Skip to main content

Tag: vendor management

12 articles

Person holding letter with puzzled expression in hospital setting.

Breach Notice Error Fuels Patient Skepticism

A simple mistake on breach notices sent by third-party vendor Xsolis sparked skepticism among patients when the letters misnamed Rochester Regional Health as "Rochester Regional Medical Center", leading many to dismiss them as scams. This misstep undermined trust and raised questions about the effectiveness of the breach notification process.

Analyst 207
Brightly-lit office setting with server room in background and blurred computer terminal hinting at third-party vendor…

SoFi Hong Kong Breach Exposes Customer Data at Third-Party Vendor

SoFi Hong Kong recently discovered a data breach at a third-party vendor that exposed customer information, with unauthorized access detected on April 30, 2026. The company's investigation is ongoing, but it confirmed the breach originated from a vendor, not its internal systems.

Analyst 207
Government tech official stands in briefing room with subtle tech display behind.

Pentagon CTO Pushes Faster Tech Buying Process for Vendors

The Pentagon's CTO is shaking up the tech buying process, aiming for faster decisions for vendors - think "fast yeses and fast nos" to get small companies in and out quickly, avoiding years of uncertainty. This streamlined approach will create a single, efficient entry point for companies to showcase their tech.

Analyst 207
Dark cityscape with cracked shield in foreground and ghostly code streams in background, lone figure walking away.

AI Vendors Downplay Role in Security Vulnerabilities

AI vendors are caught in a contradictory spin cycle, urging companies to rely on AI to combat threats while downplaying security flaws, leaving customers wondering who's truly responsible for safeguarding their systems. When vulnerabilities arise, these vendors often claim it's simply their AI working as intended - a response that only fuels concerns about their maturity and accountability.

Analyst 207
Abandoned server room with vulnerable laptop and ghostly face on cracked screen.

McGraw Hill Breach Exposed by Salesforce Setup Flaw

A configuration error in Salesforce, a widely used customer relationship management platform, led to a data breach at McGraw Hill, exposing customer data and raising questions about vendor services and data stewardship. The incident highlights the importance of proper setup and management of third-party services to protect sensitive information.

Analyst 207
Ministry of Defence seeks Exclusive top £300K digital boss

Ministry of Defence seeks Exclusive top £300K digital boss

The Ministry of Defence is recruiting a senior digital leader — paid up to £300K — to oversee £4.6bn in tech spending and lead 3,000 specialists across AI, cloud and enterprise IT. Whoever fills the role will shape supplier choices, procurement priorities and the technology that keeps our forces ready.

Analyst 207
North Korean IT personas: Exclusive Risky Threat Revealed

North Korean IT personas: Exclusive Risky Threat Revealed

You won’t believe it until you see it: Okta uncovered convincing fake North Korean IT personas applying, interviewing, and even landing roles across tech, healthcare, finance and AI—using hiring pipelines as a stealthy route for espionage and exploitation. The takeaway: identity is the new perimeter, and companies must tighten onboarding, vetting and access controls before attackers turn routine hiring into a backdoor.

Analyst 207
third-party breaches: Stunning, Risky Wake-Up Call

third-party breaches: Stunning, Risky Wake-Up Call

Stellantis warns a third‑party supplier may have exposed customer personal data, leaving millions wondering what may actually means. Customers deserve clear answers about who was affected, what was leaked, and what protections will be offered.

Analyst 207
Scattered Spider: Must-Have Defenses Against Risky Attacks

Scattered Spider: Must-Have Defenses Against Risky Attacks

Scattered Spider is skipping the fences and walking through the front door by exploiting weak identity controls, help‑desk processes, and third‑party trust. Tightening phishing‑resistant authentication, enforcing least privilege, and hardening vendor and support workflows are the urgent, practical steps every organization must take.

Analyst 207
Hackers Breach Dutch Lab: Stunning Privacy Risk

Hackers Breach Dutch Lab: Stunning Privacy Risk

Half a million people who trusted a Dutch cancer‑screening lab with their most intimate health details have had that trust shattered after hackers stole sensitive records — a breach that threatens patient privacy, public‑health confidence, and the future of screening programs. As investigators work to pin down the scope, this crisis is a clear wake‑up call for stronger cybersecurity, better policies, and swift support for those affected.

Analyst 207
CrushFTP vulnerability: Exclusive Critical Alert

CrushFTP vulnerability: Exclusive Critical Alert

A critical CrushFTP flaw (CVE-2025-54309) lets remote attackers gain admin control over HTTPS—putting file servers, backups, and connected systems at serious risk. If you run CrushFTP, patch immediately, lock down access, and audit logs to ensure you’re not already compromised.

Analyst 207
AI Hiring Security: Exclusive Must-Have Fixes to Avoid Risk

AI Hiring Security: Exclusive Must-Have Fixes to Avoid Risk

The Paradox.ai breach shows how one weak password can destroy trust in AI hiring. Employers and vendors must lock down passwords, enable MFA, audit vendors, and enforce least-privilege access now to protect applicants’ data.

Analyst 207