Black Kite Blog
Focus Friday: TPRM Insights on Critical Vulnerabilities in Atg Systems, Litellm, Ivanti Epmm, Exchange Server, Sharepoint, Mariadb, and Solarwinds Serv-u
Discover TPRM insights on critical 2026 flaws in ATG Systems, LiteLLM, Ivanti EPMM, Exchange Server, SharePoint, MariaDB, and SolarWinds Serv-U. Learn how to ma...
Jun 12, 2026Shinyhunters Hit Oracle Peoplesoft and Your Vendors May Already Be Compromised
Updates from our Black Kite Research Team regarding the latest Shiny Hunters zero-day targeting enterprise HR, payroll, and student systems.
Jun 11, 2026The 2026 Dbir Is a Verdict on Traditional Third-party Risk Programs
The 2026 DBIR isn't a warning — it's a verdict. Jeffrey Wheatman on the three ways traditional TPCRM programs failed, and what to do differently.
Jun 11, 2026Ncsc Says the Patch Wave Is Coming. but Is Your Supply Chain Ready?
The NCSC is warning of an AI-driven vulnerability patch wave. Here’s what that means for UK organisations and how patching extends to their supply chains.
Jun 10, 2026When AI Runs Your Vendor Risk Loop, Human Judgment Becomes the Differentiator
AI runs your vendor risk loop faster than any team can. But when the machine flags something new, does your program know what to do? Here's what TPCRM leaders n...
Jun 8, 2026Focus Friday: TPRM Insights on Critical Vulnerabilities in Samba, Roundcube, Langflow, Axios, Activemq, Apache Solr, Apache Airflow, Plesk, and Synology Chat Server
Discover TPRM insights on critical 2026 flaws in Samba, Langflow, Apache, and more. Learn how to map vendor exposure and mitigate supply chain risk.
Jun 5, 2026Half of All Breaches Now Involve a Third Party. the 2026 Dbir Makes the Case You Can't Ignore.
The 2026 Verizon DBIR confirms vulnerability exploitation is the #1 breach vector. Here's what the data means for your third-party risk program.
Jun 3, 2026The AI Vulnerability Race Is Accelerating, and It’s Highlighting a Concentration Risk Problem
Mythos, Daybreak, and new data breach research all point at the same problem: concentration risk in your vendor ecosystem is getting harder to ignore.
Jun 2, 2026Focus Friday: TPRM Insights on Critical Vulnerabilities in Langflow, Freebsd, and Memcached
TPRM analysis of critical CVEs in Langflow, FreeBSD, and Memcached. See which vendors are exposed and how to prioritize remediation. s
May 29, 2026The Vulnerability Deluge: 5 Questions Your Board Will Ask About Mythos and Other Frontier Models
The vulnerability deluge is a board-level business risk. Here are 5 questions your directors will ask about Mythos — and how to answer them.
May 28, 2026Mythos Is Hardening Enterprise Security. It's Also Softening Your Supply Chain.
Mythos is a leap in vulnerability discovery. It's also widening the gap between enterprise security and mid-market supplier risk. Here's the data.
May 26, 2026Focus Friday: TPRM Insights on Critical Vulnerabilities in Exchange Server, Nginx-poolslip, Openclaw, Flowise, Postgresql, Mongodb, Pgadmin, Freepbx, and N8n
TPRM analysis of critical CVEs in Exchange Server, nginx, OpenClaw, Flowise, PostgreSQL, MongoDB, PgAdmin, FreePBX, and n8n. See which vendors are exposed and h...
May 22, 2026