https://www.fortarisks.com/en/blog Cybersecurity risk analysis correlating your security posture with live threat intelligence. en https://www.fortarisks.com/en/blog/sd-wan-under-attack-ransomware-energy-manufacturing https://www.fortarisks.com/en/blog/sd-wan-under-attack-ransomware-energy-manufacturing Mon, 08 Jun 2026 00:00:00 GMT A CVSS 10 SD-WAN flaw with rogue peers in the wild, a fresh Cisco zero-day, and ransomware crews hitting a Canadian energy services firm and a UK machinery maker. The week's signal for critical-infrastructure teams, minus the noise. https://www.fortarisks.com/en/blog/radiology-oncology-docketwise-three-breaches-in-one-week-healthcare-legal-third-party-risk https://www.fortarisks.com/en/blog/radiology-oncology-docketwise-three-breaches-in-one-week-healthcare-legal-third-party-risk Fri, 29 May 2026 00:00:00 GMT Three US healthcare and legal breaches in one week prove your real exposure runs through your vendors' vendors. A 30-day third-party risk loop. https://www.fortarisks.com/en/blog/defender-and-apex-one-under-fire-when-the-antivirus-becomes-the-attackers-weapon https://www.fortarisks.com/en/blog/defender-and-apex-one-under-fire-when-the-antivirus-becomes-the-attackers-weapon Tue, 26 May 2026 00:00:00 GMT CISA added three endpoint-security zero-days to KEV in 72 hours. Why defense tools are now prime targets, plus a 6-step EDR remediation loop. https://www.fortarisks.com/en/blog/canvas-275-million-records-what-this-breach-forces-you-to-rethink-in-third-party-risk https://www.fortarisks.com/en/blog/canvas-275-million-records-what-this-breach-forces-you-to-rethink-in-third-party-risk Tue, 19 May 2026 00:00:00 GMT The ShinyHunters attack on Canvas exposes a SaaS concentration problem, not just a vendor one. Three board questions and a 6-step third-party loop. https://www.fortarisks.com/en/blog/ai-vs-ai-why-your-cyber-defense-must-also-be-ai-augmented https://www.fortarisks.com/en/blog/ai-vs-ai-why-your-cyber-defense-must-also-be-ai-augmented Fri, 15 May 2026 00:00:00 GMT Attackers now wield AI like Mythos, so defense must be AI-augmented too. Five defensive use cases that work in 2026, and what AI should never do. https://www.fortarisks.com/en/blog/mythos-explained-to-the-board-5-strategic-questions-before-your-next-committee https://www.fortarisks.com/en/blog/mythos-explained-to-the-board-5-strategic-questions-before-your-next-committee Fri, 08 May 2026 00:00:00 GMT Anthropic's Mythos finds and exploits software flaws in hours. Why that makes AI risk a board topic, and 5 questions to ask your CISO this week. https://www.fortarisks.com/en/blog/mythos-and-the-ai-storm-why-your-cyber-program-must-change-now https://www.fortarisks.com/en/blog/mythos-and-the-ai-storm-why-your-cyber-program-must-change-now Fri, 01 May 2026 00:00:00 GMT The Cloud Security Alliance's emergency briefing on a Mythos-ready program: the attacker/defender asymmetry and 5 actions to launch this week. https://www.fortarisks.com/en/blog/two-us-banks-one-vendor-11-third-party-vulnerabilities-invisible-to-questionnaires https://www.fortarisks.com/en/blog/two-us-banks-one-vendor-11-third-party-vulnerabilities-invisible-to-questionnaires Fri, 24 Apr 2026 00:00:00 GMT Everest ransomware hit two US banks through one shared vendor. The 11 third-party vulnerabilities annual questionnaires never see, and how to fix them. https://www.fortarisks.com/en/blog/cyber-insurance-2026-7-criteria-insurers-check-before-covering-you https://www.fortarisks.com/en/blog/cyber-insurance-2026-7-criteria-insurers-check-before-covering-you