Black Kite Blog
Focus Friday: TPRM Insights on Critical Vulnerabilities in Sharepoint, Proftpd, Cacti, and Gogs
TPRM analysis of critical CVEs in SharePoint, ProFTPD, Cacti, and Gogs. See which vendors are exposed and how to prioritize remediation.
Jul 2, 2026Dora's First Year of Data Is In. Third Parties Are Still the Weak Link.
DORA's grace period is over. The ESAs' first major incident report is out — and third-party ICT risk is driving the gaps. Here's what your program needs now.
Jul 1, 2026Focus Friday: TPRM Insights on Critical Vulnerabilities in Squidbleed, Unifi Os Devices, Freebsd, Pgadmin, and Tinyproxy
TPRM analysis of critical CVEs in Squidbleed, UniFi OS Devices, FreeBSD, pgAdmin, and TinyProxy. See which vendors are exposed and how to prioritize remediation...
Jun 26, 2026The Vulnerability Deluge Has a Business Problem That TPRM Teams Can't Solve Without the C-suite
Black Kite research identified 58 CVEs out of 48,000 that threaten supply chains. But which exposed vendors are operationally irreplaceable? Only the C-suite ca...
Jun 23, 2026Focus Friday: TPRM Insights on Nginx Rift, Langflow, Jenkins, Mongodb, LiteSpeed Cpanel Plugin, Simplehelp, and Fortibleed Breach
TPRM analysis of critical CVEs in Nginx Rift, Langflow, Jenkins, MongoD, Litespeed Cpanel Plugin, SimpleHelp, and FortiBleed Breach. See which vendors are expos...
Jun 18, 2026Intelligence First, Questions Last: Questionnaires Are Officially Relics
Black Kite Assess replaces manual security questionnaires with trusted intelligence, AI, and The Bridge™. Assess more vendors faster—with better accuracy.
Jun 16, 2026Focus Friday: TPRM Insights on Critical Vulnerabilities in Atg Systems, Litellm, Ivanti Epmm, Exchange Server, Sharepoint, Mariadb, and Solarwinds Serv-u
Discover TPRM insights on critical 2026 flaws in ATG Systems, LiteLLM, Ivanti EPMM, Exchange Server, SharePoint, MariaDB, and SolarWinds Serv-U. Learn how to ma...
Jun 12, 2026Shinyhunters Hit Oracle Peoplesoft and Your Vendors May Already Be Compromised
Updates from our Black Kite Research Team regarding the latest Shiny Hunters zero-day targeting enterprise HR, payroll, and student systems.
Jun 11, 2026The 2026 Dbir Is a Verdict on Traditional Third-party Risk Programs
The 2026 DBIR isn't a warning — it's a verdict. Jeffrey Wheatman on the three ways traditional TPCRM programs failed, and what to do differently.
Jun 11, 2026Ncsc Says the Patch Wave Is Coming. but Is Your Supply Chain Ready?
The NCSC is warning of an AI-driven vulnerability patch wave. Here’s what that means for UK organisations and how patching extends to their supply chains.
Jun 10, 2026When AI Runs Your Vendor Risk Loop, Human Judgment Becomes the Differentiator
AI runs your vendor risk loop faster than any team can. But when the machine flags something new, does your program know what to do? Here's what TPCRM leaders n...
Jun 8, 2026Focus Friday: TPRM Insights on Critical Vulnerabilities in Samba, Roundcube, Langflow, Axios, Activemq, Apache Solr, Apache Airflow, Plesk, and Synology Chat Server
Discover TPRM insights on critical 2026 flaws in Samba, Langflow, Apache, and more. Learn how to map vendor exposure and mitigate supply chain risk.
Jun 5, 2026