All CosmicBytez Labs articles tagged #Third-Party Risk, across news, security advisories, how-to guides, and projects.
Ernst & Young is notifying customers of a data breach stemming from the compromise of a third-party support ticket system used by its IT personnel, highlighting the continued risk posed by vendor and supply chain attacks on major enterprises.
German supermarket giant Lidl has notified customers in Germany, Belgium, and the Netherlands that personal data was stolen following a breach at one of its third-party service providers — a supply chain attack exposing the limits of vendor security controls in retail e-commerce.
Healthcare device giant Medtronic is sending breach notification letters to customers after ShinyHunters gained unauthorized access to personal data held...
Roughly two dozen companies have notified their customers of impact from the Klue-Salesforce breach incident — a cascade that now includes the hackers...
Nintendo of America has confirmed that approximately 1GB of employee data — including W-9 forms, bank statements, and HR survey responses — was...
An unnamed oncology institute has disclosed a data breach originating from a third-party vendor compromise, with TriZetto cited as one possible candidate.
Small accounting firms in rural Alberta have become primary ransomware targets in 2025–2026. The reasons are structural: high-value data, weak security…
SecurityScorecard has acquired Driftnet to expand visibility into third-party ecosystems, addressing growing supply chain attack risks that continue to...
Vimeo has confirmed that customer and user data was accessed without authorization following a security breach at Anodot, a data anomaly detection...
Vercel's security breach originated from the compromise of Context.ai, a third-party AI tool used by a company employee, allowing attackers to gain...
Stolen OAuth tokens from a compromised employee AI tool enabled attackers to pivot into Vercel's internal systems. Security researchers warn that...
Telehealth giant Hims & Hers Health is warning customers of a data breach after support tickets were stolen from a third-party customer service platform,...
Texas fintech Marquis Software Solutions has confirmed a ransomware attack in August 2025 exposed data of 672,000+ individuals and disrupted operations at...
Ericsson's U.S. subsidiary has disclosed a data breach after attackers hacked a third-party service provider between April 17–22, 2025, exposing names,...