Categories Cybersecurity

71% of CISOs hit with third-party security incident this year

  • By John Leyden
  • Estimated read time 1 min read
  • September 14, 2025
71% of CISOs hit with third-party security incident this year

Once a software development pipeline itself is compromised, every customer downstream inherits that risk.

The best defense is to get a clear picture of your entire software supply chain — its assets, tools, pathways, and controls — and then work to ensure the proper guardrails are in place, according to Joe Nicastro, field CTO at application security firm Legit Security.

“We still see build pipelines misconfigured, third-party code and packages flowing in without checks, and SBOMs treated as one-off documents instead of living inventories,” Nicastro tells CSO.

Tags

Written By

John Leyden

More From Author

D&O liability protection rising for security leaders — unless you’re a midtier CISO

D&O liability protection rising for security leaders — unless youre a midtier CISO

  • December 18, 2025
15 years in, zero trust remains elusive — with AI rising to complicate the challenge

15 years in, zero trust remains elusive — with AI rising to complicate the challenge

  • December 5, 2025
Alliances between ransomware groups tied to recent surge in cybercrime

Alliances between ransomware groups tied to recent surge in cybercrime

  • November 26, 2025

You May Also Like

Figure 1. NosyDoor execution chain 1

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

  • December 20, 2025
Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

  • December 20, 2025
Iranian APT Prince of Persia returns with new malware and C2 infrastructure

Iranian APT Prince of Persia returns with new malware and C2 infrastructure

  • December 19, 2025