Myth vs. Reality: What AI, Project Glasswing, and 48,000 CVEs Actually Mean for TPCRMJoin the Webinar
BlackKite: Home
Menu

Black Kite Blog

Keyword Search
blog

Focus Friday: TPRM Insights on Critical Vulnerabilities in Sharepoint, Proftpd, Cacti, and Gogs

TPRM analysis of critical CVEs in SharePoint, ProFTPD, Cacti, and Gogs. See which vendors are exposed and how to prioritize remediation.

Jul 2, 2026
blog

Dora's First Year of Data Is In. Third Parties Are Still the Weak Link.

DORA's grace period is over. The ESAs' first major incident report is out — and third-party ICT risk is driving the gaps. Here's what your program needs now.

Jul 1, 2026
blog

Focus Friday: TPRM Insights on Critical Vulnerabilities in Squidbleed, Unifi Os Devices, Freebsd, Pgadmin, and Tinyproxy

TPRM analysis of critical CVEs in Squidbleed, UniFi OS Devices, FreeBSD, pgAdmin, and TinyProxy. See which vendors are exposed and how to prioritize remediation...

Jun 26, 2026
blog

The Vulnerability Deluge Has a Business Problem That TPRM Teams Can't Solve Without the C-suite

Black Kite research identified 58 CVEs out of 48,000 that threaten supply chains. But which exposed vendors are operationally irreplaceable? Only the C-suite ca...

Jun 23, 2026
blog

Focus Friday: TPRM Insights on Nginx Rift, Langflow, Jenkins, Mongodb, LiteSpeed Cpanel Plugin, Simplehelp, and Fortibleed Breach

TPRM analysis of critical CVEs in Nginx Rift, Langflow, Jenkins, MongoD, Litespeed Cpanel Plugin, SimpleHelp, and FortiBleed Breach. See which vendors are expos...

Jun 18, 2026
blog

Intelligence First, Questions Last: Questionnaires Are Officially Relics

Black Kite Assess replaces manual security questionnaires with trusted intelligence, AI, and The Bridge™. Assess more vendors faster—with better accuracy.

Jun 16, 2026
blog

Focus Friday: TPRM Insights on Critical Vulnerabilities in Atg Systems, Litellm, Ivanti Epmm, Exchange Server, Sharepoint, Mariadb, and Solarwinds Serv-u

Discover TPRM insights on critical 2026 flaws in ATG Systems, LiteLLM, Ivanti EPMM, Exchange Server, SharePoint, MariaDB, and SolarWinds Serv-U. Learn how to ma...

Jun 12, 2026
blog

Shinyhunters Hit Oracle Peoplesoft and Your Vendors May Already Be Compromised

Updates from our Black Kite Research Team regarding the latest Shiny Hunters zero-day targeting enterprise HR, payroll, and student systems.

Jun 11, 2026
blog

The 2026 Dbir Is a Verdict on Traditional Third-party Risk Programs

The 2026 DBIR isn't a warning — it's a verdict. Jeffrey Wheatman on the three ways traditional TPCRM programs failed, and what to do differently.

Jun 11, 2026
blog

Ncsc Says the Patch Wave Is Coming. but Is Your Supply Chain Ready?

The NCSC is warning of an AI-driven vulnerability patch wave. Here’s what that means for UK organisations and how patching extends to their supply chains.

Jun 10, 2026
blog

When AI Runs Your Vendor Risk Loop, Human Judgment Becomes the Differentiator

AI runs your vendor risk loop faster than any team can. But when the machine flags something new, does your program know what to do? Here's what TPCRM leaders n...

Jun 8, 2026
blog

Focus Friday: TPRM Insights on Critical Vulnerabilities in Samba, Roundcube, Langflow, Axios, Activemq, Apache Solr, Apache Airflow, Plesk, and Synology Chat Server

Discover TPRM insights on critical 2026 flaws in Samba, Langflow, Apache, and more. Learn how to map vendor exposure and mitigate supply chain risk.

Jun 5, 2026

Ready to connect cyber risk intelligence to your entire risk program?

Integrate risk intelligence into every part of your workflow so you can make more informed decisions with confidence.