DATE: June 3, 2026 at 07:24AM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

Why #Healthcare Firms Struggle With #ThirdParty Vendor #Security #RiskManagement After They Sign Contracts https://t.co/ah31zaOeR8 #TPRM #vendorrisk

Here are any URLs found in the article text:

https://t.co/ah31zaOeR8

Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

Anthropic spent months carefully gatekeeping access to Mythos, their most capable AI model, while limiting access only to a small group of vetted companies for defensive cybersecurity testing. Then a private online forum got in anyway, through a third-party vendor, on the same day the controlled program was announced.

That's the part worth sitting with. Not the model. The vendor. Third-party vendors... It's always the the 3td party vendor. 🤦🏻‍♂️ You can build the most carefully controlled AI release program in the industry, and one weak link in your supply chain burns it down. We keep having this conversation about AI safety and regulation, and we keep forgetting that the threat surface isn't just the model. It's every partner, every integration, every environment touching it. 🔗 Everything's connected. Everything.

🤔 Ask yourself: how many third parties have access to your most sensitive systems right now? Do you actually know?
⚠️ Vendor risk management isn't a compliance checkbox. It's where your security posture actually lives or dies.

https://www.yahoo.com/news/articles/anthropics-mythos-model-accessed-unauthorized-214920132.html
#Cybersecurity #AI #VendorRisk #InfoSec #RiskManagement #security #privacy #cloud #infosec

Anthropic launches Code Review at $15-25 per pull request, completing a vertical integration play across code generation, review, and security. Their own engineers tripled output using Claude, creating demand for AI-powered oversight. Meanwhile, Pentagon supply chain designation creates new vendor risk considerations for enterprise buyers weighing the full-stack approach. #AICodeReview #EnterpriseAI #VendorRisk

https://www.implicator.ai/anthropic-built-the-highway-now-its-selling-the-guardrails/

A security incident involving restaurant technology provider HungerRush highlights the growing risk of compromised communication infrastructure.

A threat actor sent extortion emails to restaurant patrons, claiming access to millions of data records associated with the HungerRush platform.

Technical observations include:
• Emails delivered through Twilio SendGrid infrastructure
• Messages passed SPF, DKIM, and DMARC authentication checks
• Access was reportedly gained via compromised third-party vendor credentials
HungerRush states the incident was limited to an email marketing service account, and that no passwords, payment card information, or sensitive personal data were exposed.

The event demonstrates how attackers can leverage trusted messaging infrastructure to launch extortion or phishing campaigns at scale.

Source: https://www.bleepingcomputer.com/news/security/hacker-mass-mails-hungerrush-extortion-emails-to-restaurant-patrons/

How should organizations better secure email platforms and vendor integrations within SaaS environments?

Share your insights in the comments and follow TechNadu for more cybersecurity threat intelligence and breach coverage.

#InfoSec #CyberSecurity #EmailSecurity #VendorRisk #ThreatIntelligence #DataSecurity #SecurityOperations #CyberThreats #SupplyChainSecurity

ShinyHunters has listed a 1.67 GB JSON dataset allegedly containing 600K+ customer records tied to Canada Goose.
Reported by BleepingComputer.

Dataset reportedly includes:
• checkout_id, cart_token schema indicators
• Shipping lines & order values
• IP telemetry
• Device/browser metadata
• Partial PAN (BIN + last four)
• Authorization metadata
No full card numbers observed in samples.

Canada Goose states no evidence of breach of its own systems; attackers claim third-party processor origin.
Security implications:
• BIN + last four enable targeted card fraud attempts
• Order value profiling identifies high-value targets
• IP/device metadata aids social engineering
• Historical datasets still carry active fraud potential
Is vendor risk management keeping pace with SaaS-based commerce stacks?

Source: https://www.bleepingcomputer.com/news/security/canada-goose-investigating-as-hackers-leak-600k-customer-records/

Engage below.
Follow @technadu for advanced threat analysis.

#ThreatIntel #DataLeak #VendorRisk #RetailSecurity #FraudPrevention #Infosec #CloudSecurity #DataExposure #ShinyHunters #CyberDefense #PrivacyEngineering

AI-driven fraud has moved from isolated scams to machine-scale impersonation — and many enterprise defenses haven’t caught up.

In an exclusive interview with MoveTheNeedle.news, Trustpair CEO Baptiste Collot explains why manual controls like callbacks and email confirmations are failing, where fraud exploits operational change, and why continuous validation is becoming a baseline requirement.

📖 https://www.movetheneedle.news/brands/ai-powered-fraud-is-outpacing-enterprise-defenses--trustpair-warns/

#AI #fraud #technology #innovation #nacha2026 #vendorrisk

Vendor risk, insider failures, AI abuse & record DDoS activity defined this week’s threat landscape.

Full breakdown:
https://www.technadu.com/vetting-the-gaps-vendor-risk-grows-vacancies-rise-and-security-talent-waits-outside/619436/

#InfoSec #VendorRisk #ThreatIntel #CyberDefense

Fake employees and compromised contractors are forcing organizations to rethink vendor vetting, hiring security, and identity controls.

Our team is seeing more incidents where attackers don’t exploit vulnerabilities—they exploit trust. In the latest Cyberside Chats episode, @sherridavidoff and @MDurrin unpack Amazon’s recent incident in which a North Korean IT worker was detected through behavioral anomalies and a Russian state-sponsored campaign abusing trusted infrastructure and edge devices.

Watch or listen to hear why hiring workflows, contractors, credentials, and edge devices are now part of your attack surface and what to do about it.

Watch the video: https://youtu.be/WE8p9I3uUuA

Listen to the podcast: https://www.chatcyberside.com/e/amazon-s-deepfake-hire-and-a-5-year-espionage-campaign-what-happened/

#LMGSecurity #CybersideChats #IdentitySecurity #VendorRisk #InitialAccess #ZeroTrust #SecurityLeadership