Preparing for Unknown Risks: How to Better Prepare for Risks You Can’t See Yet


As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it’s impossible to always know what’s around the corner. It’s not just about external threats and the big breaches splashed across the news headlines.

On one hand, we’re combating threat actors attempting to steal information, money or simply trying to cause havoc. On the other, we’re trying to better understand employee behavior amidst the myriad of applications they use on a daily basis; always vigilant for any suspicious activity. And while it certainly makes our jobs interesting, unpredictability runs contrary to how the organisations we protect prefer to operate.

Read more…
Source: Rapid7


Sign up for our Newsletter


Related:

  • Containers on fire: from container escapes to supply chain attacks

    June 1, 2026

    Modern infrastructures universally rely on containerization to deploy applications, scale services, and build cloud platforms. The use of Docker, Kubernetes, and similar technologies has become the corporate standard for efficient automation. However, as containers grow in popularity, so does the interest of malicious actors — a trend Kaspersky actively track in our research into advanced ...

  • Patch time for Cisco SD-WAN admins as vendor drops yet another make-me-admin zero-day

    May 15, 2026

    Cisco admins face emergency patch duty after Switchzilla disclosed a max-severity make-me-admin bug affecting Catalyst SD-WAN Controller and Manager. Switchzilla dropped an advisory for CVE-2026-20182 (10.0) on Thursday, saying that both components, formerly known as vSmart and vManage, were vulnerable in all deployment types, and that fixes were available. The bug allows unauthenticated remote attackers to bypass authentication and ...

  • ShinyHunters: Cyber Criminal Group Attacks Learning Management System

    May 15, 2026

    The Federal Bureau of Investigation (FBI) is providing this Public Service Announcement (PSA) to warn of potential future impacts related to a cyber-attack that affected an online Learning Management System (LMS), resulting in an interruption of service to educational institutions and students across the country. The LMS platform is now fully operational. ShinyHunters (SH) — which ...

  • Another major Linux security issue uncovered – new Fragnesia flaw allows attackers to run malicious code as root

    May 14, 2026

    Security researchers have discovered a new vulnerability in the Linux kernel which could allow malicious actors to run code with elevated privileges, exposing systems to risk of data theft, malware deployment, and even full device takeover. The vulnerability is tracked as CVE-2026-46300, and was given a severity score of 7.8/10 (high). It’s nicknamed Fragnesia and is ...

  • Over a million WordPress sites hit in plugin flaw — so patch now or face the consequences

    May 14, 2026

    A popular WordPress plugin with roughly a million active installations contained two vulnerabilities that could have allowed malicious actors to exfiltrate sensitive data, such as password hashes and other valuable information. Security researchers at Wordfence said they were tipped off by a researcher Rafie Muhammad about the existence of an Arbitrary File Read and an SQL Injection vulnerability in Avada ...

  • Patch Tuesday

    May 13, 2026

    Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the Patch Tuesday count above. Windows Netlogon: critical RCE Anyone responsible for securing ...