Skip to content

Third Party Risk

Find below interesting blogs on third party risk management

SonicWall cloud backup hack leading to Marquis ransomware attack

Date of Incident: August 2025 Overview: In August 2025, a breach involving SonicWall’s cloud backup led to a ransomware attack on Marquis Software Systems, significantly impacting numerous US banks and credit unions. The attack exploited vulnerabilities in SonicWall’s firewall management system. Threat actors gained unauthorized access, stole firewall configuration files, and used them for lateral… Read More »SonicWall cloud backup hack leading to Marquis ransomware attack

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 2 Dec – 10 Dec 2025

From December 2-10, 2025, disclosures around an Oracle E‑Business Suite campaign, a large third‑party fintech breach, and several sector‑specific data exposures highlighted how platform and vendor compromises are driving multi‑organization risk. University of Phoenix confirmed a significant Oracle EBS breach tied to CVE‑2025‑61882, Marquis Software’s ransomware breach impacted over 74 U.S. banks and credit unions,… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 2 Dec – 10 Dec 2025

Harvard University Alumni Affairs and Development Systems Data Breach

Date of Incident: November 18, 2025 Overview: The Harvard University Alumni Affairs and Development systems experienced a data breach on November 18, 2025, which exposed personal information of students, alumni, donors, staff, and faculty, including contact details and event records. While sensitive financial and security details remained secure, attackers gained unauthorized access using phishing techniques… Read More »Harvard University Alumni Affairs and Development Systems Data Breach

Iberia Customer Data Leak

Date of Incident: 2024-04 Overview: The Iberia Customer Data Leak, reported on November 23, 2025, involved unauthorized access to a third-party vendor’s system supporting Iberia in April 2024. This breach exposed customer names, email addresses, and loyalty card IDs but did not compromise login credentials, passwords, or payment card information. The attack leveraged vulnerabilities and… Read More »Iberia Customer Data Leak

GlobalLogic Oracle E-Business Suite Data Breach

Date of Incident: 2025-10-09 Overview: GlobalLogic experienced a significant data breach involving their Oracle E-Business Suite on October 9, 2025. This breach led to the theft of personal information from 10,471 current and former employees, including sensitive data like passport details and bank information. Attackers exploited vulnerabilities using SQL injection and network sniffing techniques to… Read More »GlobalLogic Oracle E-Business Suite Data Breach

Use Cases
Technology
About
Partner
Resources

FireCompass – An EC Council Ecosystem Company.
©2025 . All Rights Reserved.