Security news aggregator

Latest coverage for Vendor

Vendor security covers risks introduced by suppliers, including software flaws, exposed systems, and weak access to customer data.

189 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Vendor is an external organization that supplies an IT product or service, such as software, hardware, cloud hosting, or managed security. In security reporting, the term usually concerns a third party whose technology, personnel, or connectivity forms part of an organization’s environment or handles its data.

Vendor risk depends on the access and dependency involved. A compromised or poorly secured vendor can expose customer information, introduce vulnerabilities through software updates or components, or provide attackers with a route into connected systems. Practical controls include risk-based due diligence, contractual security and notification requirements, least-privilege access, vulnerability and software-supply-chain review, monitoring, and prompt removal of access when a relationship ends. Assessments should also address privacy obligations and how the vendor will support investigation and recovery if a security incident occurs.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 189 Filtered view

SaaS Observability Vendor Adds Real-Time Network Flow Telemetry to DNS IntelligenceInfoblox plans to acquire San Francisco-based network observability specialist Kentik to combine DNS, DHCP, asset intelligence and real-time network flow telemetry into a unified platform designed to help enterprises manage increasingly complex hybrid cloud and AI-driven environments.

Business Associates Tied to 50% of Breach Victims as AI-Aided Attacks LoomVendor incidents and hacks, especially data thefts and ransomware attacks, continue to plague the healthcare sector, accounting for the majority of major data breaches reported so far this year. The advent of AI tools in the hands of bad actors, will only heighten the threats, experts predict.

Bank Info Security 1 week, 2 days ago

How Cloud Security Risks Grow With Home-Based Care

As hospital-at-home programs expand and AI adoption accelerates, healthcare organizations face mounting cloud security demands. Anahi Santiago, CISO of ChristianaCare, discusses vendor accountability, identity management, clinical AI risks and the need for stronger cybersecurity foundations.

Diagnostics Lab Reported 10.3M Patients Affected by Collection Agency's HackMedical laboratory testing giant Labcorp has agreed to pay $35 million to settle class action litigation stemming from a 2018 hacking incident on now-defunct American Medical Collections Agency. Labcorp reported the vendor breach in 2019 as affecting nearly 10.3 million patients.

Bank Info Security 1 month, 1 week ago

Cyber Risk Contracts Have Become the Weakest Link

Attorney Jonathan Armstrong on AI, Vendor Consolidation and Personal LiabilityAs organizations outsource more crown jewels to third-party vendors and silently roll out AI, the old playbook of contracts and one-time due diligence is dangerously out of date, says Jonathan Armstrong, partner at Punter Southall Law.

Appeal Faces Steep Statistical Odds Given Previous Court RulingsPassengers affected by the July 2024 CrowdStrike outage are making a longshot bid to get their case reheard en banc, arguing that claims tied to the vendor's allegedly defective software update involve traditional negligence issues under state law rather than airline services.

Bank Info Security 1 month, 2 weeks ago

Why Firms Struggle With Vendor Security After They Sign

Study: Monitoring Vendor Risk Remains Much Harder Than Onboarding Third PartiesHealthcare organizations are getting better vetting third-party vendors, including suppliers of medical devices, software and other products. But once these vendors are on board, healthcare firms still struggle with monitoring their security posture and ensuring they keep their promises.

Bank Info Security 1 month, 3 weeks ago

Oncology Firm Says Vendor Hack Compromised Patient Data

Breach Is Among Several Recent Major Incidents Involving Billing Software ProvidersA publicly traded cancer treatment firm notified investors that a yet-undisclosed number of patients' information was compromised in a 2025 cybersecurity incident involving a third-party billing software vendor. The Oncology Institute provides cancer treatment care to nearly 2 million patients.

