Every breach leaves a trail. Learn to spot the signs early. Join the webinar June 25.
Register Now
Missed our 20th Summit? Watch on-demand to explore our latest AI tools and hear how security leaders stay ahead
Watch Now
Looking to streamline your TPRM? Join our Product Deep Dive Webinar with live Q&A!
Register Now

Cybersecurity & Risk Management Blog

Resources to help you keep up to date
with industry insights, best practices and more.
Categories
Attack Surface Management
Company news
Compliance and Regulations
Cybersecurity
Data breaches
Devops
Risks and Vulnerabilities
Third-Party Risk Management
Vendor Risk Management
UpGuard logo
What Is Third-Party Risk Management (TPRM)? 2025 Guide
Abi Tyas Tunggal
Abi Tyas Tunggal
June 13, 2025

Most recent posts

Data Breaches

Asana Discloses Data Exposure Bug in MCP Server

Asana identified a bug in its Model Context Protocol (MCP) server that may have exposed data to MCP users in other Asana accounts.
Greg Pollock
Greg Pollock
June 16, 2025
Human Cyber Risk

Why Banning SaaS and AI Backfires (And What to Do Instead)

Blanket bans on SaaS and AI tools rarely work as intended—explore better risk-based strategies for secure adoption while preventing shadow IT risks.
Leah Sadoian
Leah Sadoian
June 11, 2025
Third-Party Risk Management

TPCRM Framework: Building Digital Trust for Modern Enterprises

TPCRM fosters digital trust in modern ecosystems. Learn how to manage vendor risks, secure data, and ensure compliance in one framework.
Edward Kost
Edward Kost
June 13, 2025
Vendor Risk Management

Vendor Security Review: Key Components And Implementation

Vendor security review is critical for safeguarding data. Discover key components and actionable steps to evaluate vendors effectively.
Edward Kost
Edward Kost
June 13, 2025

Attack Surface Management

Attack-Surface-Management

Open Chroma Databases: A New Attack Surface for AI Apps

One third of exposed instances discovered by UpGuard Research are lacking authentication. Learn how they can put your AI stack at risk.
Greg Pollock
Greg Pollock
June 11, 2025
Attack-Surface-Management

Digital Brand Protection in the Age of Impersonation

Fight brand impersonation and online fraud. Learn key strategies to protect your digital presence & reputation in today's cyber threat landscape.
Leah Sadoian
Leah Sadoian
May 21, 2025
Attack-Surface-Management

AI Just Rewrote the Rules of BEC: Are Your Defenses Ready?

Context-aware emails, deepfake voice impersonation—AI is rapidly evolving phishing. Discover these new threats and the critical defenses you need now.
Leah Sadoian
Leah Sadoian
May 14, 2025
Attack-Surface-Management

What is Enterprise Attack Surface Management?

Find out what it's is critical for large businesses hoping to minimize their risk of suffering data breaches, both internally and externally.
Edward Kost
Edward Kost
December 12, 2024
All attack surface management posts

Company news

Company news

Cast a Wider Net: UpGuard Now Scans 5x More Sources

Introducing UpGuard’s enhanced news and incident coverage. 500% better coverage to keep you ahead of the latest security threats.
UpGuard Team
UpGuard Team
January 16, 2025
Company news

UpGuard Expands Vendor Risk Questionnaire Library with New DORA Questionnaire

Achieve compliance with DORA, UpGuard’s latest addition to its industry-leading Questionnaire Library.
Kyle Chin
Kyle Chin
November 18, 2024
Company news

G2 Names UpGuard #1 TPRM Software - Summer 2024

UpGuard has once again been recognized as a Leader in Third-Party and Supplier Risk Management Software by G2. Read on to discover more insights.
Kaushik Sen
Kaushik Sen
November 18, 2024
Company news

UpGuard Summit May 2024 Recap: Automated TPRM

Revisit the May 2024 UpGuard Summit, exploring new product capabilities and automated TPRM strategies presented by global security leaders.
Nicholas Sollitto
Nicholas Sollitto
January 9, 2025
All company news posts

