Tag: thirdpartyrisk
51 articles

OpenAI Exclusive: Critical Mixpanel Breach Hits API Users
A critical Mixpanel breach has put API users data at risk. Read our exclusive breakdown of what happened, whos affected, and simple steps you can take now to protect your apps.

Akira Ransomware Stunning $244M Haul Sparks Severe Alarm
Akira ransomware has pulled in roughly $244 million since September 2025—and in some attacks thieves exfiltrated data in as little as two hours. By exploiting unpatched VPN/firewall appliances and neutralizing MFA with automated playbooks, Akira’s affiliates turn trusted defenses into rapid exit routes for high-speed extortion.

Security Leaders Exclusive: Dire Data Loss from Insider Risks
With 77% of organizations reporting insider-related data loss in the last 18 months, security leaders face an urgent, everyday threat: trusted accounts, routine workflows and sprawling cloud environments have turned normal work into ready-made exit ramps for sensitive data. Boards and CISOs are racing to plug identity and monitoring gaps before another incident costs money — and hard-won trust.

Cyber Risks Exclusive: Best Legal Protections for Firms
A breach today can bring regulators, class actions and contract fights—not just technical headaches—so firms need legal protections built into their cybersecurity strategy. Start with proactive counsel, clear vendor contracts, AI governance and BYOD rules to limit liability before an incident hits.

WestJet Notifies Americans of Exclusive Data Breach Risk
WestJet told U.S. customers that a criminal intrusion discovered in June may have exposed personal and loyalty-account information—potentially affecting hundreds of thousands to over a million travelers—and has raised tough questions about who safeguards the sensitive travel data airlines collect. More than an operational headache, the breach highlights how legacy systems and third‑party connections can turn travel records into prime targets for phishing and identity fraud.

Cyber Risks Are Legal Risks: Protect Your Organization
When a misconfigured cloud bucket or a single line of code can become a courtroom exhibit, cyber incidents stop being just IT problems and become legal, regulatory and contractual risks that keep boards and general counsel awake. Treat cybersecurity as corporate governance: shore up vendor contracts, document AI use, and preserve evidence before the litigation starts.

Cyberattack Disrupts European Airports, Security Responds
When airport systems suddenly went dark, travelers faced long lines, missing bags and blank departure boards — a stark, personal reminder that our sprawling mix of legacy hardware and modern cloud services can be painfully fragile. The coordinated cyberattack forced staff into manual triage, sparked cross‑border incident response, and exposed how weak segmentation and uneven patching let a single compromise ripple across an entire hub.

cyber risk Must-Have Strategy for Best Business Alignment
Too many security teams track patch counts while executives ask whether revenue and reputation are really protected; aligning risk operations with business priorities turns cyber efforts from checkbox exercises into measurable protection for what matters most. By mapping critical processes, quantifying financial impact, and uniting tech and leadership, organizations can prioritize controls that reduce real risk and keep operations—and customers—running.

cyber risk management: Must-Have Best Legal Defense
Cyber incidents aren’t just IT headaches — they’re legal minefields that can trigger fines, lawsuits and boardroom liability. Align contracts, AI governance, vendor controls and BYOD policies so technical breaches don’t become costly legal crises.

WestJet data breach: Urgent Exclusive Warning
WestJet says a recent cybersecurity incident may have exposed U.S. customers’ travel and payment info — if you’ve flown with them recently, check your accounts, be on the lookout for phishing, and watch for the airline’s updates as the investigation continues.

Askul ransomware attack: Stunning, Risky supply-chain hit
When Muji paused online orders after logistics partner Askul was hit by ransomware, it exposed a stark truth: a single third-party breach can freeze entire retail operations. This outage is a wake-up call for brands to map dependencies, tighten vendor security, and treat supply-chain risk as an ongoing priority.

email bomb campaigns: Exclusive Dangerous Zendesk Flaw
Imagine waking to hundreds of threatening emails that look like they came from companies you trust — attackers abused weak outbound authentication in Zendesk to launch hard-to-block email bomb campaigns, a wake-up call for vendors and customers to tighten SPF/DKIM/DMARC and stronger default protections now.

