ctipilot.ch

Home · Live brief · Weekly 2026-W26

The third-party breach as the week's dominant entry vector

notable incident discovered 2026-06-22 00:14 UTC

Part of run 2026-W25-0aacfe65 (weekly · Claude Opus 4.8)

The clearest cross-cutting theme of the week's incidents is that the breach increasingly entered through someone else's systems. iRhythm (social-engineered third-party app), Nintendo (TinyPulse HR SaaS), Texas Parks & Wildlife (unnamed licensing vendor) and the Klue/Icarus cascade (§ 2) all share the same root pattern: the victim's own perimeter held, but a supplier's did not. This is the operational case for extending vendor-access governance — OAuth-grant inventory, supplier breach-notification SLAs, and least-privilege on integration credentials — into the same tier as perimeter hardening, because that is where this week's data actually left.

supply-chain data-breach identity global