home.social

#vendor-security — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #vendor-security, aggregated by home.social.

fetched live
  1. Third-party ecosystems are structurally exposed.
    Black Kite’s 2026 report reframes supply chain cyber risk from “weakest link” theory to concentration dynamics.

    Key systemic indicators:
    • 5.28 downstream victims per breach (2025 average)
    • 10-day median detection vs. 73-day median disclosure
    • 53%+ organizations with at least one critical vulnerability
    • 23%+ with corporate credentials exposed

    Top 50 shared vendors:
    – 70% KEV exposure
    – 84% CVSS ≥ 8
    – 62% stealer-log credential presence
    – 52% breach history

    Shared infrastructure nodes are now strategic attack surfaces.
    Security teams must shift toward:
    Dependency mapping
    Concentration analytics
    Active intelligence monitoring
    Exposure propagation modeling
    Is your organization modeling systemic fragility — or auditing in isolation?

    Source: blackkite.com/press-releases/b

    Engage below.
    Follow TechNadu for advanced infosec, vendor risk, and threat intelligence coverage.

    #Infosec #ThirdPartyRisk #VendorSecurity #ThreatIntelligence #CISAKEV #CyberExposure #Ransomware #SupplyChainSecurity #SecurityEngineering #CyberResilience #RiskAnalytics

  2. Third-party breach, 38M impacted, European e-commerce sector.
    ManoMano disclosed unauthorized access linked to a subcontracted customer support provider. Exposed data reportedly includes PII and support communications.
    Authorities notified: CNIL, ANSSI.
    Passwords not reportedly accessed.
    Subcontractor access revoked.

    Key risk vectors:
    – SaaS support platforms
    – Vendor access governance
    – Over-retention of ticketing data
    – Centralized customer communication logs
    – Supply chain attack surface expansion

    This case reinforces that vendor monitoring must go beyond contractual clauses — continuous assessment, least privilege enforcement, data minimization strategies.

    How mature is your third-party risk telemetry?
    Engage below.

    Source: bleepingcomputer.com/news/secu

    Follow @technadu for high-signal infosec reporting.

    Repost to amplify awareness across the security community.

    #Infosec #ThirdPartyRisk #VendorSecurity #SupplyChainSecurity #DataBreach #GDPRCompliance #EcommerceSecurity #CyberRiskManagement #SecurityOperations #GRC

  3. Third-party breach, 38M impacted, European e-commerce sector.
    ManoMano disclosed unauthorized access linked to a subcontracted customer support provider. Exposed data reportedly includes PII and support communications.
    Authorities notified: CNIL, ANSSI.
    Passwords not reportedly accessed.
    Subcontractor access revoked.

    Key risk vectors:
    – SaaS support platforms
    – Vendor access governance
    – Over-retention of ticketing data
    – Centralized customer communication logs
    – Supply chain attack surface expansion

    This case reinforces that vendor monitoring must go beyond contractual clauses — continuous assessment, least privilege enforcement, data minimization strategies.

    How mature is your third-party risk telemetry?
    Engage below.

    Source: bleepingcomputer.com/news/secu

    Follow @technadu for high-signal infosec reporting.

    Repost to amplify awareness across the security community.

    #Infosec #ThirdPartyRisk #VendorSecurity #SupplyChainSecurity #DataBreach #GDPRCompliance #EcommerceSecurity #CyberRiskManagement #SecurityOperations #GRC

  4. OpenAI has reported that a breach at Mixpanel exposed limited API-user metadata, including names, emails, coarse location, OS/browser details and IDs.

    This was not an OpenAI breach, and no chat content, credentials, API keys or payment data were exposed.

    The incident resulted from a smishing compromise of Mixpanel’s environment.

    OpenAI has fully removed Mixpanel and is conducting wider vendor audits.
    How concerned should teams be about metadata exposure at third-party analytics providers?

    Full Article: technadu.com/mixpanel-breach-e

    Follow us for more security coverage.
    #infosec #OpenAI #Mixpanel #databreach #smishing #securityincident #MFA #vendorsecurity #securitynews

  5. OpenAI has reported that a breach at Mixpanel exposed limited API-user metadata, including names, emails, coarse location, OS/browser details and IDs.

    This was not an OpenAI breach, and no chat content, credentials, API keys or payment data were exposed.

    The incident resulted from a smishing compromise of Mixpanel’s environment.

    OpenAI has fully removed Mixpanel and is conducting wider vendor audits.
    How concerned should teams be about metadata exposure at third-party analytics providers?

    Full Article: technadu.com/mixpanel-breach-e

    Follow us for more security coverage.
    #infosec #OpenAI #Mixpanel #databreach #smishing #securityincident #MFA #vendorsecurity #securitynews

  6. OpenAI confirmed that limited API-user data was exposed through a breach at its previous analytics provider, Mixpanel. The dataset included names, emails, coarse location, user/organization IDs, and technical metadata — but no chats, passwords, API keys, or payment data.

    Researchers noted that sending identifiable data to analytics tools isn’t aligned with typical security best practices.

    What’s your view on data minimization in analytics pipelines?

    Source: cybernews.com/security/openai-

    Share your thoughts - and follow us for more updates.

    #InfoSec #CyberSecurity #DataPrivacy #OpenAI #Mixpanel #APISecurity #DataBreach #VendorSecurity #ThreatIntel #SecurityEngineering #TechNews

  7. OpenAI confirmed that limited API-user data was exposed through a breach at its previous analytics provider, Mixpanel. The dataset included names, emails, coarse location, user/organization IDs, and technical metadata — but no chats, passwords, API keys, or payment data.

    Researchers noted that sending identifiable data to analytics tools isn’t aligned with typical security best practices.

    What’s your view on data minimization in analytics pipelines?

    Source: cybernews.com/security/openai-

    Share your thoughts - and follow us for more updates.

    #InfoSec #CyberSecurity #DataPrivacy #OpenAI #Mixpanel #APISecurity #DataBreach #VendorSecurity #ThreatIntel #SecurityEngineering #TechNews

  8. Farmers Insurance just faced a brutal breach through a vendor—exposing sensitive data in just a day. What went wrong, and what can organizations learn to stay one step ahead? Dive into the lessons and insider tips on cybersecurity resilience.

    thedefendopsdiaries.com/farmer

    #databreach
    #cybersecurity
    #vendorsecurity
    #dataprotection
    #incidentresponse

  9. Third-Party Risk is a Top Threat in 2025—Are You Ready? From breaches to AI-driven vendor risks, third-party risk is evolving fast. Learn how to secure your vendor ecosystem & reduce risk. Watch now! youtu.be/HV-Ysn6-ZxQ

    #Cybersecurity #TPRM #VendorSecurity #AI #RiskManagement #CISO

  10. Third-Party Risk is a Top Threat in 2025—Are You Ready? From breaches to AI-driven vendor risks, third-party risk is evolving fast. Learn how to secure your vendor ecosystem & reduce risk. Watch now! youtu.be/HV-Ysn6-ZxQ

    #Cybersecurity #TPRM #VendorSecurity #AI #RiskManagement #CISO

  11. Combat the rise in stolen source code incidents that is increasing your organization's #ThirdPartyRisk! Watch our 3-minute video to learn about real cases of source code theft, #darkweb listings, and how vendors can be weak links in your organization's #cybersecurity. youtu.be/Xg-UkNbP31c

    #RiskManagement #VendorSecurity #DataBreach #TPRM #infosec #cyberaware #SMB #DFIR #security #CISO