What Keeps CISOs Up at Night: Cybersecurity Risks in 2026
“ From AI-driven threats to identity-based attacks, CISOs are facing increasing pressure to manage risk while enabling business growth.“
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
How Third-Party Development Partners Become Your Biggest Security Liability
Third-party development partners offer real advantages: faster delivery, specialised expertise, and lower costs than building an in-house team. They also expand your attack surface in ways most organisations never fully account for. When an external team builds or modifies your systems, they bring with them their own tools, practices, access levels, and vulnerabilities. The question is not whether that creates risk. It is whether your organisation is managing it deliberately or leaving it to chance.
Penetration Testing as a Tool That Reveals the Real State of Cybersecurity
Most security measures are built on the assumption that if something is configured correctly, it is secure. But there is a big difference between "configured" and "able to withstand an attack" - a gap that cannot be seen without practical testing. Penetration testing is not just another item on a compliance checklist; it is a way to get an honest and realistic answer to the question that truly matters to a business: can an attacker reach what is most important to us?
Navigating the Post-Mythos Landscape with Bitsight
The rise of AI-driven vulnerability discovery using Anthropic's Claude Mythos, as well as similar tools from Google and OpenAI, is completely changing the calculus of cyber risk. The number of vulnerabilities is exploding. The time it takes for exploits to appear is shrinking. The patching cadences and scan intervals, assessments and risk registers that many organizations still rely on are rapidly becoming ineffective.
Why we can't have nice things! ...Or can we?
On 7th April 2026, Anthropic published a system card for an AI model we may never be allowed to use: Claude Mythos. This preview demonstrated a significant leap in capability over Anthropic’s previous Claude Model (Opus 4.6), and their Responsible Scaling Policy (RSP) v3.1 led to them making the decision to withhold it from general availability, serving as a "defensive only" asset.
Analyzing the RondoDox Botnet: A DDoS and Mining Threat
A few weeks ago we published the first part of this series where we described the infrastructure used by the RondoDox threat actors to scan and exploit vulnerable systems. In this second post we’ll take a deep dive into the malware that is deployed into vulnerable systems. Specifically, we’ll look at the initial implant used to fetch the RondoDox binary and the binary itself, detailing its behaviour, how it communicates with the Command and Control (C2), and its malicious capabilities.
The Transformation of Third-Party Risk Management from SecurityScorecard
Ready for the future of Third-Party Risk Management (TPRM)? The supply chain is a growing target, but you can fight back. That world is here with the transformative, threat-informed SecurityScorecard TITAN AI Platform. Imagine a world where you go beyond checking compliance boxes by actively mitigating and eliminating risk with continuous, AI-accelerated, and predictive TPRM that allows you to gain visibility and prioritize threats more effectively. Learn more about the TITAN transformation.
5 Themes From a Candid Discussion
The Eskenzi IT Security Analyst & CISO Forum wasn’t a typical security event. This forum was a gathering of CISOs, analysts, and security leaders speaking candidly under Chatham House Rule about what’s actually breaking, what’s working, and where things are heading. Here are 5 key themes that came through loud and clear. None of them were surprising. But together, they paint a pretty stark picture of where security and AI are right now.
How to Verify Someone's Online Identity Before You Trust Them
Here's the thing nobody likes admitting: most identity fraud doesn't begin with some sophisticated hack. It begins because somebody trusted the wrong person.
How to Build a Security Compliance Audit Process that Works All Year Round
Security compliance audits can feel intimidating, especially if your team has never been through one before. For many organizations, an audit feels like a high-pressure project with a hard deadline, a long list of evidence requests, and a lot of manual work spread across security, IT, legal, and compliance teams. For vendors and companies in highly regulated industries, audits and risk assessments may already be a routine part of doing business.