Analyzes cyberattacks that target organizations through compromised suppliers, software updates, or third party components. Articles cover notable supply chain attack methods, detection techniques, prevention strategies, and how to build resilience against threats that exploit trusted vendor relationships.
posts
When Target lost 40 million credit card records in 2013, the attackers didn't breach Target directly. They compromised an HVAC vendor. Over a decade later, the playbook hasn't changed — it's just gotten more devastating. Third party vendor cybersecurity risk is now the single fastest-growing
In December 2020, cybersecurity firm FireEye disclosed that a threat actor had compromised SolarWinds' Orion software update mechanism, distributing malware to roughly 18,000 organizations — including the U.S. Treasury, the Department of Homeland Security, and Fortune 500 companies. The attackers didn't break down the front door.
When Trusted Software Becomes Your Biggest Threat In March 2022, researchers confirmed that threat actors had compromised the update mechanism for Asus software, ultimately pushing malware to nearly a million machines. The attackers hadn't built anything from scratch. They had removed legitimate code from a trusted update pipeline
In December 2020, security firm FireEye discovered that a routine software update from SolarWinds had been weaponized to infiltrate roughly 18,000 organizations — including the U.S. Treasury, the Department of Homeland Security, and multiple Fortune 500 companies. The attackers didn't kick down the front door. They walked
