Ransomware is up. Credential leaks are rising quickly. Malware is diversifying. This year’s report drills into how cybercriminals are evolving—and what defenders must do to keep up. We analyzed millions of endpoints, credentials, and forums to expose the realities of the cyber underground in 2024. This isn’t theory—it’s what’s actually happening right now.
Security research report
State of the Underground 2025
Featured Research
Bitsight Research
Explore the 2025 State of the Underground report for an unfiltered look at cybercrime trends. Discover what 2B data points reveal about rising ransomware, breached data, and evolving underground markets—and how to stay ahead.
Read More
Bitsight Research
Your supply chain is bigger—and riskier—than you think. The Bitsight TRACE team uncovers the "Critical 99" and hidden vulnerabilities. Read the findings now.
Read More
Bitsight Research
Bitsight TRACE analyzes the March 10, 2025 DDoS attack on X, linking it to IoT botnets and misconfigurations. Dark Storm claims responsibility, but was it them?
Read More
Security research report
Under the Surface: Uncovering Cyber Risk in the Global Supply Chain
Your supply chain isn’t just a series of links—it’s a vast, tangled web of dependencies, many of which have weak security. This report uncovers the critical but often-overlooked providers that could be the next cybersecurity weak spot, along with data-driven insights to help you mitigate risks before they disrupt your business.
All Research
Bitsight Research
Explore the 2025 State of the Underground report for an unfiltered look at cybercrime trends. Discover what 2B data points reveal about rising ransomware, breached data, and evolving underground markets—and how to stay ahead.
Read More
Bitsight Research
Your supply chain is bigger—and riskier—than you think. The Bitsight TRACE team uncovers the "Critical 99" and hidden vulnerabilities. Read the findings now.
Read More
Bitsight Research
Bitsight TRACE analyzes the March 10, 2025 DDoS attack on X, linking it to IoT botnets and misconfigurations. Dark Storm claims responsibility, but was it them?
Read More
Bitsight Research
This article provides details on how Bitsight TRACE addressed CVE-2024-23897, an arbitrary file read vulnerability that affects Jenkins.
Read More
Bitsight Research
Join Ben Edwards, as he takes a brief look back at one of the stories that was most interesting to him as a security data nerd from 2024.
Read More
Bitsight Research
CVE-2024-4577 is a critical vulnerability in Windows-based PHP installations, affecting CGI configurations, that allow remote code execution.
Read More
Bitsight Research
The TRACE team investigated BADBOX, which is a large-scale cybercriminal operation selling off-brand Android TV boxes, smartphones, and other Android electronics with preinstalled malware.
Read More
Bitsight Research
After a year long investigation, Bitsight TRACE follows up on Socks5Systemz research.
Read More
Bitsight Research
What impact has the ban had on US and global usage of Kaspersky? Has it been effective? A new analysis from Bitsight contains some surprising results.
Read More
Bitsight Research
Brandon Smith discusses some of the challenges an Automation Engineer face, Bitsight's partnership with Schneider Electric, and what manufacturers in general are doing to tackle ICS security.
Read More
Bitsight Research
Bitsight’s visibility over infostealer malware which exfiltrates over Telegram suggests that the most infected countries are the USA, Turkey, and Russia, followed by India and Germany.
Read More
Bitsight Research
Recent investigation by Bitsight TRACE has discovered multiple critical 0-day vulnerabilities across six ATG systems from five different vendors.
Read More
Bitsight Research
I’ve had a number of requests to examine the finance sector in more detail including breakdowns of exactly what kind of financial organizations are experiencing greater risk and who is remediating more quickly. Here's some answers.
Read More
Bitsight Research
Want to know about Yet Another Vulnerability Scoring System (YASS)? Ben Edwards breaks down Stakeholder Specific Vulnerability Categorization and how to make it work.
Read More
Bitsight Research
An in-depth look into Web Application Security, and Bitsight's approach to related security metrics.
Read More
Bitsight Research
Our latest research, a collaboration between Bitsight TRACE & the security researcher Gi7w0rm, has uncovered additional details & information about the 7777 Botnet.
Read More
Bitsight Research
Before Crowdstrike caused the world to melt down for a few days, the talk of the security town was a recent OpenSSH vulnerability. Let's revisit CVE-2024-6387.