Bank Info Security 1 month, 3 weeks ago

New Jamf CEO Sees AI Advances as Apple Security Driver

CEO Beth Tschida: AI Developers' Apple Preference Could Strengthen Jamf's PositionChief Technology Officer Beth Tschida takes over as CEO of Minneapolis-based Jamf with a mandate to define how the Apple management and security vendor uses AI internally while helping CISOs govern shadow AI, identity and policy controls across enterprise Apple fleets.

Bank Info Security 1 month, 4 weeks ago

Public NYC Health System Notifying 1.8M of Hack

Incident Involved an Unnamed Third-Party VendorNew York City's municipal healthcare system is notifying nearly 2 million patients of a hacking incident discovered earlier this year involving a third-party vendor. The breach compromised a long list of information, including biometric data such as fingerprints.

Bank Info Security 2 months ago

AI-Built Zero-Day Nearly Powered Mass Attack

Google Says Criminals Used AI to Discover and Code ExploitA cybercriminal group came close to launching a mass attack earlier this year, armed with a software exploit that an AI model had built from scratch, said Google researchers. Google said it worked with the affected vendor to patch the flaw before an attack could be launched.

Vendor Details Mitigations, Promises Patched PAN-OS Software in Coming WeeksPalo Alto Networks warned that a critical vulnerability in the PAN-OS software that runs its firewalls is being actively exploited in the wild by attackers. The vendor detailed temporary mitigations and promised to release updated software to fully patch the flaw later this month.

Bank Info Security 2 months, 1 week ago

BlueVoyant Prepares SaaS Push Under New CEO John Hernandez

BlueVoyant Seeks to Expand Beyond MDR Clients Into Firms With Mature In-House SOCsBlueVoyant named John Hernandez - the former leader of Quest's Microsoft security business - as its next CEO to drive an agentic AI SaaS platform that expands the vendor beyond managed services and helps customers accelerate detection, response and supply-chain risk management.

Bank Info Security 2 months, 2 weeks ago

State CISOs Are Losing Confidence as AI Threats Surge

Tightening Budgets and AI-Enabled Attacks Stretch State Cyber DefensesState CISO confidence has collapsed, with just 22% saying their data is protected from cyberthreats. The 2026 NASCIO-Deloitte study points to AI-enabled attacks, third-party vendor risk and the worst budget picture in years as states rethink how they defend public data.

Bank Info Security 2 months, 3 weeks ago

Airbus Acquires Quarkslab to Counter AI Reverse Engineering

French Vendor's QShield Offering Protects Edge Systems From Reverse EngineeringAircraft manufacturer Airbus plans to acquire 100-person French cybersecurity vendor Quarkslab to strengthen sovereign European defenses by protecting aerospace and defense software, data and edge systems from AI-driven reverse engineering and exploitation.

Playbook Aims to Help Healthcare, Public Sector Manage AI Vendor Security GapsThe Health Sector Coordinating Council released guidance to help the healthcare and public health sector better manage the explosion of third-party AI vendor cyber risk concerns they face, especially as the technology is embedded in all sorts of products.

Former DoD CIO Beavers on Ethics, Reliability and AI as a National Security ToolAs AI is increasingly used in defense operations, a critical question emerges: Who controls the system - the military or the model? Former DoD CIO Leslie Beavers explores challenges related to ethics and reliability, vendor risk, and autonomy as AI tools become key combatants in modern warfare.

Bank Info Security 3 months, 1 week ago

New eSentire CEO Pursues AI-Driven Managed Security Shift

James Foster Points to Agentic Security and Need for Customers to Outsource DefenseCEO James Foster says managed detection and response is evolving into an AI-powered agentic model as enterprises face faster AI-driven threats. He stresses balancing automation with human expertise while positioning eSentire as a vendor-neutral platform integrating best-of-breed security tools.

Vendor Issues Hotfix for Critical Flaw in FortiClient Endpoint Management ServerFortinet's endpoint management security server software is under fire from attackers, who are actively targeting two critical flaws, including a fresh zero-day that facilitates unauthenticated remote code or command execution. The vendor has issued a hotfix and promised a full patch.

Loading more headlines...