Compliance & Regulations

Compliance & Regulations

Introducing UpGuard’s DPDP Act Security Questionnaire

Discover the latest addition to UpGuard's industry-leading Questionnaire Library and learn how to achieve comprehensive DPDP compliance.
Nicholas Sollitto
Nicholas Sollitto
November 18, 2024
Compliance & Regulations

APRA CPS 230: Definition, Summary & Compliance Guide

Learn about the new requirements of CPS 230 and how to achieve compliance before it comes into effect on 1 July 2025.
Leah Sadoian
Leah Sadoian
November 18, 2024
Compliance & Regulations

From NIS to NIS2: What Your Organization Needs to Know

Understanding the transition from NIS to NIS2 is crucial for protecting your organization. Explore the key changes and compliance steps in this blog.
Leah Sadoian
Leah Sadoian
January 9, 2025
Compliance & Regulations

How to Prepare for a Cyber Essentials Plus Audit

Learn more about the Cyber Essentials Plus independent assessment process, and steps your organization can take to prepare.
Leah Sadoian
Leah Sadoian
January 16, 2025
All compliance and regulations posts

Cybersecurity

Cybersecurity

Ransomware Inc: Decoding the RaaS Business Model

RaaS turns ransomware into a scalable business. Learn more about the ecosystem, key players, and crucial defense strategies for security leaders.
Leah Sadoian
Leah Sadoian
April 30, 2025
Cybersecurity

How AI is Changing The Way We Manage Cyber Exposure

Unpack the future of cyber exposure with AI—from evolving attacks to smarter defenses. Learn what’s real, what’s next, and how to stay ahead.
Leah Sadoian
Leah Sadoian
April 15, 2025
Cybersecurity

Preparing for the Next Big Cyber Threat: Expert Recommendations

Get expert insights on emerging cyber threats—from AI risks to supply chain attacks—and discover actionable tips to future-proof your security.
Leah Sadoian
Leah Sadoian
April 9, 2025
Cybersecurity

Corporate Security Trends: How S&P 500 Companies Stay Secure

Explore how top S&P 500 companies are shaping corporate security trends and how to strengthen your cyber defenses.
Leah Sadoian
Leah Sadoian
March 26, 2025
All cybersecurity posts

Data Breaches

Data Breaches

Asana Discloses Data Exposure Bug in MCP Server

Asana identified a bug in its Model Context Protocol (MCP) server that may have exposed data to MCP users in other Asana accounts.
Greg Pollock
Greg Pollock
June 16, 2025
Data Breaches

Threat Monitoring for Superannuation Security

Attackers breached superannuation customer accounts with stolen credentials. We look at one way to detect compromised accounts sooner.
Greg Pollock
Greg Pollock
April 14, 2025
Data Breaches

The LastPass Data Breach (Event Timeline And Key Lessons)

A timeline of events from the LastPass data breach spanning from 2022-2023. Also includes key lessons to help you avoid suffering a similar fate.
Edward Kost
Edward Kost
January 5, 2025
Data Breaches

Top 5 Security Misconfigurations Causing Data Breaches

Overlooking these errors could be putting your business at risk of a costly data breach in 2023.
Edward Kost
Edward Kost
April 7, 2025
All data breaches posts

DevOps

Dev Ops

Boost Your Cybersecurity with DevSecOps

Explore how DevSecOps can significantly enhance your organization's cybersecurity posture by integrating security into your development process.
Leah Sadoian
Leah Sadoian
January 16, 2025
Dev Ops

Release Testing Basics

Learn how to start testing your software before releasing it to the public, an essential part of the Software Development Lifecycle (SDLC).
UpGuard Team
UpGuard Team
November 18, 2024
Dev Ops

SCOM vs Splunk

How does Microsoft's data center monitoring solution compare to Splunk's leading platform for IT operational intelligence? Read more to find out.
Abi Tyas Tunggal
Abi Tyas Tunggal
November 18, 2024
Dev Ops

