third party compromise

The IoT threat landscape is expanding rapidly, yet few companies are addressing third party risk factors
There is a dramatic increase in IoT-related data breaches specifically due to an unsecured IoT device or application since 2017 – from 15 percent to 26 percent – and the …

Supply chain attacks: Mitigation and protection
In software development, a supply chain attack is typically performed by inserting malicious code into a code dependency or third-party service integration. Unlike typical …

Nearly half of firms suffer data breaches at hands of vendors
As trusted partners, third-party vendors often become the overlooked or unwitting accomplice in criminal activities. As privacy laws and cybersecurity regulations continue to …

Third-party cyber risk management is a burden on human and financial resources
Organizations and third parties see their third-party cyber risk management (TPCRM) practices as important but ineffective. There are four major takeaways for key decision …

Guilty by association: The reality of online retail third-party data leaks
Online retail activity continues to accelerate at a rampant pace and shows no signs of slowing down. According to the National Retail Federation (NRF), U.S. retail sales are …

Compromised ad company serves Magecart skimming code to hundreds of websites
Security researchers have flagged a new web-based supply chain attack by one of the cybercriminal groups that fall under the Magecart umbrella. The attackers managed to …

Third parties: Fast-growing risk to an organization’s sensitive data
The Ponemon Institute surveyed more than 1,000 CISOs and other security and risk professionals across the US and UK to understand the challenges companies face in protecting …

1 in 5 merchants compromised by Magecart get reinfected
The Magecart threat looms large for online retailers and their customers, as the criminal groups that have been assigned this collective name are constantly trying out new …

Attackers breached Statcounter to steal cryptocurrency from gate.io users
Web analytics company Statcounter and cryptocurrency exchange gate.io have been compromised in another supply-chain attack, which resulted in an unknown number of gate.io …

Hackers steal Pentagon personnel’s PI and credit card data
The U.S. Department of Defense confirmed on Friday that personal information and credit card data of some 30,000 U.S. military and civilian personnel has been compromised in a …

Magecart hacks Shopper Approved to simultaneously hit many e-commerce sites
The cybercriminal groups under the Magecart umbrella strike again and again, and one of them has apparently specialized in compromising third parties to more easily get in as …

Magecart compromises Feedify to get to hundreds of e-commerce sites
Customer engagement service Feedify has been hit by Magecart attackers, who repeatedly modified a script that it serves to a few hundred websites to include payment card …
Featured news
Resources
Don't miss
- Google patches actively exploited Chrome (CVE‑2025‑6554)
- Federal Reserve System CISO on aligning cyber risk management with transparency, trust
- How cybercriminals are weaponizing AI and what CISOs should do about it
- How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics
- CitrixBleed 2 might be actively exploited (CVE-2025-5777)