Skip to main content

Tag: thirdpartyrisk

51 articles

OpenAI Exclusive: Critical Mixpanel Breach Hits API Users

OpenAI Exclusive: Critical Mixpanel Breach Hits API Users

A critical Mixpanel breach has put API users data at risk. Read our exclusive breakdown of what happened, whos affected, and simple steps you can take now to protect your apps.

Analyst 207
Akira Ransomware Stunning $244M Haul Sparks Severe Alarm

Akira Ransomware Stunning $244M Haul Sparks Severe Alarm

Akira ransomware has pulled in roughly $244 million since September 2025—and in some attacks thieves exfiltrated data in as little as two hours. By exploiting unpatched VPN/firewall appliances and neutralizing MFA with automated playbooks, Akira’s affiliates turn trusted defenses into rapid exit routes for high-speed extortion.

Analyst 207
Security Leaders Exclusive: Dire Data Loss from Insider Risks

Security Leaders Exclusive: Dire Data Loss from Insider Risks

With 77% of organizations reporting insider-related data loss in the last 18 months, security leaders face an urgent, everyday threat: trusted accounts, routine workflows and sprawling cloud environments have turned normal work into ready-made exit ramps for sensitive data. Boards and CISOs are racing to plug identity and monitoring gaps before another incident costs money — and hard-won trust.

Analyst 207
Cyber Risks Exclusive: Best Legal Protections for Firms

Cyber Risks Exclusive: Best Legal Protections for Firms

A breach today can bring regulators, class actions and contract fights—not just technical headaches—so firms need legal protections built into their cybersecurity strategy. Start with proactive counsel, clear vendor contracts, AI governance and BYOD rules to limit liability before an incident hits.

Analyst 207
WestJet Notifies Americans of Exclusive Data Breach Risk

WestJet Notifies Americans of Exclusive Data Breach Risk

WestJet told U.S. customers that a criminal intrusion discovered in June may have exposed personal and loyalty-account information—potentially affecting hundreds of thousands to over a million travelers—and has raised tough questions about who safeguards the sensitive travel data airlines collect. More than an operational headache, the breach highlights how legacy systems and third‑party connections can turn travel records into prime targets for phishing and identity fraud.

Analyst 207
Cyber Risks Are Legal Risks: Protect Your Organization

Cyber Risks Are Legal Risks: Protect Your Organization

When a misconfigured cloud bucket or a single line of code can become a courtroom exhibit, cyber incidents stop being just IT problems and become legal, regulatory and contractual risks that keep boards and general counsel awake. Treat cybersecurity as corporate governance: shore up vendor contracts, document AI use, and preserve evidence before the litigation starts.

Analyst 207
Cyberattack Disrupts European Airports, Security Responds

Cyberattack Disrupts European Airports, Security Responds

When airport systems suddenly went dark, travelers faced long lines, missing bags and blank departure boards — a stark, personal reminder that our sprawling mix of legacy hardware and modern cloud services can be painfully fragile. The coordinated cyberattack forced staff into manual triage, sparked cross‑border incident response, and exposed how weak segmentation and uneven patching let a single compromise ripple across an entire hub.

Analyst 207
cyber risk Must-Have Strategy for Best Business Alignment

cyber risk Must-Have Strategy for Best Business Alignment

Too many security teams track patch counts while executives ask whether revenue and reputation are really protected; aligning risk operations with business priorities turns cyber efforts from checkbox exercises into measurable protection for what matters most. By mapping critical processes, quantifying financial impact, and uniting tech and leadership, organizations can prioritize controls that reduce real risk and keep operations—and customers—running.

Analyst 207
cyber risk management: Must-Have Best Legal Defense

cyber risk management: Must-Have Best Legal Defense

Cyber incidents aren’t just IT headaches — they’re legal minefields that can trigger fines, lawsuits and boardroom liability. Align contracts, AI governance, vendor controls and BYOD policies so technical breaches don’t become costly legal crises.

Analyst 207
WestJet data breach: Urgent Exclusive Warning

WestJet data breach: Urgent Exclusive Warning

WestJet says a recent cybersecurity incident may have exposed U.S. customers’ travel and payment info — if you’ve flown with them recently, check your accounts, be on the lookout for phishing, and watch for the airline’s updates as the investigation continues.

Analyst 207
Askul ransomware attack: Stunning, Risky supply-chain hit

Askul ransomware attack: Stunning, Risky supply-chain hit

When Muji paused online orders after logistics partner Askul was hit by ransomware, it exposed a stark truth: a single third-party breach can freeze entire retail operations. This outage is a wake-up call for brands to map dependencies, tighten vendor security, and treat supply-chain risk as an ongoing priority.

Analyst 207
email bomb campaigns: Exclusive Dangerous Zendesk Flaw

email bomb campaigns: Exclusive Dangerous Zendesk Flaw

Imagine waking to hundreds of threatening emails that look like they came from companies you trust — attackers abused weak outbound authentication in Zendesk to launch hard-to-block email bomb campaigns, a wake-up call for vendors and customers to tighten SPF/DKIM/DMARC and stronger default protections now.

