Tag: vendor management
12 articles

Breach Notice Error Fuels Patient Skepticism
A simple mistake on breach notices sent by third-party vendor Xsolis sparked skepticism among patients when the letters misnamed Rochester Regional Health as "Rochester Regional Medical Center", leading many to dismiss them as scams. This misstep undermined trust and raised questions about the effectiveness of the breach notification process.

SoFi Hong Kong Breach Exposes Customer Data at Third-Party Vendor
SoFi Hong Kong recently discovered a data breach at a third-party vendor that exposed customer information, with unauthorized access detected on April 30, 2026. The company's investigation is ongoing, but it confirmed the breach originated from a vendor, not its internal systems.

Pentagon CTO Pushes Faster Tech Buying Process for Vendors
The Pentagon's CTO is shaking up the tech buying process, aiming for faster decisions for vendors - think "fast yeses and fast nos" to get small companies in and out quickly, avoiding years of uncertainty. This streamlined approach will create a single, efficient entry point for companies to showcase their tech.

AI Vendors Downplay Role in Security Vulnerabilities
AI vendors are caught in a contradictory spin cycle, urging companies to rely on AI to combat threats while downplaying security flaws, leaving customers wondering who's truly responsible for safeguarding their systems. When vulnerabilities arise, these vendors often claim it's simply their AI working as intended - a response that only fuels concerns about their maturity and accountability.

McGraw Hill Breach Exposed by Salesforce Setup Flaw
A configuration error in Salesforce, a widely used customer relationship management platform, led to a data breach at McGraw Hill, exposing customer data and raising questions about vendor services and data stewardship. The incident highlights the importance of proper setup and management of third-party services to protect sensitive information.

Ministry of Defence seeks Exclusive top £300K digital boss
The Ministry of Defence is recruiting a senior digital leader — paid up to £300K — to oversee £4.6bn in tech spending and lead 3,000 specialists across AI, cloud and enterprise IT. Whoever fills the role will shape supplier choices, procurement priorities and the technology that keeps our forces ready.

North Korean IT personas: Exclusive Risky Threat Revealed
You won’t believe it until you see it: Okta uncovered convincing fake North Korean IT personas applying, interviewing, and even landing roles across tech, healthcare, finance and AI—using hiring pipelines as a stealthy route for espionage and exploitation. The takeaway: identity is the new perimeter, and companies must tighten onboarding, vetting and access controls before attackers turn routine hiring into a backdoor.

third-party breaches: Stunning, Risky Wake-Up Call
Stellantis warns a third‑party supplier may have exposed customer personal data, leaving millions wondering what may actually means. Customers deserve clear answers about who was affected, what was leaked, and what protections will be offered.

Scattered Spider: Must-Have Defenses Against Risky Attacks
Scattered Spider is skipping the fences and walking through the front door by exploiting weak identity controls, help‑desk processes, and third‑party trust. Tightening phishing‑resistant authentication, enforcing least privilege, and hardening vendor and support workflows are the urgent, practical steps every organization must take.

Hackers Breach Dutch Lab: Stunning Privacy Risk
Half a million people who trusted a Dutch cancer‑screening lab with their most intimate health details have had that trust shattered after hackers stole sensitive records — a breach that threatens patient privacy, public‑health confidence, and the future of screening programs. As investigators work to pin down the scope, this crisis is a clear wake‑up call for stronger cybersecurity, better policies, and swift support for those affected.

CrushFTP vulnerability: Exclusive Critical Alert
A critical CrushFTP flaw (CVE-2025-54309) lets remote attackers gain admin control over HTTPS—putting file servers, backups, and connected systems at serious risk. If you run CrushFTP, patch immediately, lock down access, and audit logs to ensure you’re not already compromised.

AI Hiring Security: Exclusive Must-Have Fixes to Avoid Risk
The Paradox.ai breach shows how one weak password can destroy trust in AI hiring. Employers and vendors must lock down passwords, enable MFA, audit vendors, and enforce least-privilege access now to protect applicants’ data.