Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.

Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.

When Spain and Portugal went dark from power outages, malware didn’t just pause. It told a story. And Bitsight caught it, live.

Bitsight joined forces with Microsoft and global partners to disrupt LummaC2 — the world’s most prolific infostealer. Over 1,000 domains and 90+ criminal channels were taken down to weaken its malware infrastructure.

Explore the 2025 State of the Underground report for an unfiltered look at cybercrime trends. Discover what 2B data points reveal about rising ransomware, breached data, and evolving underground markets—and how to stay ahead.

Your supply chain is bigger—and riskier—than you think. The Bitsight TRACE team uncovers the "Critical 99" and hidden vulnerabilities. Read the findings now.

Bitsight TRACE analyzes the March 10, 2025 DDoS attack on X, linking it to IoT botnets and misconfigurations. Dark Storm claims responsibility, but was it them?

This article provides details on how Bitsight TRACE addressed CVE-2024-23897, an arbitrary file read vulnerability that affects Jenkins.

Join Ben Edwards, as he takes a brief look back at one of the stories that was most interesting to him as a security data nerd from 2024.

CVE-2024-4577 is a critical vulnerability in Windows-based PHP installations, affecting CGI configurations, that allow remote code execution.

What impact has the ban had on US and global usage of Kaspersky? Has it been effective? A new analysis from Bitsight contains some surprising results.

The TRACE team investigated BADBOX, which is a large-scale cybercriminal operation selling off-brand Android TV boxes, smartphones, and other Android electronics with preinstalled malware.

After a year long investigation, Bitsight TRACE follows up on Socks5Systemz research.

Brandon Smith discusses some of the challenges an Automation Engineer face, Bitsight's partnership with Schneider Electric, and what manufacturers in general are doing to tackle ICS security.

Bitsight’s visibility over infostealer malware which exfiltrates over Telegram suggests that the most infected countries are the USA, Turkey, and Russia, followed by India and Germany.

Recent investigation by Bitsight TRACE has discovered multiple critical 0-day vulnerabilities across six ATG systems from five different vendors.

I’ve had a number of requests to examine the finance sector in more detail including breakdowns of exactly what kind of financial organizations are experiencing greater risk and who is remediating more quickly. Here's some answers.