Third-party ecosystems are structurally exposed.
Black Kite’s 2026 report reframes supply chain cyber risk from “weakest link” theory to concentration dynamics.

Key systemic indicators:
• 5.28 downstream victims per breach (2025 average)
• 10-day median detection vs. 73-day median disclosure
• 53%+ organizations with at least one critical vulnerability
• 23%+ with corporate credentials exposed

Top 50 shared vendors:
– 70% KEV exposure
– 84% CVSS ≥ 8
– 62% stealer-log credential presence
– 52% breach history

Shared infrastructure nodes are now strategic attack surfaces.
Security teams must shift toward:
Dependency mapping
Concentration analytics
Active intelligence monitoring
Exposure propagation modeling
Is your organization modeling systemic fragility — or auditing in isolation?

Source: https://blackkite.com/press-releases/black-kites-2026-third-party-breach-report-identifies-risk-concentration-as-the-primary-catalyst-for-global-cascading-failures

Engage below.
Follow TechNadu for advanced infosec, vendor risk, and threat intelligence coverage.

#Infosec #ThirdPartyRisk #VendorSecurity #ThreatIntelligence #CISAKEV #CyberExposure #Ransomware #SupplyChainSecurity #SecurityEngineering #CyberResilience #RiskAnalytics

Third-party breach, 38M impacted, European e-commerce sector.
ManoMano disclosed unauthorized access linked to a subcontracted customer support provider. Exposed data reportedly includes PII and support communications.
Authorities notified: CNIL, ANSSI.
Passwords not reportedly accessed.
Subcontractor access revoked.

Key risk vectors:
– SaaS support platforms
– Vendor access governance
– Over-retention of ticketing data
– Centralized customer communication logs
– Supply chain attack surface expansion

This case reinforces that vendor monitoring must go beyond contractual clauses — continuous assessment, least privilege enforcement, data minimization strategies.

How mature is your third-party risk telemetry?
Engage below.

Source: https://www.bleepingcomputer.com/news/security/european-dyi-chain-manomano-data-breach-impacts-38-million-customers/

Follow @technadu for high-signal infosec reporting.

Repost to amplify awareness across the security community.

#Infosec #ThirdPartyRisk #VendorSecurity #SupplyChainSecurity #DataBreach #GDPRCompliance #EcommerceSecurity #CyberRiskManagement #SecurityOperations #GRC

Adidas probes third-party breach after Lapsus$ Group actor claims 815K records stolen.
Supply chain exposure in focus.

https://www.technadu.com/adidas-data-breach-investigation-underway-following-third-party-intrusion-claims-by-lapsus-group/620523/

#Infosec #DataBreach #ThirdPartyRisk

700+ passport scans exposed via unsecured cloud server at Abu Dhabi Finance Week.
Third-party vendor misconfiguration blamed.

🔗 https://www.technadu.com/abu-dhabi-finance-week-data-leak-exposes-global-figures-passport-information-in-cloud-server-lapse/620424/

#DataBreach #CloudSecurity #ThirdPartyRisk #InfoSec

Volvo employee data exposed after Conduent HR breach.

• 16,991 health plan files accessed
• SSNs + medical data potentially exposed
• 3-month attacker dwell time
• SafePay claims 8.5TB stolen

Supply chain ransomware impact continues to scale.

https://www.technadu.com/automotive-giant-volvo-employee-information-exposed-via-third-party-conduent-data-breach/619829/

#DataBreach #Ransomware #ThirdPartyRisk #InfoSec

Coinbase’s insider breach is a reminder that our biggest risks sit inside the tools we trust most. One contractor overpowered support access & customer data on Telegram. 🔗 https://zurl.co/vsIJh #InsiderThreats #CyberSecurity #Coinbase #SaaS #vCISO #ZeroTrust #ThirdPartyRisk

Flickr disclosed potential user data exposure after a vulnerability in a third-party email provider.
Names, emails, IPs possibly affected; passwords not exposed.

https://www.technadu.com/flickr-discloses-potential-data-exposure-following-third-party-email-provider-vulnerability/619653/

#InfoSec #DataBreach #ThirdPartyRisk

Coinbase has confirmed an insider-related incident involving improper access to customer support tools by a contractor, impacting approximately 30 users.

The case reinforces a recurring security theme: third-party and BPO access continues to be a high-value target, often exploited through insider misuse rather than technical vulnerabilities.

As more organizations externalize support operations, visibility, least-privilege enforcement, and insider threat detection remain critical control points.

💬 How are teams effectively reducing BPO insider risk today?

Source: https://www.bleepingcomputer.com/news/security/coinbase-confirms-insider-breach-linked-to-leaked-support-tool-screenshots/

➕ Follow @technadu for sober, detail-oriented infosec coverage

#Infosec #InsiderThreat #ThirdPartyRisk #BPO #Coinbase #SecurityOperations

An alleged ransomware incident involving Apple partner Luxshare highlights ongoing supply-chain exposure risks.

RansomHub claims access to internal engineering data, though details remain unverified and no confirmation has been issued by the company.

The case reinforces the importance of third-party risk management, incident verification, and measured public communication.

Follow TechNadu for factual, non-speculative cybersecurity reporting.