Payroll Pirate Crew: Exclusive Risky Threat to Campuses
Microsoft warns a cybercriminal group dubbed the Payroll Pirate Crew is targeting U.S. universities with phishing attacks that hijack HR systems to quietly reroute paychecks, leaving staff suddenly unpaid and campuses scrambling. Universities should tighten MFA, limit admin privileges, and require out‑of‑band verification for bank‑detail changes to protect employees and reputations.

cloud backups Risky: Stunning SonicWall Breach Exposes All
Imagine your firewall’s master keys were left exposed — that’s what SonicWall customers discovered after the vendor revised its estimate from 5% to 100% of cloud backups affected, potentially exposing VPN credentials and network topology. If you used SonicWall cloud backups, inventory impacted devices, rotate credentials, and assume the worst while you await forensic details.

pasting personally identifiable information: Risky Stunning
We keep pasting customer names, order numbers and card details into ChatGPT because it’s fast — but one casual prompt can lead to fines, fraud and lost trust. Make safe AI the easy choice: use sanctioned tools, DLP and clear rules before your next prompt.

supply-chain data breach: Stunning Risky Wake-up Call
Renault and Dacia have informed customers that a supplier’s data exposure may have leaked personal information, a reminder that one weak third party can put many at risk. If you own a Renault or Dacia, now’s the time to check communications, watch for phishing, and demand clearer, faster protections from automakers and their vendors.

WestJet data breach: Exclusive Risk to Millions
WestJet revealed a criminal intrusion that exposed personal and loyalty data for about 1.2 million customers, raising urgent questions about airline cybersecurity and what it means for your privacy. Read on to learn what happened, why stolen travel data is so dangerous, and simple steps you can take right now to protect yourself.

data breach notices: Stunning Wave Risks 3.7M
About 3.7 million North Americans just received breach notices after incidents at Allianz Life, WestJet and a payroll software vendor — leaving many wondering what to do next and how to protect themselves. Read on for what happened, what to watch for, and simple steps you can take right now to guard your identity.

data breach Shocking Harrods Supplier Risky Scandal
Harrods says a third‑party supplier caused a breach that exposed about 430,000 customers, but that blame game leaves people hungry for clear details on what was taken and how they’ll be protected. As trust frays, customers and regulators will demand better transparency and tighter vendor oversight.

supply chain breach: Risky Harrods Alert — Must-Read
If you shopped online at Harrods, a supply‑chain breach may have exposed customer data — a reminder that even luxury brands aren’t immune when a trusted vendor is compromised. Check your accounts, enable MFA, and watch for phishing while retailers tighten vendor security and transparency.

Salesloft breach: Exclusive Risky Lawsuit Fallout
Salesforce now faces a wave of lawsuits after customer data stolen from Salesloft surfaced in identity‑theft schemes, sparking a heated debate over who’s liable when third‑party integrations expose sensitive information. The outcome could reshape how platforms, vendors, and customers share responsibility for security in a cloud‑first world.

Indian suppliers Risky: Stunning Global Breach Threat
A new report shows 53% of Indian vendors suffered third‑party breaches last year, spotlighting how one compromised supplier can cascade into global cyber crises and why supply‑chain security must be a shared priority.

Google Threat Intelligence: Exclusive Risky 393-Day Breach
Google says China-linked attackers have quietly lived inside many enterprise networks since March — an average of 393 days — installing persistent backdoors and exfiltrating sensitive IP. The takeaway: tighten access, boost detection, and treat long dwell times as an urgent business and security priority.

Scattered Spider: Must-Have Defenses Against Risky Attacks
Scattered Spider is skipping the fences and walking through the front door by exploiting weak identity controls, help‑desk processes, and third‑party trust. Tightening phishing‑resistant authentication, enforcing least privilege, and hardening vendor and support workflows are the urgent, practical steps every organization must take.