Fri, 17 Apr 2026 00:00:00 GMT Cyber insurance is now a security-posture audit. The 7 criteria insurers check, what raises or lowers your premium, and how to pass first time. https://www.fortarisks.com/en/blog/chaos-ransomware-36-victims-in-march-and-your-ot-sector-is-next https://www.fortarisks.com/en/blog/chaos-ransomware-36-victims-in-march-and-your-ot-sector-is-next Fri, 10 Apr 2026 00:00:00 GMT Chaos ransomware claimed 36 victims in March, mostly construction and manufacturing. How victimology turns that signal into an early-warning window. https://www.fortarisks.com/en/blog/living-off-the-land-your-legitimate-tools-have-become-your-worst-attackers https://www.fortarisks.com/en/blog/living-off-the-land-your-legitimate-tools-have-become-your-worst-attackers Fri, 03 Apr 2026 00:00:00 GMT In 2026 sophisticated attacks drop no malware. They abuse admin consoles, OAuth and signed installers. Why EDRs miss them, and five fixes this week. https://www.fortarisks.com/en/blog/critical-cve-in-2026-20-hours-to-react-not-54-days https://www.fortarisks.com/en/blog/critical-cve-in-2026-20-hours-to-react-not-54-days Fri, 27 Mar 2026 00:00:00 GMT The gap between a critical CVE going public and first exploitation fell from 54 days to under 20 hours. What it means for CISOs and how to keep up. https://www.fortarisks.com/en/blog/sbom-understanding-and-managing-your-software-supply-chain https://www.fortarisks.com/en/blog/sbom-understanding-and-managing-your-software-supply-chain Fri, 20 Mar 2026 00:00:00 GMT In 2026, the SBOM has become one of cybersecurity's critical artifacts. Why it matters, its priority use cases, and how to get started in four steps. https://www.fortarisks.com/en/blog/cybersecurity-trends-for-2026-understanding-the-risks-ahead https://www.fortarisks.com/en/blog/cybersecurity-trends-for-2026-understanding-the-risks-ahead Fri, 13 Mar 2026 00:00:00 GMT In 2026 cyber risk gets faster and more sophisticated. A clear view of the threats ahead, their impact, and concrete actions to take now. https://www.fortarisks.com/en/blog/digital-risk-management-cyber-risk-mapping-why-it-matters-and-how-to-do-it https://www.fortarisks.com/en/blog/digital-risk-management-cyber-risk-mapping-why-it-matters-and-how-to-do-it Sun, 01 Mar 2026 00:00:00 GMT Digital risk management is now a strategic priority. How cyber risk mapping gives you the visibility and prioritization to reduce exposure effectively. https://www.fortarisks.com/en/blog/executive-committee-memo-the-10-questions-that-prevent-a-cyber-surprise-in-2026 https://www.fortarisks.com/en/blog/executive-committee-memo-the-10-questions-that-prevent-a-cyber-surprise-in-2026 Sat, 14 Feb 2026 00:00:00 GMT A practical, non-technical framework of 10 questions every Executive Committee should ask to turn reassuring cyber statements into measurable proof. https://www.fortarisks.com/en/blog/cybersecurity-operating-model-9-dimensions-for-resilience https://www.fortarisks.com/en/blog/cybersecurity-operating-model-9-dimensions-for-resilience Thu, 20 Feb 2025 00:00:00 GMT The nine dimensions of a solid cybersecurity operating model, from business impact and CTI to identity and compliance, and why correlation wins. https://www.fortarisks.com/en/blog/2025-the-turning-point-that-reshaped-cyber-risk https://www.fortarisks.com/en/blog/2025-the-turning-point-that-reshaped-cyber-risk Fri, 14 Feb 2025 00:00:00 GMT How 2025 industrialized cybercrime around access and identity: record ransomware, the infostealer surge, offensive AI, and the priorities it forces.