Insights and analysis from the CYBERSOL team.
When a service provider is compromised, the primary vendor becomes the regulatory defendant.
The failure of Bain Capital and PowerSchool to dismiss data breach claims affecting approximately 50 million individuals—students, parents, and...
Healthcare organizations face a persistent governance failure when third-party vendor breaches occur: the liability chain remains opaque, notification...
Ericsson's disclosure of a 15,000-record breach originating from a vendor social engineering attack—coupled with a seven-month notification delay—reveals a...
The cyberattack on Stryker—attributed to Iran-linked threat actors deploying destructive wiper malware—is not primarily a cybersecurity incident. It is a supply
Cadence Bank's $5.25 million settlement over a May 2023 MOVEit vulnerability breach exposes a critical governance asymmetry: financial institutions bear full...
The Marquis Software Solutions ransomware incident—affecting 74+ financial institutions and exposing between 400,000 and 780,000 consumers—is not primarily a cy
The Marquis ransomware incident—affecting 672,075 individuals through a fintech vendor embedded across hundreds of banking institutions—represents more than a...
The alleged AKIRA ransomware compromise of BDTRONIC—a German manufacturing vendor serving automotive, electronics, telecommunications, and renewable energy...
A reported breach of Navigate360's P3 Global Intel platform—a confidential tip-reporting system serving over 30,000 U.S. schools—represents far more than a data
The Interlock ransomware group's exploitation of CVE-2026-20131 in Cisco Secure Firewall Management Center—beginning January 26, weeks before public disclosure...
The Conduent breach—now affecting 25+ million individuals across multiple US states—is not primarily a cybersecurity incident.
The Conduent ransomware incident—affecting at least 25 million individuals across multiple U.S. states—is not primarily a cybersecurity story.
The Pickett USA breach—exposing 139 GB of operational engineering data linked to Duke Energy Florida, American Electric Power, and Tampa Electric Company—is...
Third-party vendor contracts—particularly those governing managed service providers (MSPs) and managed security service providers (MSSPs)—contain structural imb
Infosys McCamish Systems' $17.5 million class action settlement for a November 2023 LockBit ransomware attack reveals a fundamental structural weakness in how...
When 57,028 Bank of America customer records—including Social Security numbers and addresses—were compromised through Infosys McCamish Systems in November...
Stryker Corporation's March 2026 disclosure of a "global network disruption" to its Microsoft environment illustrates a systemic governance failure in how...
The SitusAMC breach affecting JP Morgan Chase, Citi, and Morgan Stanley reveals a structural governance failure that extends far beyond a single incident.
The SitusAMC breach affecting JPMorgan, Citi, Morgan Stanley, and other major US financial institutions represents more than a single vendor incident.
Browse by month