Insights and analysis from the CYBERSOL team.
The Panera Bread breach—affecting 5.1 million customer records through what Security Boulevard identifies as potential third-party vendor compromise—exposes a s
When a Remote Monitoring and Management (RMM) platform becomes the attack vector for enterprise-scale ransomware, the failure is structural, not merely...
The Crunchyroll incident—in which attackers compromised a single customer support agent's Okta SSO credentials at vendor Telus International to access 8...
When U.S. federal agencies experience vendor data breaches—as alleged in the exposure of ICE and DHS contract and vendor information—the governance failure...
Vendor cybersecurity is routinely treated as a technical problem—a matter of security questionnaires, certifications, and penetration testing.
When a compromised vendor employee's device becomes the entry point to a 6.8-million-user data breach, the governance failure extends far beyond the vendor...
BN3 March 2026 — 56 third-party cyber incidents across financial services, healthcare, government, and critical infrastructure. Includes full index, executive summary, and month-at-a-glance statistics.
Supply chain attacks in 2025 were not merely technical incidents—they were governance failures. When attackers compromised DogWifTools' GitHub repository, backd
The Stryker cyber attack—a March 2026 compromise of the Michigan-based medical device manufacturer by Iranian-linked threat actors—exposes a structural...
The cyberattack on Stryker Corporation, claimed by Iran-backed threat actors, is not a isolated security incident—it is a structural governance failure that...
The HHS Office for Civil Rights Breach Portal is not merely a reporting mechanism—it is a regulatory enforcement architecture that transforms vendor breaches...
The compromise of a U.S. bank, airport operator, and defense-sector software supplier by Iranian APT group Seedworm represents a structural governance failure...
New York City Health + Hospitals' notification of two separate third-party breaches—one affecting 90,000 patients through a care management partner, another...
The compromise of widely-adopted third-party tools—exemplified by the Trivy supply chain incident—exposes a structural governance failure that extends far...
When a Colorado vendor's 2024 security failure exposed personal information for 19,000 Corewell Health patients in Michigan, the healthcare organization became...
The reported compromise of JT-ATFP, LLC by NIGHTSPIRE ransomware—involving exfiltration of classified contracts, employee records, and Department of Defense...
The Conduent Business Services data breach—affecting over 10 million healthcare customers across a three-month detection-to-disclosure window—represents a struc
Third-party compromise has ceased to be a peripheral risk category. According to SecurityScorecard's 2025 Global Third-Party Breach Report, 35.5% of all breache
Third-party vendor breaches represent a structural governance blind spot that extends far beyond individual institutions.
Worcester's emergency notification system breach—originating from third-party provider OnSolve CodeRED in November 2025—is not a technology incident.
Browse by month