Insights and analysis from the CYBERSOL team.
The NIS2 Directive's grace period has ended. Across the EU, enforcement is now active.
The ManoMano breach—affecting 37.8 million customer records through compromised Zendesk subcontractor credentials—exposes a critical governance blind spot that...
Third parties now represent the primary attack surface across regulated industries, accounting for over 80% of compromised health records and serving as the dom
Palm Bay's second significant breach through a third-party payment processor in seven years is not an incident—it is evidence of governance failure.
When a cyberattack on a medical device manufacturer forces operating room cancellations across an entire metropolitan healthcare system, the failure is not...
Supply chain attacks have transitioned from opportunistic exploitation to systematized threat infrastructure.
The Marquis ransomware incident represents a structural failure in vendor risk governance that extends far beyond a single compromised organization. When a fint
When a vendor files a breach disclosure with the SEC, downstream customers often assume they will be notified through formal channels.
The breach at Navia Benefit Solutions affecting nearly 300 HackerOne employees illustrates a critical structural failure in third-party breach notification...
When a security vendor fails to notify a client of a breach affecting hundreds of employees, the incident reveals a structural governance vulnerability that...
When a third-party logistics provider suffers ransomware-driven data exfiltration, the governance failure is not confined to the victim organization.
The alleged breach of Pickett USA—a Tampa-based engineering firm serving Duke Energy Florida, Tampa Electric Company, and American Electric Power—represents a...
When a critical healthcare equipment manufacturer experiences nation-state cyberattack, the vendor's containment narrative often obscures structural governance...
GOSTA is an open-source specification for governing autonomous AI agents — defining decision authority, autonomy boundaries, kill conditions, and audit trails across a five-layer hierarchy. MIT licensed.
The TriZetto Provider Solutions breach—affecting 3.4 million individuals across healthcare systems—is not another routine HIPAA incident. It is a structural ind
The FCA and PRA's new operational incident and third-party reporting rules, effective March 2027, represent a material recalibration of how financial...
When a critical supplier's cybersecurity failure triggers a £1.5 billion government bailout, the governance failure extends far beyond the breached...
The CommonSpirit Health breach—triggered through a nested vendor chain (Pinnacle → NorthGauge → CommonSpirit)—exposes a structural governance failure that...
The Marquis Software Solutions ransomware incident is not simply a vendor breach. It is a structural governance failure that cascaded across 74 financial instit
The Marquis data breach—affecting 672,000 individuals across credit unions and banks—is not a typical vendor incident.
Browse by month