Read More
Bitsight Research
Much of your daily life depends on Industrial Control Systems(ICSs). We’ll cover ICSs unique characteristics and some of the challenges in applying IT security practices or technology to them.
Read More
Bitsight Research
Curious about software vulnerabilities and their fixes? Check out my latest blog on KEV exposures and common weaknesses for surprising insights!
Read More
Bitsight Research
How will the prohibition of Kaspersky Lab, Inc. impact global users? Read our analysis of the prevalence of Kaspersky products used by organizations around the globe.
Read More
Bitsight Research
Learn about what the latest reduction in capacity in the NVD means for the state of vulnerabilities.
Read More
Bitsight Research
This article provides a technical analysis of Latrodectus, offering insights into its campaigns and victims up until Operation Endgame.
Read More
Bitsight Research
This blog post details one of these very unique cases: `CVE-2022-44877`, an unauthenticated Command Injection issue, flagged by CISA as a Known Exploited Vulnerability (CISA KEV).
Read More
Bitsight Research
Discover key differences in KEV prevalence across Europe and how they impact cybersecurity strategies in this detailed blog.
Read More
Bitsight Research
This blog post details how `CVE-2021-44529` was researched as well as the current method being used to detect it.
Read More
Bitsight Research
Dive into a significant cybersecurity scare that could have led to widespread chaos, highlighting the vulnerabilities that were exposed and the swift actions taken to prevent disaster.
Read More
Bitsight Research
Bitsight’s global, advanced scanning and detection capabilities provide insight into many actively exploited vulnerabilities that others just can’t touch. Explore how we do it.
Read More
Bitsight Research
Discover why millions of smartphones worldwide are at risk due to cluttered and outdated apps. Dive into our research to learn more about this critical issue.
Read More
Bitsight Research
This blog post details one of these very unique cases: `CVE-2022-44877`, an unauthenticated Command Injection issue, flagged by CISA as a Known Exploited Vulnerability (CISA KEV).
Read More
Bitsight Research
We’re back again with a monthly-ish blog reflecting on major goings on in the security world.
Read More
Bitsight Research
Read the latest Bitsight research on PrivateLoader including important updates recently, including a new string encryption algorithm, a new alternative communication protocol and more.
Read More
Bitsight Research
AgentTesla (also known as OriginLogger) remains a prevalent commodity stealer, being daily distributed, mainly via email attachments
Read More
Bitsight Research
This blog discusses the state of DMARC, the role that DMARC plays in email authentication, and why it should be a key component of your email security solution.
Read More
Bitsight Research
Explore recent Ivanti Secure vulnerabilities affecting SSL VPN and Network Access Control solutions. Understand the criticality, patch delays, and ongoing exploitation.
Read More
Bitsight Research
We build on our previous work and look into how threat actors are abusing SLP to launch reflection/amplification DDoS attacks, their evolution, and what targets are they focused on at the moment.
Read More
Bitsight Research
Recently, our Threat Research team discovered a new malware sample, distributed by the PrivateLoader and Amadey loaders. Learn more.
Read More
Bitsight Research
Bitsight dissects SmokeLoader's plugins received by an infected computer from the botnet "0020". We explore their inner workings, capabilities, and threat vectors.
Read More
Bitsight Research
Discover the methodology, at a technical level, the Bitsight Security Research team used to evaluate the three critical vulnerabilities affecting MOVEit Transfer.
Read More
Bitsight Research
CVE-2023-35036 & CVE-2023-35708 — were identified on June 9th and June 15th in the latest series of high-profile software supply chain vulnerabilities.
Read More
Bitsight Research
Researchers from Bitsight and Curesec have jointly discovered a high-severity vulnerability — tracked as CVE-2023-29552 — in the Service Location Protocol (SLP).
Read More
Bitsight Research
Mylobot is a malware that targets Windows systems, it first appeared in 2017. In this article, we'll focus on its main capability, which is transforming the infected system into a proxy.
Read More
Bitsight Research
SystemBC is a malware written in C that turns infected computers into SOCKS5 proxies.
Read More
Bitsight Research
PrivateLoader is a loader from a pay-per-install malware distribution service that has been utilized to distribute info stealers, banking trojans, loaders, spambots, and ransomware on Windows machines.
Read More
Bitsight Research
We cover investments that Bitsight is making to greatly scale out our vulnerability coverage in record time through automation.
Read More
Featured Research
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.