#Infosec #Ransomware #SupplyChainSecurity #ThirdPartyRisk #CyberSecurity #TechNadu

🔗 Supply Chain Attacks Put Businesses at Risk
Attackers often enter through vendors or partners, not directly. One weak link can expose your entire organisation — secure third-party access and integrations. 🔐

#CyberSecurity #SupplyChainSecurity #ThirdPartyRisk #InfosecK2K

Grubhub confirms unauthorized data access in a recent breach.
• Data theft acknowledged
• Extortion attempts suspected
• Possible third-party credential compromise
• Customer financial data reportedly unaffected

https://www.technadu.com/grubhub-breach-data-theft-confirmed-extortion-suspected/618400/

#DataBreach #ThirdPartyRisk #InfoSec

Anchorage Police Department shut down specific servers and disabled vendor access after being notified that a third-party service provider was targeted in a cyber incident.

The department reports:
• No evidence of compromise to internal systems
• Proactive isolation and data removal measures
• Ongoing third-party investigation

This incident reinforces the importance of third-party risk visibility, contractual security controls, and rapid containment - even when direct impact is not confirmed.

How do you approach precautionary response when vendor exposure is suspected but unverified?

Source: https://dysruptionhub.com/anchorage-police-cyber-incident-alaska/

Share insights and follow @technadu for measured, fact-based security reporting.

#InfoSec #ThirdPartyRisk #IncidentResponse #PublicSectorSecurity #CyberGovernance #TechNadu

🔗 Europe Sees Rise in Supply Chain Cyber Attacks
Attackers are targeting third-party vendors to access systems and data. Strengthen vendor risk management and third-party access controls to reduce exposure. 🔐

#CyberSecurity #SupplyChainSecurity #ThirdPartyRisk #InfosecK2K

ESA is assessing claims of a data exposure involving hundreds of gigabytes of internal and contractor-linked information, following a prior incident disclosed weeks earlier.

Alleged data types include operational procedures, satellite system documentation, and third-party materials - highlighting challenges around:
Long-term identity and access management
Vendor and contractor trust boundaries
Monitoring across complex, distributed environments

This case reinforces the importance of continuous risk assessment and defense-in-depth, especially for organizations supporting critical infrastructure and research missions.

What defensive control would you prioritize in environments like this?

Source: https://www.theregister.com/2026/01/07/european_space_agency_breach_criminal_probe/

Engage in the discussion and follow TechNadu for objective InfoSec reporting.

#InfoSec #CyberDefense #ThirdPartyRisk #CriticalInfrastructure #SecurityOperations #TechNadu

Ledger has disclosed a customer data exposure related to a third-party payment processor, Global-e, involving personal contact information.

The incident underscores persistent third-party risk challenges, particularly where external services process or store customer data. Vendor security posture and contractual controls remain critical components of overall risk management.

From an infosec standpoint, what controls best reduce downstream exposure from partners?

Source: https://www.linkedin.com/posts/hackmanac_cyber-alert-ledger-had-another-data-activity-7413919829784551424-W_i-/

Share insights and follow @technadu for objective infosec coverage.

#ThirdPartyRisk #DataProtection #CryptoSecurity #Infosec #PrivacyEngineering #VendorManagement

Marquis Software ransomware attack has exposed sensitive customer data across multiple U.S. banks.

• Vendor-level breach
• SSNs & financial data exfiltrated
• Up to 1.35M individuals potentially impacted

https://www.technadu.com/marquis-software-ransomware-attack-impacts-financial-institutions-artisans-bank-and-verabank-confirm-data-exposure/617173/

#InfoSec #Ransomware #ThirdPartyRisk #BankingSecurity

NHS supplier DXS International confirms a data breach affecting office servers.

DevMan ransomware group claims 300GB data theft; services reportedly unaffected.

https://www.technadu.com/nhs-tech-provider-dxs-international-confirms-data-breach-claimed-by-devman-ransomware-group/616211/

Vendor risk in healthcare remains a major concern.

#Ransomware #HealthcareCyber #ThirdPartyRisk

No malware, no exploits.

The #700Credit data breach shows how dangerous trusted access has become. Attackers abused valid API credentials from a compromised integration partner, extracted millions of records, and moved straight to underground resale.

Our TI team analyzes how the breach unfolded, the underground activity observed, and the security lessons that matter most.
🔵 Read here: https://outpost24.com/blog/700credit-data-breach/

#CyberRisk #ThirdPartyRisk #APISecurity #ThreatIntelligence

A single cloud outage can disrupt every core system you depend on, which is why digital resilience has to extend far beyond traditional continuity planning.

In this quick video, we outline five steps every CISO should prioritize—from mapping third- and fourth-party dependencies to running cloud-outage tabletop exercises that mirror real conditions. Watch it here: https://www.youtube.com/watch?v=-fgyWb1dq_g

#DigitalResilience #CloudSecurity #BusinessContinuity #IncidentResponse #CISO #RiskManagement #ThirdPartyRisk #InfoSec

🤝 Your business is only as secure as your vendors.
⚠️ Third-party risks are real—always check your vendors’ cybersecurity posture.
👉 https://zurl.co/dsvgN

#CyberSecurity #ThirdPartyRisk #VendorManagement #Zevonix