Skip to main content

Tag: third party risk

51 articles

Cracked laptop screen with eerie glow, surrounded by scattered papers and a broken lock.

Vercel Breach Exposes Customer Credentials After AI Tool Hack

When a trusted AI tool turns against you, the consequences can be severe - as Vercel recently discovered, with hackers gaining access to sensitive customer credentials through a compromised employee account. The breach highlights the fragile chains of trust that can be broken when security defenses fail.

Analyst 207
Person sits in dimly lit room with laptop displaying maze and tracking symbol, surrounded by cityscapes and financial…

Taboola Exploits Banking Sessions to Route Users to Temu Tracking Endpoint

Imagine a single line of code secretly redirecting people logged into their bank accounts to a commercial tracking site - that's what happened when a bank unknowingly approved a Taboola pixel that sent users to a Temu tracking endpoint. This sneaky exploit slipped past security controls, leaving both the bank and its users none the wiser.

Analyst 207
Darkened hospital corridor with spotlight on laptop showing 3D brain with gap, surrounded by puzzle pieces and broken…

Healthcare Sector Tackles Third-Party AI Security Gaps with New Guidance

The healthcare sector is taking a major step towards securing its AI-powered tools with new guidance from the Health Sector Coordinating Council (HSCC) that helps tackle the growing threat of third-party AI security gaps. This playbook is a timely response to the explosion of AI-related cyber risks from vendors, and aims to safeguard the industry's increasing reliance on externally developed artificial intelligence.

Analyst 207
Abandoned server room with vulnerable laptop and ghostly face on cracked screen.

McGraw Hill Breach Exposed by Salesforce Setup Flaw

A configuration error in Salesforce, a widely used customer relationship management platform, led to a data breach at McGraw Hill, exposing customer data and raising questions about vendor services and data stewardship. The incident highlights the importance of proper setup and management of third-party services to protect sensitive information.

Analyst 207
Hims & Hers Discloses Data Breach After Zendesk Ticket Compromise

Hims & Hers Discloses Data Breach After Zendesk Ticket Compromise

Hims & Hers Health has alerted customers to a data breach after sensitive support tickets were stolen from a third-party platform operated by Zendesk, raising concerns about consumer safety when sharing personal info online. The breach exposed data from support tickets, highlighting the vulnerability of sensitive transactions on external systems.

Analyst 207
Third-Party Risk Exposes Hidden Weaknesses in Client Security Posture

Third-Party Risk Exposes Hidden Weaknesses in Client Security Posture

The next big security breach hitting your clients likely won't come from within their own walls, but from a blind spot they never suspected: their trusted third-party relationships with vendors, SaaS tools, and subcontractors. Most organizations are woefully underprepared for this expanding attack surface.

Analyst 207
Mercor Hit in Widespread LiteLLM Supply-Chain Attack

Mercor Hit in Widespread LiteLLM Supply-Chain Attack

Thousands of companies, including AI hiring startup Mercor, have been hit by a widespread LiteLLM supply-chain attack, marking the first publicly disclosed downstream casualty of a software supply-chain intrusion. This incident raises a critical question: how can organizations trust their tech toolchains when the chain itself can be compromised?

Analyst 207
ThreatsDay Bulletin Exclusive: Essential Cyber Threats

ThreatsDay Bulletin Exclusive: Essential Cyber Threats

Ever wondered what happens when trusted doors are left unlocked? This ThreatsDay Bulletin shows how trusted attack chains—everyday files, SMS, cloud APIs and smart contracts—are being repurposed into stealthy, high‑leverage strikes and what you can do to shut them down.

Analyst 207
Security Leaders Exclusive: Damaging Marquis Breach

Security Leaders Exclusive: Damaging Marquis Breach

The Marquis data breach exposed hundreds of thousands of tax‑credit records — and it asks a blunt question: when trust is the currency, who pays? Security leaders say this wasn’t a freak accident but a familiar mix of human error, misconfiguration and governance gaps that proves convenience still too often outpaces caution.

Analyst 207
Security Leaders Exclusive: Critical Take on Marquis Breach

Security Leaders Exclusive: Critical Take on Marquis Breach

Nearly 250,000 Americans had their tax‑credit records exposed in the Marquis breach — a wake‑up call that this wasnt just a technical slip but a systemic security failure companies, regulators, and consumers must fix together. Experts break down what went wrong, who’s accountable, and the urgent steps to protect victims and prevent the next catastrophe.

Analyst 207
Security Leaders Exclusive: Alarming Marquis Breach Insight

Security Leaders Exclusive: Alarming Marquis Breach Insight

The Marquis data breach forces a simple but urgent question: when a trusted provider is compromised, who pays — the vendor, its customers, or the wider ecosystem? With attackers evolving faster than defenders, security leaders say it’s time to rethink third‑party and supply‑chain risk.

