Stay informed on the latest in vendor information security, from third-party risks to supply chain defense strategies, all in one dedicated tag page.
Search across headline titles and summaries.
Background for this topic.
Vendor is a term that denotes an organization or company that sells goods or services to another entity. In the context of information security, the term takes on a more specific role, encompassing providers of hardware, software, and cybersecurity solutions that are tasked with protecting digital information from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction.
Vendor relationships become significant from a cyber security perspective as they may have direct access to an organization’s data, processes, or IT infrastructure. Effective vendor management is critical for maintaining information security, as third-party vendors can potentially introduce vulnerabilities or threats into an organization’s systems. Such vulnerabilities could arise from inadequate security practices, poorly designed software, or even from the vendor's personnel.
It's essential for any entity relying on external vendors for their operations to establish rigorous security protocols and conduct thorough assessments of their vendors' security policies and practices. The goal is for all parties to comply with industry standards and regulations to safeguard sensitive information and maintain robust defenses against cyber threats.
Weekly headline count for the current query.
NetScaler vendor issued a patch but otherwise, stony silence Multiple exploits are circulating for CVE-2025-5777, a critical bug in Citrix NetScaler ADC and NetScaler Gateway dubbed CitrixBleed 2, and security analysts are warning a "significant portion" of users still haven't patched.…
The security bugs were found susceptible to exploitation in connection to the previously disclosed, critical CVE-2024-8963 vulnerability in the security vendor's Cloud Services Appliance (CSA).
Hackers leveraged a medium-severity security issue now identified as CVE-2023-37580 since June 29, nearly a month before the vendor addressed it in version 8.8.15 Patch 41of the software on July 25. [...]
Just a day after Cisco disclosed CVE-2023-20198, it remains unpatched, and one vendor says a Shodan scan shows at least 10,000 Cisco devices with an implant for arbitrary code execution on them. The vendor meanwhile has updated the advisory with more mitigation steps.
Just a day after Cisco disclosed CVE-2023-20198, it remains unpatched, and one vendor says a Shodan scan shows at least 10,000 Cisco devices with an implant for arbitrary code execution on them. The vendor meanwhile has updated the advisory with more mitigation steps.