Blog

Insights and expertise from Thoropass

Featured

Becoming the End-to-End Cybersecurity Auditor

Innovation has always been at the forefront for Thoropass, and with the introduction of the Audit Lifecycle Platform, we're the only end-to-end cybersecurity auditor built for the AI era.

Learn More

Latest posts

Pentesting

Thoropass Security Research: React2Shell - When a React Feature Turns Into a Server Takeover

February 5, 2026
|
Muhammad Uwais
In this post, Thoropass pentester Muhammad Uwais explain what React2Shell is, why it matters, and what teams can learn from it, using clear examples and real-world context.
Read more

Compliance automation

Is Your Compliance Platform Making You Audit-Ready … or Just Busy?

January 30, 2026
|
Cristina Bartolacci
Thoropass' Cristina Bartolacci looks at how IT security compliance systems could create more work than they save, and what companies should look for to meaningfully reduce risk.
Read more

AI powered audit

Becoming the End-to-End Cybersecurity Auditor

January 29, 2026
|
Austin Ogilvie, Eva Pittas & Sam Li
Innovation has always been at the forefront for Thoropass, and with the introduction of the Audit Lifecycle Platform, we're the only end-to-end cybersecurity auditor built for the AI era.
Read more

Pentesting

Thoropass Security Research: HikVision Local Privilege Escalation - CVE-2025-39246

January 27, 2026
|
Eduardo Bido
Our penetration testing team outlines three recently identified vulnerabilities, including CVE-2025-39246 and CVE-2025-5007, and how they can be mitigated.
Read more

Audit

The ultimate cyber IT audit glossary for security leaders

January 23, 2026
|
Audits can involve a seemingly endless amount of confusing terms and concepts. We've compiled them all here in one place, to make your next audit easier.
Read more

AI

Choosing an AI-powered compliance tool: A practitioner’s guide

January 23, 2026
|
Learn how to evaluate AI powered compliance tools, manage data privacy risks, and select a platform that satisfies real-world auditors.
Read more

Audit

10 Things I’ve Learned from Thousands of IT Audits

January 15, 2026
|
Chris Biero
IT audits don't have to cause sleepless nights. Thoropass' Chris Beiro outlines 10 things to consider to ensure your next audit is as stress-free as possible.
Read more

Compliance automation

When Compliance Becomes Theater, Everyone Loses

January 12, 2026
|
Sam Li
Security compliance and audit are at risk of becoming commoditized, where speed and time are the only considerations. What risks does this pose and how can they be avoided?
Read more

Compliance

What is COBIT?

January 2, 2026
|
COBIT is an enterprise governance framework that separates IT direction from management. Learn how the 2019 update maps to modern compliance standards.
Read more

Compliance

What is a security controls framework?

January 2, 2026
|
Learn what a security controls framework is, how to stop duplicating evidence, and how to scale multi-framework compliance operations efficiently.
Read more

Compliance

What is a key risk indicator?

January 2, 2026
|
Learn what key risk indicators are, how they differ from KPIs, and how to
Read more

Compliance

What is residual risk?

January 2, 2026
|
Learn the specific definition of residual risk, how it differs from inherent exposure, and why modern compliance frameworks require you to track it continuously.
Read more

Compliance

What is security posture?

January 2, 2026
|
Learn what security posture is, how to measure it across your organization, and why continuous monitoring is required for modern compliance frameworks.
Read more

Compliance

What is risk register?

January 2, 2026
|
A risk register tracks identified IT threats, mitigating controls, and residual risk scores to prove continuous compliance to auditors.
Read more

Compliance

What is security architecture?

January 2, 2026
|
Learn what security architecture is, its core frameworks, and how to map
Read more
Curated by experts

We provide the compliance expertise, so you don’t have to

At Thoropass, we’re more than a readiness solution. Our team of experts are equipped with insight and hands-on experience to provide you with industry-leading perspective and guidance.

Meet the Experts

Stay connected

Subscribe to receive new blog articles and updates from Thoropass in your inbox.

Thank you for subscribing! Be on the lookout for confirmation in your inbox!
Oops! Something went wrong while submitting the form.

Want to join our team?

Help Thoropass ensure that compliance never gets in the way of innovation.

View open roles

Have any feedback?

Drop us a line and we’ll be in touch.

Contact us
Get Started

Products

Thoropass AuditCompliance Automation
PentestingThoropass AIAccess ReviewsSecurity QuestionnairesRisk AssessmentTrust CenterIntegrations and APIs

Solutions

Get CompliantMaintain ComplianceIT Security AuditsThoropass vs. Audit FirmsThoropass vs. Vanta

Frameworks

SOC 1SOC 2HIPAAHITRUSTCyber EssentialsGDPRCMMC Level 1NIST CSF 2.0PCI DSSOther Frameworks

Resources

Case Studies
BlogGuidesEventsGlossaryHelp Center

Industries

HealthcareSaaSFinTechOther Industries

Company

Our DifferenceMeet the ExpertsNewsroomCareersIndependence and ExcellenceBecome a PartnerTrust CenterContact us

Legal

MSADPAReport an IssueImpartiality and InquiriesTerms and ConditionsPrivacy Policy

Certifications:

Laika Compliance, LLC dba Thoropass Assurance is a licensed certified public accounting firm registered with the American Institute of Certified Public Accountants (AICPA). Thoropass, Inc. dba Thoropass is a leading cybersecurity and compliance professional services and technology firm.

© Copyright 2026 Thoropass, Inc.

Linkedin Logo Streamline Icon: https://streamlinehq.com
X Logo Streamline Icon: https://streamlinehq.com
Video Player 1 Streamline Icon: https://streamlinehq.com