Analyst 207
Coupang Breach: Stunning Damage Hits 34M, Leaders React

Coupang Breach: Stunning Damage Hits 34M, Leaders React

Coupang breach jolted roughly 34 million customers after attackers used vishing and compromised vendor channels to steal—and then extort—sensitive data; here’s what went wrong and what customers and companies need to do next.

Analyst 207
Logitech Breach Prompts Stunning Critical Security Response

Logitech Breach Prompts Stunning Critical Security Response

The confirmed Logitech breach is a wake‑up call for anyone with vendor integrations. Security leaders recommend treating third‑party access as an attack vector — audit entitlements, tighten tokens and OAuth scopes, and boost detection to stop downstream damage.

Analyst 207
Security Leaders Exclusive: Best Take on Cloudflare Outage

Security Leaders Exclusive: Best Take on Cloudflare Outage

The Cloudflare outage turned an hour of access problems into a test of trust—slowing or blocking services from ChatGPT to X and local government sites and forcing us to ask how much of the internet rests on one company’s shoulders.

Analyst 207
OpenAI Warns: Exclusive Critical Mixpanel Breach

OpenAI Warns: Exclusive Critical Mixpanel Breach

OpenAI is urging users to rotate keys and audit integrations after a Mixpanel breach that may have exposed leaked API keys and telemetry — a wake‑up call that third‑party analytics can become an attack vector overnight.

Analyst 207
FBI Exclusive: Stunning $262M Costly Account Takeovers

FBI Exclusive: Stunning $262M Costly Account Takeovers

Imagine waking to find your bank account emptied by someone who cloned your bank’s site — the FBI says over $262M has been lost to account takeover scams since January 2025. Learn how phishing, credential stuffing and fake reporting pages let criminals turn stolen logins into instant cash — and what you can do to stop them.

Analyst 207
Gainsight Cyber-Attack Exclusive: Critical Salesforce Hit

Gainsight Cyber-Attack Exclusive: Critical Salesforce Hit

A Gainsight cyber attack has critically hit Salesforce—here’s what happened and the immediate steps you need to protect your data and your org.

Analyst 207
3 SOC Challenges Exclusive: Best Solutions by 2026

3 SOC Challenges Exclusive: Best Solutions by 2026

By 2026, AI will be attackers’ force multiplier — and Security Operations Centers must urgently tackle opaque automation, people-and-process shortfalls, and brittle third‑party dependencies. The solution is practical: insist on explainability and provenance, use human‑in‑the‑loop staged automation, and require adversarial‑resilience testing before any autonomous actions go live.

Analyst 207
Gainsight Exclusive: Critical Hack Risks Salesforce Clients

Gainsight Exclusive: Critical Hack Risks Salesforce Clients

Urgent heads-up: a critical Gainsight hack could expose Salesforce clients’ data—here’s what happened and how to protect your systems.

Analyst 207
SEC Stunning Move Drops SolarWinds Case, Costly Fallout

SEC Stunning Move Drops SolarWinds Case, Costly Fallout

The SEC’s abrupt request to dismiss its high‑profile lawsuit over the 2020 SolarWinds supply‑chain breach has left investors, technologists and policymakers wondering what it signals about enforcement, deterrence and the limits of cyber regulation. After years of litigation that promised to redefine how securities law treats cybersecurity, the surprising reversal raises urgent questions about accountability and how companies should disclose cyber risk.

Analyst 207
Ransomware negotiator: Exclusive Guide to Best Practices

Ransomware negotiator: Exclusive Guide to Best Practices

When the ransomware negotiator you trusted to defuse an attack becomes the attacker, the breach of trust is catastrophic. This guide explains what happened, why it matters, and how organizations can guard against insider betrayal.

Analyst 207
Tata Consultancy Services Exclusive Denies Critical M&S Loss

Tata Consultancy Services Exclusive Denies Critical M&S Loss

Tata Consultancy Services says: follow the timeline — its service‑desk contract with Marks & Spencer ended before the cyber intrusion, so the two events shouldn’t be conflated. That timing could dramatically shift the legal, regulatory and reputational fallout.

Analyst 207
Shaq’s new ride Exclusive: Costly Hijack Exposed

Shaq’s new ride Exclusive: Costly Hijack Exposed

Shaq’s new ride reveals a surprising weak spot: when celebrities rely on niche customization shops for bespoke engineering, those small specialists — holding valuable blueprints and client data — become prime targets for savvy criminals. A breach can mean leaked designs, stolen invoices and lucrative leverage for extortion.

Analyst 207
Cybersecurity Perception Gap: Exclusive Best Practices

Cybersecurity Perception Gap: Exclusive Best Practices

When leaders count policies and vendors while security teams tally alerts and fatigue, real risk gets lost — the Bitdefender 2025 assessment warns this perception gap is widening into dangerous blind spots. Closing it with continuous monitoring, smarter tooling, and honest incident reporting shrinks dwell time and keeps small problems from turning catastrophic.

Analyst 207