Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1814+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. News
  3. SecurityScorecard Acquires Driftnet to Boost Third-Party
SecurityScorecard Acquires Driftnet to Boost Third-Party
NEWS

SecurityScorecard Acquires Driftnet to Boost Third-Party

SecurityScorecard has acquired Driftnet to expand visibility into third-party ecosystems, addressing growing supply chain attack risks that continue to...

Dylan H.

News Desk

May 17, 2026
3 min read

SecurityScorecard has announced the acquisition of Driftnet, a threat intelligence firm specializing in third-party ecosystem visibility, in a move designed to address the expanding attack surface created by interconnected vendor relationships.

The deal reflects the cybersecurity industry's growing recognition that traditional perimeter defenses are insufficient when adversaries can breach an organization through its suppliers, partners, and service providers — a threat vector that has become one of the most exploited in recent years.

What Driftnet Brings

Driftnet focuses on mapping and monitoring third-party digital ecosystems, providing organizations with real-time visibility into the security posture of their vendors and supply chain partners. Key capabilities include:

  • Continuous third-party monitoring across vendor networks
  • Attack surface discovery for unknown or shadow vendor relationships
  • Supply chain risk scoring integrated into existing security workflows
  • Threat correlation linking external breach data to specific third-party exposures

By absorbing Driftnet's technology, SecurityScorecard aims to close a visibility gap that has enabled many high-profile supply chain compromises in recent years.

The Supply Chain Threat Landscape

Supply chain attacks have surged dramatically. The SolarWinds compromise, 3CX trojanization, XZ Utils backdoor, and more recent campaigns like the npm-based Mini Shai Hulud worm demonstrate that attackers increasingly target trusted software and service providers rather than hardened enterprise targets directly.

According to industry data, over 60% of significant data breaches now involve a third-party component. Yet most organizations have limited visibility beyond their immediate tier-1 vendors — let alone the extended web of subprocessors and software dependencies those vendors rely on.

SecurityScorecard's Strategic Play

SecurityScorecard has built its business on cybersecurity ratings — assigning grades to organizations based on externally observable security signals. Adding Driftnet's ecosystem mapping capabilities extends that model deeper into supply chains, allowing customers to:

  • Identify risky vendor relationships before a breach occurs
  • Receive alerts when a supplier's security posture degrades
  • Map transitive risk through multiple supply chain tiers

The acquisition also positions SecurityScorecard competitively against risk management platforms that have been building similar capabilities, including BitSight, Prevalent, and ProcessUnity.

Industry Implications

The deal is part of a broader consolidation wave in the third-party risk management space. As regulatory frameworks like DORA (Digital Operational Resilience Act) in the EU impose new requirements for supply chain due diligence, demand for automated vendor risk tools is accelerating.

For security teams, the message is clear: understanding your own attack surface is no longer sufficient. You need visibility into the attack surfaces of everyone you do business with.

Sources

  • Dark Reading: SecurityScorecard Snags Driftnet to Level Up Threat Intelligence

Related Reading

  • Diesel Vortex: Russian Cybercrime Ring Steals 1,649
  • GlassWorm Escalates: 72 Malicious Open VSX Extensions Use
  • New Speagle Malware Hijacks Cobra DocGuard for
#Supply Chain#Threat Intelligence#Acquisitions#Third-Party Risk

Related Articles

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

JFrog researchers attribute a fresh npm supply chain campaign to North Korea's Lazarus Group. Malicious packages impersonating Rollup polyfill tooling...

4 min read

North Korean Hackers Publish 108 Malicious Packages in PolinRider Campaign

Threat actors linked to North Korea's Contagious Interview campaign have published 108 malicious packages and browser extensions across npm, Packagist,...

4 min read

More Klue Breach Victims Identified as Hackers Get Hacked

Roughly two dozen companies have notified their customers of impact from the Klue-Salesforce breach incident — a cascade that now includes the hackers...

5 min read
Back to all News