#vendor-security — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #vendor-security, aggregated by home.social.
-
Third-party ecosystems are structurally exposed.
Black Kite’s 2026 report reframes supply chain cyber risk from “weakest link” theory to concentration dynamics.Key systemic indicators:
• 5.28 downstream victims per breach (2025 average)
• 10-day median detection vs. 73-day median disclosure
• 53%+ organizations with at least one critical vulnerability
• 23%+ with corporate credentials exposedTop 50 shared vendors:
– 70% KEV exposure
– 84% CVSS ≥ 8
– 62% stealer-log credential presence
– 52% breach historyShared infrastructure nodes are now strategic attack surfaces.
Security teams must shift toward:
Dependency mapping
Concentration analytics
Active intelligence monitoring
Exposure propagation modeling
Is your organization modeling systemic fragility — or auditing in isolation?Engage below.
Follow TechNadu for advanced infosec, vendor risk, and threat intelligence coverage.#Infosec #ThirdPartyRisk #VendorSecurity #ThreatIntelligence #CISAKEV #CyberExposure #Ransomware #SupplyChainSecurity #SecurityEngineering #CyberResilience #RiskAnalytics
-
Third-party breach, 38M impacted, European e-commerce sector.
ManoMano disclosed unauthorized access linked to a subcontracted customer support provider. Exposed data reportedly includes PII and support communications.
Authorities notified: CNIL, ANSSI.
Passwords not reportedly accessed.
Subcontractor access revoked.Key risk vectors:
– SaaS support platforms
– Vendor access governance
– Over-retention of ticketing data
– Centralized customer communication logs
– Supply chain attack surface expansionThis case reinforces that vendor monitoring must go beyond contractual clauses — continuous assessment, least privilege enforcement, data minimization strategies.
How mature is your third-party risk telemetry?
Engage below.Follow @technadu for high-signal infosec reporting.
Repost to amplify awareness across the security community.
#Infosec #ThirdPartyRisk #VendorSecurity #SupplyChainSecurity #DataBreach #GDPRCompliance #EcommerceSecurity #CyberRiskManagement #SecurityOperations #GRC
-
Third-party breach, 38M impacted, European e-commerce sector.
ManoMano disclosed unauthorized access linked to a subcontracted customer support provider. Exposed data reportedly includes PII and support communications.
Authorities notified: CNIL, ANSSI.
Passwords not reportedly accessed.
Subcontractor access revoked.Key risk vectors:
– SaaS support platforms
– Vendor access governance
– Over-retention of ticketing data
– Centralized customer communication logs
– Supply chain attack surface expansionThis case reinforces that vendor monitoring must go beyond contractual clauses — continuous assessment, least privilege enforcement, data minimization strategies.
How mature is your third-party risk telemetry?
Engage below.Follow @technadu for high-signal infosec reporting.
Repost to amplify awareness across the security community.
#Infosec #ThirdPartyRisk #VendorSecurity #SupplyChainSecurity #DataBreach #GDPRCompliance #EcommerceSecurity #CyberRiskManagement #SecurityOperations #GRC
-
OpenAI has reported that a breach at Mixpanel exposed limited API-user metadata, including names, emails, coarse location, OS/browser details and IDs.
This was not an OpenAI breach, and no chat content, credentials, API keys or payment data were exposed.
The incident resulted from a smishing compromise of Mixpanel’s environment.
OpenAI has fully removed Mixpanel and is conducting wider vendor audits.
How concerned should teams be about metadata exposure at third-party analytics providers?Full Article: https://www.technadu.com/mixpanel-breach-exposes-limited-openai-api-user-analytics-data/614756/
Follow us for more security coverage.
#infosec #OpenAI #Mixpanel #databreach #smishing #securityincident #MFA #vendorsecurity #securitynews -
OpenAI has reported that a breach at Mixpanel exposed limited API-user metadata, including names, emails, coarse location, OS/browser details and IDs.
This was not an OpenAI breach, and no chat content, credentials, API keys or payment data were exposed.