Agent vs Agentless Monitoring: Why We Chose Agentless

Agentless data collection involves collecting data without installing any new agents. Learn why we didn't choose agent monitoring.
UpGuard Team
UpGuard Team
November 18, 2024
All DevOps posts

Risks and Vulnerabilities

Risks & Vulnerabilities

Data Leakage and Other Risks of Insecure LlamaIndex Apps

UpGuard Research surveyed accessible LlamaIndex chatbots to understand the real-world risks–including one instance leaking PII.
Greg Pollock
Greg Pollock
June 12, 2025
Risks & Vulnerabilities

Detecting Generative AI Data Leaks from ComfyUI

Generative AI servers are leaking images, workflows, and prompts. Are they creating risk in your AI supply chain?
Greg Pollock
Greg Pollock
May 21, 2025
Risks & Vulnerabilities

Analyzing llama.cpp Servers for Prompt Leaks

How are generative AI technologies leaking data? In this report we analyse prompt leaks from llama.cpp servers.
Greg Pollock
Greg Pollock
April 11, 2025
Risks & Vulnerabilities

Critical Middleware Vulnerability in Next.js (CVE-2025-29927)

Learn how to detect CVE-2025-29927, a critical vulnerability in Next.js that allows attackers to easily bypass middleware authorization measures.
Greg Pollock
Greg Pollock
March 31, 2025
Risks & Vulnerabilities

Third-Party Risk Management

Third-party Risk Management

TPCRM Framework: Building Digital Trust for Modern Enterprises

TPCRM fosters digital trust in modern ecosystems. Learn how to manage vendor risks, secure data, and ensure compliance in one framework.
Edward Kost
Edward Kost
June 13, 2025
Third-party Risk Management

47% of Breaches Involve Vendors: Is Your TPRM Ready?

Traditional TPRM is struggling as vendor breaches hit 47%. Uncover insights from the 2025 Ponemon Report to learn how you can future-proof your TPRM.
Edward Kost
Edward Kost
May 27, 2025
Third-party Risk Management

The Risk of Third-Party AI Trained on User Data

Analyzing privacy policies can tell us which companies are using AI and training their models with your data.
Greg Pollock
Greg Pollock
April 16, 2025
Third-party Risk Management

Ongoing TPRM Success: Continuous Security Monitoring with AI

Is manual work weighing down your security team and limiting your ability to scale? Learn how UpGuard and its AI features can help.
Nicholas Sollitto
Nicholas Sollitto
April 9, 2025
All third-party risk management posts

Vendor Risk Management

Vendor Risk Management

Vendor Security Review: Key Components And Implementation

Vendor security review is critical for safeguarding data. Discover key components and actionable steps to evaluate vendors effectively.
Edward Kost
Edward Kost
June 13, 2025
Vendor Risk Management

Third Party Security: Building Your Vendor Risk Program in 2025

Discover how third party security safeguards your vendor relationships and ensures compliance. Build a proactive risk program now.
Edward Kost
Edward Kost
June 13, 2025
Vendor Risk Management

Beyond the Red Flags: Responding to a Failed Vendor Audit

Turn audit failures into stronger security—explore practical steps for assessment, remediation planning, validation, and continuous risk monitoring.
Leah Sadoian
Leah Sadoian
May 7, 2025
Vendor Risk Management

Security Bottleneck? Here’s How to Accelerate Vendor Approvals

Are slow vendor approvals putting your organization at risk? Learn how to speed up third-party reviews without compromising security.
Leah Sadoian
Leah Sadoian
April 3, 2025
All vendor risk management posts
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating

Ready to see
UpGuard in action?

Free trial
Get a demo
UpGuard logo
UpGuard is a complete third-party risk and attack surface management platform.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Products
Tools
Company
Insights
Products
Compare
Solutions
Company
Insights
© UpGuard, Inc.
Research GuidelinesPlatform Terms & ConditionsWebsite Terms & ConditionsPrivacyCookies