article
CVSS Is Officially Dead: What CISA’s BOD 26-04 Means for Everyone
In June 2026, the U.S. government stopped using severity scores to decide what to patch first. The model that replaces it is better, but it asks a question most security programs cannot ...
NightSpire Ransomware Attack Chain, Tools and Tactics
Key Takeaways NightSpire is a ransomware family first identified in early 2025 using double extortion, stealing files before encryption and threatening to leak them on a Tor-based site if victims refuse to ...
What Is an Insider Threat?
Key Takeaways An insider threat is anyone with authorized access to systems, data, or facilities who uses access to cause harm, including current employees, contractors, vendors, business partners, and former staff with ...
Dirty Frag LPE: CVE-2026-43284 and CVE-2026-43500 Deep Dive
Key Takeaways Dirty Frag is a Linux kernel vulnerability class that chains two bugs (CVE-2026-43284 and CVE-2026-43500) to achieve root privileges on most Linux distributions by writing attacker-controlled data directly into read-only ...
CVE-2026-3055 & CVE-2026-4368: Inside the NetScaler “CitrixBleed 3” Memory Overread
Key Points CVE-2026-3055 is a critical (CVSS v4.0 9.3) unauthenticated memory overread vulnerability in Citrix NetScaler ADC and NetScaler Gateway appliances configured as SAML Identity Providers. Attackers send malformed requests to /saml/login ...
Vulnerability Prioritization in 2026: Why CVSS Isn’t Enough
Key Findings Volume vs. Capacity – Organizations face a 40% YoY increase in vulnerabilities (~135 new CVEs daily), yet the average enterprise only has the bandwidth to remediate 10–15% of its backlog ...
Ontic Named Frost and Sullivan’s Company of the Year for Revolutionizing Security TechnologyÂ
Learn how our commitment to innovation, excellence, and client success made this achievement possible The security industry is undergoing a profound transformation. The convergence of digital and physical threats, the overwhelming surge ...
How to Ensure Workplace Safety for Employees Experiencing Stalking
Learn your role in protecting employees against stalking threats and how to strengthen your workplace violence prevention strategy accordingly An employee is being stalked by someone, either known or unknown to them ...
When Stalking Looks Like Affection, Admiration, or Anger — The Challenge for EP Teams
How to strengthen your executive protection program to address and mitigate the impacts of stalking aimed at executives A customer becomes obsessed with an executive due to their relatable social media presence ...
Generative AI Poses New Challenges to Corporate Insider Risk Management
Learn how to make small adjustments to your insider risk program to protect your organization against evolving AI-based threats Here’s something that sounds like a plot to a movie. And if I ...
