Cybersecurity white papers, data sheets, webinars, videos and more

March 18, 2026

2026 Supply Chain Cybersecurity Trends Report

To understand how global cybersecurity leaders are navigating this third-party risk paradox, SecurityScorecard surveyed hundreds of professionals managing vendor risk. The 2026 report highlights an urgent need to move beyond manual, point-in-time assessments toward automated, threat-informed defense.

March 16, 2026

The State of South Korea’s Cyber Supply Chain Risk

New research reveals how third- and fourth-party exposure is shaping cybersecurity risk across South Korea’s largest enterprises. South Korea is one of the most digitally connected economies in the world, with global leaders across automotive, electronics, finance, and shipping. But this high level of digital interdependence also creates significant cybersecurity exposure—particularly through complex third- and fourth-party vendor ecosystems. In this report, SecurityScorecard analyzes the cybersecurity posture of South Korea’s largest enterprises, uncovering how systemic supply chain risk is shaping the country’s cyber threat landscape. Using SecurityScorecard’s global security ratings and breach intelligence data, the research highlights how vendor concentration, shared technologies, and interconnected supplier networks can create cascading cyber risk across entire industries. Download the report to explore the key findings and learn how organizations can strengthen resilience across their extended digital supply chains.

February 9, 2026

Beyond the Hype: Moltbot’s Real Risk Is Exposed Infrastructure, Not AI Superintelligence

While the world debates Moltbook’s role in the AI ecosystem, it is just the tip of the iceberg of Titanic risk. SecurityScorecard’s STRIKE team uncovered what lurks beneath: Thousands of exposed OpenClaw (Moltbot) control panels vulnerable to takeover through misconfigured access and known exploits.

STRIKE Team

January 20, 2026

How to Prepare for Hong Kong’s Protection of Critical Infrastructure Bill in 2026

Hong Kong’s Protection of Critical Infrastructures Bill, effective January 1, 2026, introduces a comprehensive cybersecurity framework to safeguard essential services and strengthen national resilience. The legislation mandates operator-level accountability for both internal systems and external dependencies, including cloud platforms, managed services, and third-party vendors. Non-compliance carries severe financial penalties, emphasizing the need for structured governance and continuous oversight.

November 19, 2025

Operation WrtHug, The Global Espionage Campaign Hiding in Your Home Router

SecurityScorecard’s STRIKE team uncovers how attackers turned thousands of ASUS routers into a worldwide spy network.

STRIKE Team

September 30, 2025

How to Prepare for the UK Cyber Security and Resilience Bill in 2025

The UK’s proposed Cyber Security and Resilience Bill is set to transform cybersecurity accountability, and many organizations aren’t ready. SecurityScorecard’s new whitepaper delivers a critical roadmap for UK businesses to get ahead of the regulation and protect against the rising tide of supply chain threats.

September 25, 2025

The State of Cyber Resilience in India’s Supply Chains

SecurityScorecard’s new research, Third-Party Cyber Risks to Global Supply Chains: An Assessment of Key Indian Suppliers, highlights the critical role India plays in powering global industries such as IT services, manufacturing, pharmaceuticals, and aerospace — and the heightened cyber risks these supplier ecosystems face.

August 5, 2025

From the Depths of the Shadows: IRGC and Hacker Collectives Of The 12-Day War

From reconnaissance to propaganda to payloads, this is how Iran’s digital foot soldiers mobilized across borders and platforms during the war with Israel in June 2025.

STRIKE Team

July 23, 2025

The State of Cyber Resilience in Singapore

SecurityScorecard has released its new report, The State of Cyber Resilience in Singapore, revealing that every one of Singapore’s top 100 companies by market capitalization was impacted by third-party cyber breaches over the past year. The findings underscore systemic weaknesses in digital supply chain oversight and fourth-party risk — despite relatively strong internal security ratings.

June 25, 2025

2025 Supply Chain Cybersecurity Trends: Why Visibility Is the Next Competitive Advantage

Against this backdrop of rising systemic risk, SecurityScorecard set out to assess how enterprises are managing their third-party risk. The responses from nearly 550 CISOs and cybersecurity leaders worldwide reveal a dangerous gap in organizational preparedness.

Supply Chain Cyber Risk

Third-Party Risk Management

June 23, 2025

Unmasking A New China-Linked Covert ORB Network: Inside the LapDogs Campaign

SecurityScorecard’s STRIKE team uncovered a new China-Nexus ORB Network targeting the United States and Southeast Asia. Read the report to gain an in-depth look at the LapDogs ORB network, its custom malware, and its role in cyberespionage.

STRIKE Team

June 4, 2025

The Cybersecurity of Europe’s Top 100 Financial Institutions 2025

SecurityScorecard has released its second Europe Financial Cybersecurity Report in two years, revealing that nearly every major financial institution across Europe has been impacted by third-party and fourth-party cyber breaches in the past year.

May 21, 2025

Defending The Financial Supply Chain

2025 Report: Strengths and Vulnerabilities in Top Fintech Companies

February 24, 2025

Massive Botnet Targets M365 with Stealthy Password Spraying Attacks

A Technical Breakdown of Large-Scale Password Spraying Through Non-Interactive Sign-Ins\r\n

STRIKE Team

February 13, 2025

Lazarus Group is Infecting Open-Source Code. Are You at Risk?

North Korea’s Lazarus Group is hiding malware inside GitHub repositories and NPM packages, compromising developers and cryptocurrency platforms. Their targets: your code, your wallets, your users.

STRIKE Team

February 6, 2025

Insurance Carriers Face Unprecedented Supply Chain Cyber Threats

SecurityScorecard’s analysis of 150 leading insurance companies exposes a critical weakness: even carriers with robust security are being compromised through their supply chain partners. Our data reveals that threat actors are deliberately exploiting lower-scoring vendors to breach otherwise well-defended insurance organizations.

January 29, 2025

Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign

During STRIKE’s investigation of Operation 99, our team identified multiple command-and-control (C2)\r\nservers active since September 2024.

STRIKE Team

January 21, 2025

Security Assessment of the Top 100 U.S. Gov’t Contractors

Federal contractors are critical to the U.S. Government’s (USG) supply chain, yet their cybersecurity postures reveal significant weaknesses. This report evaluates the SecurityScorecard ratings and publicly available breach histories of the top 100 federal contractors for FY2023, highlighting problems and patterns that pose substantial third-party cyber risks to the USG. A breach at one of these contractors could expose USG data, compromise infrastructure, or disrupt essential products

January 15, 2025

Operation 99: North Korea’s Cyber Assault on Software Developers

On January 9, the SecurityScorecard STRIKE team uncovered Operation 99, a cyberattack by the Lazarus Group, North Korea’s state-sponsored hacking unit.

STRIKE Team

December 12, 2024

Europe’s Top 100 Companies: Cybersecurity Threat Report

This report analyzes the cybersecurity of the top 100 companies in the Europe by market capitalization. Through comprehensive analysis of their attack surface and reported breaches, SecurityScorecard data scientists uncovered several notable findings concerning third-party risk in Europe.

November 20, 2024

The Third-Party Cyber Risk Landscape of Japan

This paper examines third-party data breaches and third-party cyber risk in Japan.