 By Greg Keshian In BitSight

A recent open letter from the UK government on AI-driven cyber threats highlights a clear shift in the threat landscape. Cyberattacks are no longer constrained in the same way by human expertise, as advanced AI models can now help identify vulnerabilities, generate exploit code, and increase the speed and scale of attacks.

Read Post

BitSight

Read more about The UK Government's Open Letter on AI Cyber Threats Underscores the Need for Measurable Security

6 Best Practices for Application Risk Assessments

May 5, 2026 By Natalie Tischler In Veracode

For years, the annual penetration test or quarterly security scan served as the cornerstone of application risk assessments and application risk management. Teams would run the assessment, triage the findings, hand the report to developers, and wait for the next cycle. It felt like progress. It wasn’t.

Read Post

Veracode

Read more about 6 Best Practices for Application Risk Assessments

The Beginning of a New Norm

May 1, 2026 By CultureAI Team In CultureAI

The recent breach at Vercel has drawn a lot of attention, not because the initial entry point was unusual, but because of what the incident quietly demonstrates about how modern workflows shape the impact of a compromise. This did not begin with a phishing email or an exposed service. It began with an AI tool.

Read Post

CultureAI

Read more about The Beginning of a New Norm

How to Map AI Risk to Existing Compliance Frameworks

May 1, 2026 By Mend In Mend

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

View Video

Mend

Read more about How to Map AI Risk to Existing Compliance Frameworks

Is your TPRM program an engine or an anchor?

Apr 30, 2026 By UpGuard In UpGuard

In 2026, a slow assessment is a security risk. Every day spent in manual handoffs is a day of exposure for your organization. Join us at UpGuard Summit to see how our new Risk Automations engine transforms TPRM from a static checklist into an autonomous system. We will show you how to automate everything from vendor follow-ups to instant Jira routing for IT and Legal.

View Video

UpGuard

Read more about Is your TPRM program an engine or an anchor?

Why friction is a security risk, with Dustin Heywood

Apr 30, 2026 By Dave Lewis In 1Password

Listen to this episode on Apple Podcasts.

Read Post

1Password

Read more about Why friction is a security risk, with Dustin Heywood

Critical Vulnerability Alert: CVE-2026-41940 in cPanel, WHM, and WP Squared

Apr 30, 2026 By Emma Stevens In BitSight

A critical vulnerability CVE-2026-41940 has been identified in cPanel, WHM, and WP Squared, affecting cPanel & WHM versions after 11.40, as well as WP Squared. These web hosting control panels are commonly used to manage websites, email, databases, and server configurations, making unauthorized access a serious security concern.

Read Post

BitSight

Read more about Critical Vulnerability Alert: CVE-2026-41940 in cPanel, WHM, and WP Squared

How to Protect Your Enterprise from High-Stakes Business Litigation

Apr 30, 2026 By SecuritySenses In SecuritySenses

High-stakes litigation can drain a company's resources and focus. Protecting an enterprise requires a proactive approach to risk. Leaders must look ahead to spot potential legal traps before they cause damage. Safeguarding a brand is about building a wall against future threats. It allows for steady growth without constant fear of lawsuits. Small steps taken today prevent massive headaches tomorrow.

Read Post

SecuritySenses

Read more about How to Protect Your Enterprise from High-Stakes Business Litigation

1 in 15 MCP Servers are Lookalikes: Is Your Org at Risk?

Apr 29, 2026 By Shane Moosa In UpGuard

Researchers recently analyzed 18,000 Claude Code configuration files pulled from public GitHub repositories. What they found was straightforward and alarming: developers are already installing mistyped, misconfigured, and near-identical MCP server names — often without realizing it. The human-error condition that makes typosquatting work was already present at scale before any attacker needed to exploit it.

Read Post

UpGuard

Read more about 1 in 15 MCP Servers are Lookalikes: Is Your Org at Risk?

The Shadow Supply Chain: A Pivot To Usage-Based Discovery

Apr 29, 2026 By Shane Moosa In UpGuard

We’ve established the new forensic reality: a massive 72.9% inventory gap exists between the vendors you monitor and those invisible to your security. We have seen the shortcomings of SSO and its inability to holistically monitor all the vendor applications your users engage with, along with a Shadow AI explosion that is compounding both issues. The era of procurement-only discovery is over. To secure the modern cyber workforce, we must pivot from "buying-based" to usage-based discovery.

Read Post