Analyst 207
Payroll Pirate Crew: Exclusive Risky Threat to Campuses

Payroll Pirate Crew: Exclusive Risky Threat to Campuses

Microsoft warns a cybercriminal group dubbed the Payroll Pirate Crew is targeting U.S. universities with phishing attacks that hijack HR systems to quietly reroute paychecks, leaving staff suddenly unpaid and campuses scrambling. Universities should tighten MFA, limit admin privileges, and require out‑of‑band verification for bank‑detail changes to protect employees and reputations.

Analyst 207
cloud backups Risky: Stunning SonicWall Breach Exposes All

cloud backups Risky: Stunning SonicWall Breach Exposes All

Imagine your firewall’s master keys were left exposed — that’s what SonicWall customers discovered after the vendor revised its estimate from 5% to 100% of cloud backups affected, potentially exposing VPN credentials and network topology. If you used SonicWall cloud backups, inventory impacted devices, rotate credentials, and assume the worst while you await forensic details.

Analyst 207
pasting personally identifiable information: Risky Stunning

pasting personally identifiable information: Risky Stunning

We keep pasting customer names, order numbers and card details into ChatGPT because it’s fast — but one casual prompt can lead to fines, fraud and lost trust. Make safe AI the easy choice: use sanctioned tools, DLP and clear rules before your next prompt.

Analyst 207
supply-chain data breach: Stunning Risky Wake-up Call

supply-chain data breach: Stunning Risky Wake-up Call

Renault and Dacia have informed customers that a supplier’s data exposure may have leaked personal information, a reminder that one weak third party can put many at risk. If you own a Renault or Dacia, now’s the time to check communications, watch for phishing, and demand clearer, faster protections from automakers and their vendors.

Analyst 207
WestJet data breach: Exclusive Risk to Millions

WestJet data breach: Exclusive Risk to Millions

WestJet revealed a criminal intrusion that exposed personal and loyalty data for about 1.2 million customers, raising urgent questions about airline cybersecurity and what it means for your privacy. Read on to learn what happened, why stolen travel data is so dangerous, and simple steps you can take right now to protect yourself.

Analyst 207
data breach notices: Stunning Wave Risks 3.7M

data breach notices: Stunning Wave Risks 3.7M

About 3.7 million North Americans just received breach notices after incidents at Allianz Life, WestJet and a payroll software vendor — leaving many wondering what to do next and how to protect themselves. Read on for what happened, what to watch for, and simple steps you can take right now to guard your identity.

Analyst 207
data breach Shocking Harrods Supplier Risky Scandal

data breach Shocking Harrods Supplier Risky Scandal

Harrods says a third‑party supplier caused a breach that exposed about 430,000 customers, but that blame game leaves people hungry for clear details on what was taken and how they’ll be protected. As trust frays, customers and regulators will demand better transparency and tighter vendor oversight.

Analyst 207
supply chain breach: Risky Harrods Alert — Must-Read

supply chain breach: Risky Harrods Alert — Must-Read

If you shopped online at Harrods, a supply‑chain breach may have exposed customer data — a reminder that even luxury brands aren’t immune when a trusted vendor is compromised. Check your accounts, enable MFA, and watch for phishing while retailers tighten vendor security and transparency.

Analyst 207
Salesloft breach: Exclusive Risky Lawsuit Fallout

Salesloft breach: Exclusive Risky Lawsuit Fallout

Salesforce now faces a wave of lawsuits after customer data stolen from Salesloft surfaced in identity‑theft schemes, sparking a heated debate over who’s liable when third‑party integrations expose sensitive information. The outcome could reshape how platforms, vendors, and customers share responsibility for security in a cloud‑first world.

Analyst 207
Indian suppliers Risky: Stunning Global Breach Threat

Indian suppliers Risky: Stunning Global Breach Threat

A new report shows 53% of Indian vendors suffered third‑party breaches last year, spotlighting how one compromised supplier can cascade into global cyber crises and why supply‑chain security must be a shared priority.

Analyst 207
Google Threat Intelligence: Exclusive Risky 393-Day Breach

Google Threat Intelligence: Exclusive Risky 393-Day Breach

Google says China-linked attackers have quietly lived inside many enterprise networks since March — an average of 393 days — installing persistent backdoors and exfiltrating sensitive IP. The takeaway: tighten access, boost detection, and treat long dwell times as an urgent business and security priority.

Analyst 207
Scattered Spider: Must-Have Defenses Against Risky Attacks

Scattered Spider: Must-Have Defenses Against Risky Attacks

Scattered Spider is skipping the fences and walking through the front door by exploiting weak identity controls, help‑desk processes, and third‑party trust. Tightening phishing‑resistant authentication, enforcing least privilege, and hardening vendor and support workflows are the urgent, practical steps every organization must take.

Analyst 207