ADVISORIES & THREAT INTEL

ZDNet identified six free Android Auto applications that extend navigation capabilities to off‑road, RV, and outdoor travel scenarios. The brief outlines privacy and supply‑chain considerations for enterprises allowing employee use of these apps.

Europol and international partners have taken down AudiA6, a cryptocurrency mixing service that laundered over €336 million for ransomware operators between 2022 and 2025. The operation seized servers, domains, and frozen crypto assets, exposing a sophisticated money‑mule network that threatens any organisation that relies on third‑party crypto payment services.

Comcast Business unveiled SecurityEdge Preferred, a network‑native security service that can be activated in minutes and blocks malware, ransomware, phishing, and botnets at the edge. The solution targets small‑business customers lacking dedicated security staff, offering a simplified, managed protection layer.

ZeroFox unveiled AI Analytics, a SaaS capability that gives security teams instant, query‑driven insight into external threat data and automates executive reporting, streamlining third‑party risk monitoring.

Researchers uncovered ~1.5 M malicious domains registered in early 2026, with most created by threat actors and quickly activated. Activity is dominated by a small set of registrars, .com/.top/.cc/.xyz TLDs, and Cloudflare‑hosted IPs, presenting a systemic risk for organizations relying on these third‑party services.

New research flags frontier‑AI data centers as critical national assets that adversaries can locate, measure, and degrade via cyber or kinetic means, creating supply‑chain risk for cloud and AI‑dependent enterprises.

Avast launched the free Avast One suite with an AI‑driven Scam Guardian that can analyze screenshots of suspicious messages, flag phishing attempts, and guide users on remediation. The feature, available on Windows, macOS, Android and iOS, strengthens endpoint security for both personal and corporate devices, a key consideration for third‑party risk managers.

ETSI has released the initial technical specifications for the European Digital Identity Wallet, covering attestation, certificate policies, remote signing and data preservation. The standards set a common security baseline for any third‑party service that will integrate with the wallet, impacting government, finance, healthcare and other sectors across the EU.

Six security vendors released AI‑enhanced tools this week, ranging from automated Active Directory attack simulations to continuous identity‑trust platforms. The announcements signal a shift toward automated, on‑premise, and AI‑governed security controls that third‑party risk managers should evaluate in supplier contracts.

Phishing attempts fell 20 % this quarter, yet AI‑driven content is boosting click‑through rates, heightening credential‑theft risk for third‑party relationships. Organizations must tighten email‑security controls and reassess vendor risk.

Kyushu Electric Power Co. reported that an external backup drive storing personal information for up to 10.9 million customers was lost after the cabinet protecting it was left unlocked. The incident highlights the critical need for robust physical‑security controls in third‑party environments.

A proposed 69,220‑sq‑ft data center adjacent to the Nashville Zoo has sparked a massive public petition and celebrity outcry, forcing city officials to reevaluate zoning. The backlash underscores the importance of assessing community and environmental risk when onboarding cloud‑infrastructure providers.

"AI can make mistakes" isn't a good enough legal defense for defamatory or incorrect AI Overviews, a German court has ruled.

Microsoft has temporarily limited internal access to Anthropic’s Claude Fable 5 as its legal team examines the vendor’s 30‑day data‑retention policy. The action underscores the need for organizations to scrutinize AI‑service contracts for privacy and compliance implications.

Proofpoint has been accepted into Europol’s EC3 Advisory Group on Internet Security (AGIS), a forum that unites top cyber‑security firms with law‑enforcement to share intelligence and accelerate disruption of trans‑national threats. The partnership enhances visibility into emerging attacks and demonstrates the vendor’s commitment to collaborative defense—key considerations for third‑party risk managers.

Sam’s Club launched a series of steep discounts on TVs, laptops, tablets, appliances, and other consumer goods to rival Amazon’s Prime Day, offering savings of up to 50 %. The promotion may affect procurement contracts and supply‑chain risk assessments for organizations that source through the retailer.

Criminals are posting fake software‑unlock tutorials on TikTok and Instagram Reels that lead to the Vidar infostealer. The malware harvests credentials and financial data, posing a significant third‑party risk for organizations whose employees consume social media on corporate devices.

A HackRead investigation reveals that insufficient software testing leaves hidden flaws, vulnerable third‑party libraries, and weak controls in production, raising breach risk and remediation costs for organizations that depend on third‑party software.

Generative AI is collapsing the months‑long buffer that traditional vulnerability management relied on, forcing security leaders to reallocate spend toward continuous Breach and Attack Simulation platforms. This shift has direct implications for third‑party risk, as vendors must demonstrate faster remediation and proactive testing.

Apple and Google have three months to block nude images on children's phones. They're not allowed to collect any data while they do it.

The FBI seized 13 domains used by suspected Chinese intelligence to recruit U.S. government and military personnel with security clearances. The operation employed fake consulting firms, AI‑generated personas, and encrypted messaging to solicit classified information, highlighting a novel supply‑chain espionage vector for TPRM teams.