The incident resulted from a smishing compromise of Mixpanel’s environment.
OpenAI has fully removed Mixpanel and is conducting wider vendor audits.
How concerned should teams be about metadata exposure at third-party analytics providers?Full Article: https://www.technadu.com/mixpanel-breach-exposes-limited-openai-api-user-analytics-data/614756/
Follow us for more security coverage.
#infosec #OpenAI #Mixpanel #databreach #smishing #securityincident #MFA #vendorsecurity #securitynews -
OpenAI confirmed that limited API-user data was exposed through a breach at its previous analytics provider, Mixpanel. The dataset included names, emails, coarse location, user/organization IDs, and technical metadata — but no chats, passwords, API keys, or payment data.
Researchers noted that sending identifiable data to analytics tools isn’t aligned with typical security best practices.
What’s your view on data minimization in analytics pipelines?
Source: https://cybernews.com/security/openai-mixpanel-cybersecurity-incident-breach/
Share your thoughts - and follow us for more updates.
#InfoSec #CyberSecurity #DataPrivacy #OpenAI #Mixpanel #APISecurity #DataBreach #VendorSecurity #ThreatIntel #SecurityEngineering #TechNews
-
OpenAI confirmed that limited API-user data was exposed through a breach at its previous analytics provider, Mixpanel. The dataset included names, emails, coarse location, user/organization IDs, and technical metadata — but no chats, passwords, API keys, or payment data.
Researchers noted that sending identifiable data to analytics tools isn’t aligned with typical security best practices.
What’s your view on data minimization in analytics pipelines?
Source: https://cybernews.com/security/openai-mixpanel-cybersecurity-incident-breach/
Share your thoughts - and follow us for more updates.
#InfoSec #CyberSecurity #DataPrivacy #OpenAI #Mixpanel #APISecurity #DataBreach #VendorSecurity #ThreatIntel #SecurityEngineering #TechNews
-
Farmers Insurance just faced a brutal breach through a vendor—exposing sensitive data in just a day. What went wrong, and what can organizations learn to stay one step ahead? Dive into the lessons and insider tips on cybersecurity resilience.
#databreach
#cybersecurity
#vendorsecurity
#dataprotection
#incidentresponse -
Third-Party Risk is a Top Threat in 2025—Are You Ready? From breaches to AI-driven vendor risks, third-party risk is evolving fast. Learn how to secure your vendor ecosystem & reduce risk. Watch now! https://youtu.be/HV-Ysn6-ZxQ
#Cybersecurity #TPRM #VendorSecurity #AI #RiskManagement #CISO
-
Third-Party Risk is a Top Threat in 2025—Are You Ready? From breaches to AI-driven vendor risks, third-party risk is evolving fast. Learn how to secure your vendor ecosystem & reduce risk. Watch now! https://youtu.be/HV-Ysn6-ZxQ
#Cybersecurity #TPRM #VendorSecurity #AI #RiskManagement #CISO
-
@JayeLTee Take a look at this -- Khalil Center really responded quickly to responsible disclosure:
https://databreaches.net/2025/01/03/khalil-centers-impressively-rapid-incident-response/
#dataleak #ransom #incidentresponse #HIPAA #disclsoure #businessassociate #vendorsecurity
-
@JayeLTee Take a look at this -- Khalil Center really responded quickly to responsible disclosure:
https://databreaches.net/2025/01/03/khalil-centers-impressively-rapid-incident-response/
#dataleak #ransom #incidentresponse #HIPAA #disclsoure #businessassociate #vendorsecurity
-
Combat the rise in stolen source code incidents that is increasing your organization's #ThirdPartyRisk! Watch our 3-minute video to learn about real cases of source code theft, #darkweb listings, and how vendors can be weak links in your organization's #cybersecurity. https://youtu.be/Xg-UkNbP31c
#RiskManagement #VendorSecurity #DataBreach #TPRM #infosec #cyberaware #SMB #DFIR #security #CISO