Cybersecurity white papers, data sheets, webinars, videos and more

Research

Lazarus Group is Infecting Open-Source Code. Are You at Risk?

North Korea’s Lazarus Group is hiding malware inside GitHub repositories and NPM packages, compromising developers and cryptocurrency platforms. Their targets: your code, your wallets, your users.

STRIKE Team

Webinars

Breaking Silos with SCDR: How SOCs & TPRM Teams Drive Integrated Cyber Strategies

Learn more in this resource.

Threat-Informed TPRM

Press

SecurityScorecard Reaffirms FedRAMP and Achieves StateRAMP Ready Status

U.S. federal, state and local agencies to adopt SecurityScorecard SCDR to secure supply chains with confidence

Blog

A Deep Peek at DeepSeek

DeepSeek’s rapid ascent in the AI space has made it impossible to ignore. Its sophisticated models and AI assistant have captured global attention. And, while headlines focus on DeepSeek’s capabilities, STRIKE research exposes critical security flaws, hidden data flows, and unanswered questions about who has access to the data and why.

STRIKE Team

Research

Insurance Carriers Face Unprecedented Supply Chain Cyber Threats

SecurityScorecard’s analysis of 150 leading insurance companies exposes a critical weakness: even carriers with robust security are being compromised through their supply chain partners. Our data reveals that threat actors are deliberately exploiting lower-scoring vendors to breach otherwise well-defended insurance organizations.

Press

SecurityScorecard Report: 59% of Breaches Impacting Insurance Sector Caused by Third-Party Attack Vectors

Report highlights need to address third-party risks as cybersecurity gaps threaten critical services and policyholder trust.

メディア掲載

ScanNetSecurity: 「SecurityScorecard」が自らを ASM と名乗らない理由

Learn more in this resource.

Japanese

Resources

Max Data Processing Agreement

Learn more in this resource.

Blog

Third-Party Risk Management Framework: How to Select the Right One

Third parties come with significant cyber security risks. Learn how to select the right risk management framework.

Blog

Beyond the Perimeter: Why CISOs Need Threat-Informed TPRM

Organizations rely heavily on external vendors and suppliers, creating complex supply chains vital for operations. However, this introduces a new dimension of risk: supply chain attacks move fast. While standard TPRM focuses on compliance, Threat-Informed TPRM is a proactive, data-first defense engine designed to stop attacks… Read More

Supply Chain Cyber Risk

Threat-Informed TPRM

Case Studies

Verdane

How Verdane improved investment decisions and portfolio company cyber support using SecurityScorecard.

Webinars

The CEO’s Take: Bridging the Cybersecurity Divide To Address Cyber Risk

Learn more in this resource.

Data Sheet

Simplify and Automate NIS2 TPRM Requirements with SecurityScorecard

This extended data sheet guides you through NIS2’s TPRM requirements and how you can use SecurityScorecard to comply. Learn more.

Data Sheet

Simplify and Automate DORA TPRM Requirements with SecurityScorecard

This extended data sheet guides you through DORA’s TPRM requirements and how you can use SecurityScorecard to comply. Learn more.

Research

Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign

During STRIKE’s investigation of Operation 99, our team identified multiple command-and-control (C2)\r\nservers active since September 2024.

STRIKE Team

Blog

Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign

In December 2024, a routine software update concealed a global threat. Attackers from the Lazarus Group, based in North Korea, infiltrated trusted development tools, compromising hundreds of victims worldwide. This sophisticated campaign, code-named “Phantom Circuit,” targeted cryptocurrency and technology developers, employing advanced obfuscation techniques through proxy servers in Hasan, Russia.

STRIKE Team

Webinars

Building a High-Performing Supply Chain Incident Response Team

Supply chain security is no longer an afterthought. With increasing threats and the potential for devastating consequences, organizations must proactively address supply chain risks. In this webinar, we will discuss how a well-structured supply chain incident response team can address these challenges and mitigate risks.

Threat-Informed TPRM

メディア掲載

MONOist: 製造業のサプライチェーンセキュリティ対策に欠かせない「TPRM」とは？

Learn more in this resource.

Japanese

事例

日東工業株式会社 様

株式会社ネットワークバリューコンポネンツによる導入事例

Japanese

Webinars

The CISO’s Take: Securing the Future of Financial Services & More

Learn more in this resource.

Press

SecurityScorecard Report: 58% of Breaches Impacting Leading U.S. Federal Contractors Caused by Third-Party Attack Vectors

Report highlights the urgent need for federal contractors to address third-party risks as cybersecurity gaps threaten national security